mirror of
https://github.com/github/codeql.git
synced 2025-12-16 16:53:25 +01:00
Refactor GrapeHelperMethod constructor to reuse getHelperSelf to traverse dataflow instead of AST
- add tests to check for nested helpers
This commit is contained in:
Chad Bentz
@@ -291,12 +291,7 @@ module Grape {
|
||||
private class GrapeHelperMethod extends Method {
|
||||
private GrapeApiClass apiClass;
|
||||
|
||||
GrapeHelperMethod() {
|
||||
exists(DataFlow::CallNode helpersCall |
|
||||
helpersCall = apiClass.getAModuleLevelCall("helpers") and
|
||||
this.getParent+() = helpersCall.getBlock().asExpr().getExpr()
|
||||
)
|
||||
}
|
||||
GrapeHelperMethod() { this = apiClass.getHelperSelf().getSelfVariable().getDeclaringScope() }
|
||||
|
||||
/**
|
||||
* Gets the API class that contains this helper method.
|
||||
|
||||
@@ -2,44 +2,80 @@ models
|
||||
edges
|
||||
| app.rb:103:13:103:18 | call to params | app.rb:103:13:103:70 | call to select | provenance | |
|
||||
| app.rb:103:13:103:18 | call to params | app.rb:103:13:103:70 | call to select : [collection] [element] | provenance | |
|
||||
| app.rb:103:13:103:70 | call to select | app.rb:149:21:149:31 | call to user_params | provenance | |
|
||||
| app.rb:103:13:103:70 | call to select | app.rb:165:21:165:31 | call to user_params | provenance | |
|
||||
| app.rb:103:13:103:70 | call to select : [collection] [element] | app.rb:149:21:149:31 | call to user_params : [collection] [element] | provenance | |
|
||||
| app.rb:103:13:103:70 | call to select : [collection] [element] | app.rb:165:21:165:31 | call to user_params : [collection] [element] | provenance | |
|
||||
| app.rb:107:13:107:32 | call to source | app.rb:143:18:143:43 | call to vulnerable_helper | provenance | |
|
||||
| app.rb:107:13:107:32 | call to source | app.rb:143:18:143:43 | call to vulnerable_helper | provenance | |
|
||||
| app.rb:111:13:111:33 | call to source | app.rb:150:25:150:37 | call to simple_helper | provenance | |
|
||||
| app.rb:111:13:111:33 | call to source | app.rb:150:25:150:37 | call to simple_helper | provenance | |
|
||||
| app.rb:126:9:126:15 | user_id | app.rb:133:14:133:20 | user_id | provenance | |
|
||||
| app.rb:126:19:126:24 | call to params | app.rb:126:19:126:34 | ...[...] | provenance | |
|
||||
| app.rb:126:19:126:34 | ...[...] | app.rb:126:9:126:15 | user_id | provenance | |
|
||||
| app.rb:127:9:127:16 | route_id | app.rb:134:14:134:21 | route_id | provenance | |
|
||||
| app.rb:127:20:127:40 | call to route_param | app.rb:127:9:127:16 | route_id | provenance | |
|
||||
| app.rb:128:9:128:12 | auth | app.rb:135:14:135:17 | auth | provenance | |
|
||||
| app.rb:128:16:128:22 | call to headers | app.rb:128:16:128:38 | ...[...] | provenance | |
|
||||
| app.rb:128:16:128:38 | ...[...] | app.rb:128:9:128:12 | auth | provenance | |
|
||||
| app.rb:129:9:129:15 | session | app.rb:136:14:136:20 | session | provenance | |
|
||||
| app.rb:129:19:129:25 | call to cookies | app.rb:129:19:129:38 | ...[...] | provenance | |
|
||||
| app.rb:129:19:129:38 | ...[...] | app.rb:129:9:129:15 | session | provenance | |
|
||||
| app.rb:143:9:143:14 | result | app.rb:144:14:144:19 | result | provenance | |
|
||||
| app.rb:143:9:143:14 | result | app.rb:144:14:144:19 | result | provenance | |
|
||||
| app.rb:143:18:143:43 | call to vulnerable_helper | app.rb:143:9:143:14 | result | provenance | |
|
||||
| app.rb:143:18:143:43 | call to vulnerable_helper | app.rb:143:9:143:14 | result | provenance | |
|
||||
| app.rb:149:9:149:17 | user_data | app.rb:151:14:151:22 | user_data | provenance | |
|
||||
| app.rb:149:9:149:17 | user_data : [collection] [element] | app.rb:151:14:151:22 | user_data | provenance | |
|
||||
| app.rb:149:21:149:31 | call to user_params | app.rb:149:9:149:17 | user_data | provenance | |
|
||||
| app.rb:149:21:149:31 | call to user_params : [collection] [element] | app.rb:149:9:149:17 | user_data : [collection] [element] | provenance | |
|
||||
| app.rb:150:9:150:21 | simple_result | app.rb:152:14:152:26 | simple_result | provenance | |
