ruby: first sketches

Author: yoff

ruby/ql/src/queries/performance/CouldBebatched.ql

@@ -0,0 +1,49 @@
+/**
+ * @id dsl/could-be-batched
+ * @kind problem
+ * @problem.severity info
+ * @problem.type CodeSmell
+ * @problem.description Use `ActiveRecord::Relation#in_batches` to process records in batches.
+ * @problem.links https://api.rubyonrails.org/classes/ActiveRecord/Batches/ClassMethods.html#method-i-in_batches
+ */
+
+import ruby
+// private import codeql.ruby.CFG
+import codeql.ruby.Concepts
+import codeql.ruby.frameworks.ActiveRecord
+
+// collection.each { |item| expensiveCall(item) }
+predicate expensiveCall(DataFlow::CallNode c) { c instanceof SqlExecution }
+
+string loopMethodName() {
+  // TODO: check these
+  result in ["each", "map", "foreach", "flat_map", "do"]
+}
+
+class LoopingCall extends DataFlow::CallNode {
+  DataFlow::CallableNode loopBlock;
+
+  LoopingCall() {
+    this.getMethodName() = loopMethodName() and loopBlock = this.getBlock().asCallable()
+  }
+
+  DataFlow::CallableNode getLoopBlock() { result = loopBlock }
+}
+
+predicate happensInLoop(DataFlow::CallNode e) {
+  any(LoopingCall loop).getLoopBlock().asCallableAstNode() = e.asExpr().getScope()
+}
+
+// Active Record
+/** A call to e.g. `user.update_attribute(name, "foo")` */
+private class LoadElementsCall extends ActiveRecordInstanceMethodCall {
+  LoadElementsCall() { this.getMethodName() in ["latest", "find_by", "where"] }
+}
+
+// from LoopingCall loopCall
+// select loopCall, loopCall.getLoopBlock()
+from DataFlow::CallNode call
+where
+  happensInLoop(call) and //and expensiveCall(call)
+  call instanceof LoadElementsCall
+select call, "This call happens in a loop"