Description
The following example causes a syntax error, but it shouldn't. I think it is due to the way CodeQL interprets ERB. Instead of inserting newlines it may be better for CodeQL to insert explicit semicolons in most cases. There is not really a right way to interpret ERB, because ERB has no specification and there are many ERB interpreters each with their own flavours. We should probably emulate the most often used Rails flavour as closely as possible.
<% def foo bar:; end %>
<% bar = 1 %>
<%= foo bar: %>
<% print "hello" %>
What's happening is roughly, that the above gets parsed as follows (this is also invalid according to the real Ruby interpreter)
def foo bar:; end
bar = 1
foo bar:
print "hello"
instead of as (note the extra ;)
def foo bar:; end
bar = 1
foo bar: ;
print "hello"
The ERB interpreter of Rails usually inserts ; symbols between tags, but sometimes it inserts a newline (to make using blocks easier). CodeQL instead always inserts a newline. This difference is hardly ever a problem because Ruby treats newlines as implicit ; symbols in almost all cases. The trouble is the "almost", there are a few corner cases, and newlines after a keyword argument are one of them.