|
||||
| app.rb:150:9:150:21 | simple_result | app.rb:152:14:152:26 | simple_result | provenance | |
|
||||
| app.rb:150:25:150:37 | call to simple_helper | app.rb:150:9:150:21 | simple_result | provenance | |
|
||||
| app.rb:150:25:150:37 | call to simple_helper | app.rb:150:9:150:21 | simple_result | provenance | |
|
||||
| app.rb:159:13:159:19 | user_id | app.rb:160:18:160:24 | user_id | provenance | |
|
||||
| app.rb:159:23:159:28 | call to params | app.rb:159:23:159:33 | ...[...] | provenance | |
|
||||
| app.rb:159:23:159:33 | ...[...] | app.rb:159:13:159:19 | user_id | provenance | |
|
||||
| app.rb:165:9:165:17 | user_data | app.rb:166:14:166:22 | user_data | provenance | |
|
||||
| app.rb:165:9:165:17 | user_data : [collection] [element] | app.rb:166:14:166:22 | user_data | provenance | |
|
||||
| app.rb:165:21:165:31 | call to user_params | app.rb:165:9:165:17 | user_data | provenance | |
|
||||
| app.rb:165:21:165:31 | call to user_params : [collection] [element] | app.rb:165:9:165:17 | user_data : [collection] [element] | provenance | |
|
||||
| app.rb:103:13:103:70 | call to select | app.rb:189:21:189:31 | call to user_params | provenance | |
|
||||
| app.rb:103:13:103:70 | call to select | app.rb:205:21:205:31 | call to user_params | provenance | |
|
||||
| app.rb:103:13:103:70 | call to select : [collection] [element] | app.rb:189:21:189:31 | call to user_params : [collection] [element] | provenance | |
|
||||
| app.rb:103:13:103:70 | call to select : [collection] [element] | app.rb:205:21:205:31 | call to user_params : [collection] [element] | provenance | |
|
||||
| app.rb:107:13:107:32 | call to source | app.rb:183:18:183:43 | call to vulnerable_helper | provenance | |
|
||||
| app.rb:107:13:107:32 | call to source | app.rb:183:18:183:43 | call to vulnerable_helper | provenance | |
|
||||
| app.rb:111:13:111:33 | call to source | app.rb:190:25:190:37 | call to simple_helper | provenance | |
|
||||
| app.rb:111:13:111:33 | call to source | app.rb:190:25:190:37 | call to simple_helper | provenance | |
|
||||
| app.rb:118:17:118:43 | call to source | app.rb:212:23:212:39 | call to authenticate_user | provenance | |
|
||||
| app.rb:118:17:118:43 | call to source | app.rb:212:23:212:39 | call to authenticate_user | provenance | |
|
||||
| app.rb:122:17:122:47 | call to source | app.rb:216:23:216:48 | call to check_permissions | provenance | |
|
||||
| app.rb:122:17:122:47 | call to source | app.rb:216:23:216:48 | call to check_permissions | provenance | |
|
||||
| app.rb:128:17:128:42 | call to source | app.rb:220:29:220:80 | call to validate_email | provenance | |
|
||||
| app.rb:128:17:128:42 | call to source | app.rb:220:29:220:80 | call to validate_email | provenance | |
|
||||
| app.rb:134:17:134:42 | call to source | app.rb:225:28:225:39 | call to debug_helper | provenance | |
|
||||
| app.rb:134:17:134:42 | call to source | app.rb:225:28:225:39 | call to debug_helper | provenance | |
|
||||
| app.rb:140:17:140:37 | call to source | app.rb:230:25:230:37 | call to rescue_helper | provenance | |
|
||||
| app.rb:140:17:140:37 | call to source | app.rb:230:25:230:37 | call to rescue_helper | provenance | |
|
||||
| app.rb:150:17:150:35 | call to source | app.rb:235:27:235:37 | call to test_helper | provenance | |
|
||||
| app.rb:150:17:150:35 | call to source | app.rb:235:27:235:37 | call to test_helper | provenance | |
|
||||
| app.rb:166:9:166:15 | user_id | app.rb:173:14:173:20 | user_id | provenance | |
|
||||
| app.rb:166:19:166:24 | call to params | app.rb:166:19:166:34 | ...[...] | provenance | |
|
||||
| app.rb:166:19:166:34 | ...[...] | app.rb:166:9:166:15 | user_id | provenance | |
|
||||
| app.rb:167:9:167:16 | route_id | app.rb:174:14:174:21 | route_id | provenance | |
|
||||
| app.rb:167:20:167:40 | call to route_param | app.rb:167:9:167:16 | route_id | provenance | |
|
||||
| app.rb:168:9:168:12 | auth | app.rb:175:14:175:17 | auth | provenance | |
|
||||
| app.rb:168:16:168:22 | call to headers | app.rb:168:16:168:38 | ...[...] | provenance | |
