github
diff --git a/‎docs/codeql/codeql-language-guides/abstract-syntax-tree-classes-for-working-with-ruby-programs.rst
Lines changed: 655 additions & 0 deletions b/‎docs/codeql/codeql-language-guides/abstract-syntax-tree-classes-for-working-with-ruby-programs.rst
Lines changed: 655 additions & 0 deletions
diff --git a/‎docs/codeql/codeql-language-guides/analyzing-data-flow-in-ruby.rst
Lines changed: 393 additions & 0 deletions b/‎docs/codeql/codeql-language-guides/analyzing-data-flow-in-ruby.rst
Lines changed: 393 additions & 0 deletions
diff --git a/‎docs/codeql/codeql-language-guides/basic-query-for-ruby-code.rst
Lines changed: 1 addition & 1 deletion b/‎docs/codeql/codeql-language-guides/basic-query-for-ruby-code.rst
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/codeql/codeql-language-guides/codeql-for-ruby.rst
Lines changed: 8 additions & 1 deletion b/‎docs/codeql/codeql-language-guides/codeql-for-ruby.rst
Lines changed: 8 additions & 1 deletion
diff --git a/‎docs/codeql/codeql-language-guides/using-api-graphs-in-ruby.rst
Lines changed: 185 additions & 0 deletions b/‎docs/codeql/codeql-language-guides/using-api-graphs-in-ruby.rst
Lines changed: 185 additions & 0 deletions
diff --git a/‎docs/codeql/query-help/codeql-cwe-coverage.rst
Lines changed: 0 additions & 1 deletion b/‎docs/codeql/query-help/codeql-cwe-coverage.rst
Lines changed: 0 additions & 1 deletion
diff --git a/‎docs/codeql/query-help/index.rst
Lines changed: 0 additions & 2 deletions b/‎docs/codeql/query-help/index.rst
Lines changed: 0 additions & 2 deletions
diff --git a/‎docs/codeql/reusables/ruby-beta-note.rst
Lines changed: 0 additions & 4 deletions b/‎docs/codeql/reusables/ruby-beta-note.rst
Lines changed: 0 additions & 4 deletions
@@ -80,7 +80,7 @@ After the initial ``import`` statement, this simple query comprises three parts
 +---------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------+
 | Query part                                                    | Purpose                                                                                                           | Details                                                                                                                |
 +===============================================================+===================================================================================================================+========================================================================================================================+
-| ``import codeql.ruby.AST``                                    | Imports the standard CodeQL AST libraries for Ruby.                                                                   | Every query begins with one or more ``import`` statements.                                                         |
+| ``import codeql.ruby.AST``                                    | Imports the standard CodeQL AST libraries for Ruby.                                                               | Every query begins with one or more ``import`` statements.                                                             |
 +---------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------------------------+
 | ``from IfExpr ifexpr``                                        | Defines the variables for the query.                                                                              | We use: an ``IfExpr`` variable for ``if`` expressions.                                                                 |
 |                                                               | Declarations are of the form:                                                                                     |                                                                                                                        |
 
@@ -10,9 +10,16 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
 
    basic-query-for-ruby-code
    codeql-library-for-ruby
+   abstract-syntax-tree-classes-for-working-with-ruby-programs
+   analyzing-data-flow-in-ruby
+   using-api-graphs-in-ruby
 
 -  :doc:`Basic query for Ruby code <basic-query-for-ruby-code>`: Learn to write and run a simple CodeQL query using LGTM.
 
 -  :doc:`CodeQL library for Ruby <codeql-library-for-ruby>`: When you're analyzing a Ruby program, you can make use of the large collection of classes in the CodeQL library for Ruby.
 
