ruby: first draft qhelp plus some tweaks

yoff · yoff · commit 51ecf4888c9a · 2025-01-14T17:27:00.000+01:00
diff --git a/ruby/ql/src/queries/performance/CouldBeAsync.qhelp b/ruby/ql/src/queries/performance/CouldBeAsync.qhelp
@@ -0,0 +1,24 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+
+<overview>
+<p>
+When an AcriveRecord query is executed synchronously, the application is blocked until the query completes. This can lead to poor performance, especially when the query is slow or when many queries are executed in sequence. This query identifies ActiveRecord queries that could be executed asynchronously to improve performance.
+Specifically, this query identifies ActiveRecord queries that are executed in a loop. If each query is independent of the others, the queries could be executed in parallel by using the built-in Ruby <code>load_async</code> method.
+In those cases, where the query includes a <code>pluck</code> call, the query could be executed asynchronously by using the <code>async_pluck</code> method.
+</p>
+</overview>
+<recommendation>
+<p>If possible, split the loop into two. The first creates a map of promises resolving to the async query results. The second runs throuhg this map, waiting on each promise, and does whatever the original loop did with the result of the query.</p>
+</recommendation>
+<example>
+<p>The following (suboptimal) example code executes a series of ActiveRecord queries in a loop. The queries are independent of each other, so they could be executed in parallel to improve performance.</p>
+<sample src="examples/straight_loop.rb" />
+<p>To be able to fetch the necessary information asynchronously, we first pull it out into its own (implicit) loop:
+<sample src="examples/preload.rb" />
+<p>We can now use the <code>async_pluck</code> method to execute the queries in parallel.</p>
+<sample src="examples/async_pluck.rb" />
+</example>
+</qhelp>
diff --git a/ruby/ql/src/queries/performance/CouldBeAsync.ql b/ruby/ql/src/queries/performance/CouldBeAsync.ql
@@ -1,26 +1,21 @@
 /**
- * @id ruby/could-be-async
+ * @name Could be async
+ * @description Use `ActiveRecord::Relation#load_async` to load records asynchronously.
  * @kind problem
  * @problem.severity info
- * @problem.description Use `ActiveRecord::Relation#load_async` to load records asynchronously.
+ * @precision high
+ * @id rb/could-be-async
+ * @tags performance
  */
 
 import ruby
-// private import codeql.ruby.CFG
 import codeql.ruby.Concepts
 import codeql.ruby.frameworks.ActiveRecord
 
-// collection.each { |item| expensiveCall(item) }
-predicate expensiveCall(DataFlow::CallNode c) { c instanceof SqlExecution }
-
 string loopMethodName() {
-  // TODO: check these
   result in [
       "each", "reverse_each", "map", "map!", "foreach", "flat_map", "in_batches", "one?", "all?",
       "collect", "collect!", "select", "select!", "reject", "reject!"
-      // , "collect", "select", "reject", "find_all", "find",
-      // "detect", "any?", "all?", "one?", "none?", "one", "none", "min", "max", "minmax", "min_by",
-      // "max_by", "minmax_by", "sort", "sort_by", "sort_by!", "sort"
     ]
 }
 
@@ -51,38 +46,22 @@ predicate happensInInnermostLoop(LoopingCall loop, DataFlow::CallNode e) {
   not happensInOuterLoop(loop, e)
 }
 
-// Active Record
-private class LoadElementsCall extends ActiveRecordInstanceMethodCall {
-  LoadElementsCall() {
-    this.getMethodName() in ["latest", "find_by", "where", "count", "find"] and
-    not any(PluckCall p).chaines() = this
-  }
-}
-
 private class PluckCall extends ActiveRecordInstanceMethodCall {
   PluckCall() { this.getMethodName() in ["pluck"] }
 
-  ActiveRecordInstanceMethodCall chaines() { result = getChain(this.getInstance()) }
+  ActiveRecordInstance chaines() { result = getChain(this) }
 }
 
