ruby: more tweaking

I opened up `ActiveRecordModelFinderCall` to be public

Author: yoff

ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll

@@ -352,8 +352,7 @@ private Expr getUltimateReceiver(MethodCall call) {
 }
 
 // A call to `find`, `where`, etc. that may return active record model object(s)
-private class ActiveRecordModelFinderCall extends ActiveRecordModelInstantiation, DataFlow::CallNode
-{
+class ActiveRecordModelFinderCall extends ActiveRecordModelInstantiation, DataFlow::CallNode {
   private ActiveRecordModelClass cls;
 
   ActiveRecordModelFinderCall() {

ruby/ql/src/queries/performance/CouldBeAsync.ql

@@ -0,0 +1,95 @@
+/**
+ * @id ruby/could-be-async
+ * @kind problem
+ * @problem.severity info
+ * @problem.description Use `ActiveRecord::Relation#load_async` to load records asynchronously.
+ */
+
+import ruby
+// private import codeql.ruby.CFG
+import codeql.ruby.Concepts
+import codeql.ruby.frameworks.ActiveRecord
+
+// collection.each { |item| expensiveCall(item) }
+predicate expensiveCall(DataFlow::CallNode c) { c instanceof SqlExecution }
+
+string loopMethodName() {
+  // TODO: check these
+  result in [
+      "each", "reverse_each", "map", "map!", "foreach", "flat_map", "in_batches", "one?", "all?",
+      "collect", "collect!", "select", "select!", "reject", "reject!"
+      // , "collect", "select", "reject", "find_all", "find",
+      // "detect", "any?", "all?", "one?", "none?", "one", "none", "min", "max", "minmax", "min_by",
+      // "max_by", "minmax_by", "sort", "sort_by", "sort_by!", "sort"
+    ]
+}
+
+class LoopingCall extends DataFlow::CallNode {
+  DataFlow::CallableNode loopBlock;
+
+  LoopingCall() {
+    this.getMethodName() = loopMethodName() and loopBlock = this.getBlock().asCallable()
+  }
+
+  DataFlow::CallableNode getLoopBlock() { result = loopBlock }
+}
+
+predicate happensInLoop(LoopingCall loop, DataFlow::CallNode e) {
+  loop.getLoopBlock().asCallableAstNode() = e.asExpr().getScope()
+}
+
+// predicate directLoop(@ruby_while)
+predicate happensInOuterLoop(LoopingCall outerLoop, DataFlow::CallNode e) {
+  exists(LoopingCall innerLoop |
+    happensInLoop(outerLoop, innerLoop) and
+    happensInLoop(innerLoop, e)
+  )
+}
+
+predicate happensInInnermostLoop(LoopingCall loop, DataFlow::CallNode e) {
+  happensInLoop(loop, e) and
+  not happensInOuterLoop(loop, e)
+}
+
+// Active Record
+private class LoadElementsCall extends ActiveRecordInstanceMethodCall {
+  LoadElementsCall() {
+    this.getMethodName() in ["latest", "find_by", "where", "count", "find"] and
+    not any(PluckCall p).chaines() = this
+  }
+}
+
+private class PluckCall extends ActiveRecordInstanceMethodCall {
+  PluckCall() { this.getMethodName() in ["pluck"] }
+
+  ActiveRecordInstanceMethodCall chaines() { result = getChain(this.getInstance()) }
+}
+
+private ActiveRecordInstanceMethodCall getChain(ActiveRecordInstanceMethodCall c) {
+  result = c
+  or
+  result = getChain(c.getInstance())
+}
+
+ActiveRecordInstanceMethodCall longChain(ActiveRecordInstanceMethodCall c) {
+  2 < strictcount(ActiveRecordInstanceMethodCall ch | ch = getChain(c)) and
+  result = getChain(c) and
+  result != c
+}
+
+ActiveRecordInstanceMethodCall pluckChain(PluckCall c) { result = longChain(c) }
+
+// from LoopingCall loopCall
+// select loopCall, loopCall.getLoopBlock()
+from LoopingCall loop, DataFlow::CallNode call, string message
+where
+  happensInInnermostLoop(loop, call) and
+  (
+    call instanceof ActiveRecordModelFinderCall and
+    not call.getMethodName() in ["new", "create"] and
+    message = "could be chained with load_async"
+    or
+    call instanceof PluckCall and
+    message = "could be async_pluck"
+  )
+select call, "This call happens inside $@, and " + message, loop, "this loop"