CodeQL Ruby parser fails on bare & block forwarding in multi-line method calls

[landongrindheim]

🖼️ Context

CodeQL's Ruby parser encounters parse errors when using Ruby 3.1+'s anonymous block forwarding syntax (&) in specific contexts, despite this being valid Ruby syntax.

Reproduction Case

  module TestCase
    def method_with_bare_ampersand(&)
      some_method_call(
        keyword_arg1: "value1",
        keyword_arg2: "value2",
        keyword_arg3: "value3",
        &  # <-- CodeQL parse error occurs here
      )
    end

    # This works fine - single line call
    def working_method(&)
      simple_call(&)
    end

    private

    def some_method_call(keyword_arg1:, keyword_arg2:, keyword_arg3:, &block)
      yield if block_given?
    end

    def simple_call(&block)
      yield if block_given?
    end
  end

Environment

• Repo: rubygems/rubygems.org
  • recent workflow run)
  • offending file
  • offending file
• CodeQL CLI version: 2.15.5
• Ruby version: 3.4.x
• Syntax: Valid Ruby (confirmed with ruby -c)

📝 Notes

• The issue only occurs with multi-line method calls where & appears on its own line
• Single-line calls with & work correctly
• Named block parameters (e.g., &block) work in all contexts
• This is valid Ruby 3.1+ anonymous block forwarding syntax

Impact

This prevents CodeQL security analysis on codebases using modern Ruby block forwarding patterns, forcing developers to use less idiomatic code or exclude files from analysis.

[jketema]

Hi @landongrindheim

This is a known issue. We generally suggest the workaround you've already figured out in rubygems/rubygems.org#5926.