-private ActiveRecordInstanceMethodCall getChain(ActiveRecordInstanceMethodCall c) {
-  result = c
+private ActiveRecordInstance getChain(ActiveRecordInstanceMethodCall c) {
+  result = c.getInstance()
   or
   result = getChain(c.getInstance())
 }
 
-ActiveRecordInstanceMethodCall longChain(ActiveRecordInstanceMethodCall c) {
-  2 < strictcount(ActiveRecordInstanceMethodCall ch | ch = getChain(c)) and
-  result = getChain(c) and
-  result != c
-}
-
-ActiveRecordInstanceMethodCall pluckChain(PluckCall c) { result = longChain(c) }
-
-// from LoopingCall loopCall
-// select loopCall, loopCall.getLoopBlock()
 from LoopingCall loop, DataFlow::CallNode call, string message
 where
+  not call.getLocation().getFile().getAbsolutePath().matches("%test%") and
+  not call = any(PluckCall p).chaines() and
   happensInInnermostLoop(loop, call) and
   (
     call instanceof ActiveRecordModelFinderCall and
diff --git a/ruby/ql/src/queries/performance/examples/async_pluck.rb b/ruby/ql/src/queries/performance/examples/async_pluck.rb
@@ -0,0 +1,16 @@
+require 'async_pluck'
+
+# Preload User data in parallel
+user_data = User.where(login: repo_names_by_owner.keys).async_pluck(:login, :id, :type).to_h do |login, id, type|
+  [login, { id: id, type: type == "User" ? "USER" : "ORGANIZATION" }]
+end
+
+repo_names_by_owner.each do |owner_slug, repo_names|
+  owner_info = user_data[owner_slug]
+  owner_id = owner_info[:id]
+  owner_type = owner_info[:type]
+  rel_conditions = { owner_id: owner_id, name: repo_names }
+
+  nwo_rel = nwo_rel.or(RepositorySecurityCenterConfig.where(rel_conditions)) unless neg
+  nwo_rel = nwo_rel.and(RepositorySecurityCenterConfig.where.not(rel_conditions)) if neg
+end
diff --git a/ruby/ql/src/queries/performance/examples/preload.rb b/ruby/ql/src/queries/performance/examples/preload.rb
@@ -0,0 +1,14 @@
+# Preload User data
+user_data = User.where(login: repo_names_by_owner.keys).pluck(:login, :id, :type).to_h do |login, id, type|
+    [login, { id: id, type: type == "User" ? "USER" : "ORGANIZATION" }]
+  end
+  
+  repo_names_by_owner.each do |owner_slug, repo_names|
+    owner_info = user_data[owner_slug]
+    owner_id = owner_info[:id]
+    owner_type = owner_info[:type]
+    rel_conditions = { owner_id: owner_id, name: repo_names }
+  
+    nwo_rel = nwo_rel.or(RepositorySecurityCenterConfig.where(rel_conditions)) unless neg
+    nwo_rel = nwo_rel.and(RepositorySecurityCenterConfig.where.not(rel_conditions)) if neg
+  end
diff --git a/ruby/ql/src/queries/performance/examples/straight_loop.rb b/ruby/ql/src/queries/performance/examples/straight_loop.rb
@@ -0,0 +1,8 @@
+repo_names_by_owner.map do |owner_slug, repo_names|
+    owner_id, owner_type = User.where(login: owner_slug).pluck(:id, :type).first
+    owner_type = owner_type == "User" ? "USER" : "ORGANIZATION"
+    rel_conditions = { owner_id: owner_id, name: repo_names }
+
+    nwo_rel = nwo_rel.or(RepositorySecurityCenterConfig.where(rel_conditions)) unless neg
+    nwo_rel = nwo_rel.and(RepositorySecurityCenterConfig.where.not(rel_conditions)) if neg
+  end
