CodeQL Ruby extractor: parse errors on valid Ruby 3 constructs #21130
Description
CodeQL Ruby extractor fails to parse certain valid Ruby 3 constructs used in my repository, producing extraction warnings such as:
"A parse error occurred (expected identifier symbol)"
"Missing value for field: binary::left"
This causes CodeQL to skip files that are syntactically correct in Ruby 3. I believe the issue is with the parser bundled into the CodeQL CLI used by the action.
Environment / Versions found in logs
CodeQL Action: v4.31.9 (as used in my workflow run)
CodeQL CLI bundled in that run: 2.23.8 (path in runner: /opt/hostedtoolcache/CodeQL/2.23.8/x64/codeql)
Workflow: .github/workflows/codeql.yml running github/codeql-action/analyze@v4 (matrix language: ruby)
Log snippets (from workflow run):
[LOG] WARN /home/runner/work/Sat_9am_5km/Sat_9am_5km/app/helpers/application_helper.rb:109: A parse error occurred (expected identifier symbol). Check the syntax of the file. If the file is invalid, correct the error or exclude the file from analysis. WARN /home/runner/work/Sat_9am_5km/Sat_9am_5km/app/helpers/application_helper.rb:109: Missing value for field: binary::left WARN /home/runner/work/Sat_9am_5km/Sat_9am_5km/app/views/devise/passwords/edit.html.erb:7: A parse error occurred. Check the syntax of the file. If the file is invalid, correct the error ... (other similar warnings for other files) [/LOG]
Concrete example of valid Ruby code that triggers the parser warning In app/helpers/application_helper.rb (ref dbec8bc37870e5f8cc9cea3830e6d5c8191f870f) the following Ruby 3 constructs are used and appear to be unrecognized by the extractor:
argument forwarding (...) in method definition: def sanitized_link_to(...) sanitize link_to(...), tags: ['a'], attributes: %w[href rel target] end
anonymous double-splat (**) in definition and invocation: def event_main_image_tag(event, variant: :full, **) ... image_tag image_path, ** end
anonymous block argument (&) shorthand: def external_link_to(title = nil, options = nil, html_options = {}, &) ... if block_given? link_to title, (options || {}).merge(target_options), & else ... end end
These constructs are valid Ruby 3 syntax and parse correctly with Ruby 3 interpreter, but the CodeQL extractor emits parse errors.
Steps to reproduce
- Use a workflow that runs the CodeQL action for Ruby (e.g. github/codeql-action/analyze@v4 with language: ruby).
- Run on this repository/commit: ref dbec8bc37870e5f8cc9cea3830e6d5c8191f870f (see job above).
- Observe extraction warnings and that some Ruby files are reported as "extracted with errors".
Expected behavior
The Ruby extractor (bundled in the CodeQL CLI used by the action) should correctly parse Ruby 3 constructs above and not skip those files.
Request
Please advise whether there is an updated CodeQL CLI / extractor that supports these Ruby 3 constructs. If not, could you confirm this is a bug and track it? I can provide minimal repro files or a smaller test repo if helpful.
Thank you!