-.. include:: ../reusables/ruby-beta-note.rst
+-  :doc:`Analyzing data flow in Ruby <analyzing-data-flow-in-ruby>`: You can use CodeQL to track the flow of data through a Ruby program to places where the data is used.
+
+-  :doc:`Using API graphs in Ruby <using-api-graphs-in-ruby>`: API graphs are a uniform interface for referring to functions, classes, and methods defined in external libraries.
+
+-  :doc:`Abstract syntax tree classes for working with Ruby programs <abstract-syntax-tree-classes-for-working-with-ruby-programs>`: CodeQL has a large selection of classes for representing the abstract syntax tree of Ruby programs.
@@ -0,0 +1,185 @@
+.. _using-api-graphs-in-ruby:
+
+Using API graphs in Ruby
+==========================
+
+API graphs are a uniform interface for referring to functions, classes, and methods defined in
+external libraries.
+
+About this article
+------------------
+
+This article describes how you can use API graphs to reference classes and functions defined in library
+code. API graphs are particularly useful when you want to model the remote flow sources available from external library functions.
+
+
+Module and class references
+---------------------------
+
+The most common entry point into the API graph is when a top-level module or class is accessed. 
+For example, you can access the API graph node corresponding to the ``::Regexp`` class
+by using the ``API::getTopLevelMember`` method defined in the ``codeql.ruby.ApiGraphs`` module, as the
+following snippet demonstrates.
+
+.. code-block:: ql
+
+    import codeql.ruby.ApiGraphs
+
+    select API::getTopLevelMember("Regexp")
+
+The example above finds references to a top-level class. For nested
+modules and classes, you can use the ``getMember`` method. For example the following query selects
+references to the ``Net::HTTP`` class.
+
+.. code-block:: ql
+
+    import codeql.ruby.ApiGraphs
+
+    select API::getTopLevelMember("Net").getMember("HTTP")
+
+Note that you should specify module names without ``::`` symbols. If you write ``API::getTopLevelMember("Net::HTTP")``, it will not do what you expect. Instead, you need to decompose this name
+into an access of the ``HTTP`` member of the API graph node for ``Net``, as shown in the example above.
+
+Calls and class instantiations
+------------------------------
+
+To track the calls of externally defined functions, you can use the ``getMethod`` method. The
+following snippet finds all calls of ``Regexp.compile``:
+
+.. code-block:: ql
+
+    import codeql.ruby.ApiGraphs
+
+    select API::getTopLevelMember("Regexp").getMethod("compile")
+
+The example above is for a call to a class method. Tracking calls to instance methods, is a two-step
+process, first you need to find instances of the class before you can find the calls
+to methods on those instances. The following snippet finds instantiations of the ``Regexp`` class:
+
+.. code-block:: ql
+
+    import codeql.ruby.ApiGraphs
+
+    select API::getTopLevelMember("Regexp").getInstance()
+
+Note that the ``getInstance`` method also includes subclasses. For example if there is a 
+``class SpecialRegexp < Regexp`` then ``getInstance`` also finds ``SpecialRegexp.new``.
+
+The following snippet builds on the above to find calls of the ``Regexp#match?`` instance method:
+
+.. code-block:: ql
+
+    import codeql.ruby.ApiGraphs
+
+    select API::getTopLevelMember("Regexp").getInstance().getMethod("match?")
+
+Subclasses
+----------
+
+Many libraries are used by extending one or more library classes. To track this
+in the API graph, you can use the ``getASubclass`` method to get the API graph node corresponding to
+the immediate subclasses of a node. To find *all* subclasses, use ``*`` or ``+`` to apply the
+method repeatedly. You can see an example where all subclasses are identified using ``getASubclass*`` below.
+
+Note that ``getASubclass`` can only return subclasses that are extracted as part of the CodeQL database 
+that you are analyzing. When libraries have predefined subclasses, you will need to explicitly include them in your model.
+For example, the ``ActionController::Base`` class has a predefined subclass ``Rails::ApplicationController``. To find
+all subclasses of ``ActionController::Base``, you must explicitly include the subclasses of ``Rails::ApplicationController`` as well.
+
+.. code-block:: ql
+
+    import codeql.ruby.ApiGraphs
+
+
+    API::Node actionController() {
+      result =
+        [
+          API::getTopLevelMember("ActionController").getMember("Base"),
+          API::getTopLevelMember("Rails").getMember("ApplicationController")
+        ].getASubclass*()
+    }
+
+    select actionController()
+
+
+Using the API graph in dataflow queries
+---------------------------------------
+
+Dataflow queries often search for points where data from external sources enters the code base
+as well as places where data leaves the code base. API graphs provide a convenient way to refer 
+to external API components such as library functions and their inputs and outputs. 
+However, you do not use API graph nodes directly in dataflow queries. 
+
+- API graph nodes model entities that are defined outside your code base.
+- Dataflow nodes model entities defined within the current code base. 
+
+You bridge the gap between the entities outside and inside your code base using 
+the API node class methods: ``asSource()`` and ``asSink()``.
+
+The ``asSource()`` method is used to select dataflow nodes where a value from an external source
+enters the current code base. A typical example is the return value of a library function such as
+``File.read(path)``:
+
+.. code-block:: ql
+
+    import codeql.ruby.ApiGraphs
+
+    select API::getTopLevelMember("File").getMethod("read").getReturn().asSource()
+
+
+The ``asSink()`` method is used to select dataflow nodes where a value leaves the
+current code base and flows into an external library. For example the second parameter
+of the ``File.write(path, value)`` method.
+
+.. code-block:: ql
+
+    import codeql.ruby.ApiGraphs
+
+    select API::getTopLevelMember("File").getMethod("write").getParameter(1).asSink()
+
+A more complex example is a call to ``File.open`` with a block argument. This function creates a ``File`` instance
+and passes it to the supplied block. In this case, we are interested in the first parameter of the block because this is where an
+externally created value enters the code base, that is, the ``|file|`` in the Ruby example below:
+
+.. code-block:: ruby
+
+    File.open("/my/file.txt", "w") { |file| file << "Hello world" }
+
+The following snippet of CodeQL finds parameters of blocks of ``File.open`` method calls:
+
+.. code-block:: ql
+
+    import codeql.ruby.ApiGraphs
+
+    select API::getTopLevelMember("File").getMethod("open").getBlock().getParameter(0).asSource()
+
+The following example is a dataflow query that that uses API graphs to find cases where data that 
+is read flows into a call to ``File.write``.
+
+.. code-block:: ql
+
+    import codeql.ruby.DataFlow
+    import codeql.ruby.ApiGraphs
+
+    class Configuration extends DataFlow::Configuration {
+      Configuration() { this = "File read/write Configuration" }
+
+      override predicate isSource(DataFlow::Node source) {
+        source = API::getTopLevelMember("File").getMethod("read").getReturn().asSource()
+      }
+
+      override predicate isSink(DataFlow::Node sink) {
+        sink = API::getTopLevelMember("File").getMethod("write").getParameter(1).asSink()
+      }
+    }
+
+    from DataFlow::Node src, DataFlow::Node sink, Configuration config
+    where config.hasFlow(src, sink)
+    select src, "The data read here flows into a $@ call.", sink, "File.write"
+
+Further reading
+---------------
+
+
+.. include:: ../reusables/ruby-further-reading.rst
+.. include:: ../reusables/codeql-ref-tools-further-reading.rst
@@ -35,4 +35,3 @@ Note that the CWE coverage includes both "`supported queries <https://github.com
    python-cwe
    ruby-cwe
 
-.. include:: ../reusables/ruby-beta-note.rst
@@ -23,8 +23,6 @@ View the query help for the queries included in the ``code-scanning``, ``securit
 
 For a full list of the CWEs covered by these queries, see ":doc:`CodeQL CWE coverage <codeql-cwe-coverage>`." 
 
-.. include:: ../reusables/ruby-beta-note.rst
-
 .. toctree::
    :hidden:
    :titlesonly:
Original file line number	Diff line number	Diff line change
@@ -35,4 +35,3 @@ Note that the CWE coverage includes both "`supported queries <https://github.com
`35`	`35`	`python-cwe`
`36`	`36`	`ruby-cwe`
`37`	`37`
`38`		`-.. include:: ../reusables/ruby-beta-note.rst`