|
||||
| app.rb:168:16:168:38 | ...[...] | app.rb:168:9:168:12 | auth | provenance | |
|
||||
| app.rb:169:9:169:15 | session | app.rb:176:14:176:20 | session | provenance | |
|
||||
| app.rb:169:19:169:25 | call to cookies | app.rb:169:19:169:38 | ...[...] | provenance | |
|
||||
| app.rb:169:19:169:38 | ...[...] | app.rb:169:9:169:15 | session | provenance | |
|
||||
| app.rb:183:9:183:14 | result | app.rb:184:14:184:19 | result | provenance | |
|
||||
| app.rb:183:9:183:14 | result | app.rb:184:14:184:19 | result | provenance | |
|
||||
| app.rb:183:18:183:43 | call to vulnerable_helper | app.rb:183:9:183:14 | result | provenance | |
|
||||
| app.rb:183:18:183:43 | call to vulnerable_helper | app.rb:183:9:183:14 | result | provenance | |
|
||||
| app.rb:189:9:189:17 | user_data | app.rb:191:14:191:22 | user_data | provenance | |
|
||||
| app.rb:189:9:189:17 | user_data : [collection] [element] | app.rb:191:14:191:22 | user_data | provenance | |
|
||||
| app.rb:189:21:189:31 | call to user_params | app.rb:189:9:189:17 | user_data | provenance | |
|
||||
| app.rb:189:21:189:31 | call to user_params : [collection] [element] | app.rb:189:9:189:17 | user_data : [collection] [element] | provenance | |
|
||||
| app.rb:190:9:190:21 | simple_result | app.rb:192:14:192:26 | simple_result | provenance | |
|
||||
| app.rb:190:9:190:21 | simple_result | app.rb:192:14:192:26 | simple_result | provenance | |
|
||||
| app.rb:190:25:190:37 | call to simple_helper | app.rb:190:9:190:21 | simple_result | provenance | |
|
||||
| app.rb:190:25:190:37 | call to simple_helper | app.rb:190:9:190:21 | simple_result | provenance | |
|
||||
| app.rb:199:13:199:19 | user_id | app.rb:200:18:200:24 | user_id | provenance | |
|
||||
| app.rb:199:23:199:28 | call to params | app.rb:199:23:199:33 | ...[...] | provenance | |
|
||||
| app.rb:199:23:199:33 | ...[...] | app.rb:199:13:199:19 | user_id | provenance | |
|
||||
| app.rb:205:9:205:17 | user_data | app.rb:206:14:206:22 | user_data | provenance | |
|
||||
| app.rb:205:9:205:17 | user_data : [collection] [element] | app.rb:206:14:206:22 | user_data | provenance | |
|
||||
| app.rb:205:21:205:31 | call to user_params | app.rb:205:9:205:17 | user_data | provenance | |
|
||||
| app.rb:205:21:205:31 | call to user_params : [collection] [element] | app.rb:205:9:205:17 | user_data : [collection] [element] | provenance | |
|
||||
| app.rb:212:9:212:19 | auth_result | app.rb:213:14:213:24 | auth_result | provenance | |
|
||||
| app.rb:212:9:212:19 | auth_result | app.rb:213:14:213:24 | auth_result | provenance | |
|
||||
| app.rb:212:23:212:39 | call to authenticate_user | app.rb:212:9:212:19 | auth_result | provenance | |
|
||||
| app.rb:212:23:212:39 | call to authenticate_user | app.rb:212:9:212:19 | auth_result | provenance | |
|
||||
| app.rb:216:9:216:19 | perm_result | app.rb:217:14:217:24 | perm_result | provenance | |
|
||||
| app.rb:216:9:216:19 | perm_result | app.rb:217:14:217:24 | perm_result | provenance | |
|
||||
| app.rb:216:23:216:48 | call to check_permissions | app.rb:216:9:216:19 | perm_result | provenance | |
|
||||
| app.rb:216:23:216:48 | call to check_permissions | app.rb:216:9:216:19 | perm_result | provenance | |
|
||||
| app.rb:220:9:220:25 | validation_result | app.rb:221:14:221:30 | validation_result | provenance | |
|
||||
| app.rb:220:9:220:25 | validation_result | app.rb:221:14:221:30 | validation_result | provenance | |
|
||||
| app.rb:220:29:220:80 | call to validate_email | app.rb:220:9:220:25 | validation_result | provenance | |
|
||||
| app.rb:220:29:220:80 | call to validate_email | app.rb:220:9:220:25 | validation_result | provenance | |
|
||||
| app.rb:225:13:225:24 | debug_result | app.rb:226:18:226:29 | debug_result | provenance | |
|
||||
| app.rb:225:13:225:24 | debug_result | app.rb:226:18:226:29 | debug_result | provenance | |
|
||||
| app.rb:225:28:225:39 | call to debug_helper | app.rb:225:13:225:24 | debug_result | provenance | |
|
||||
| app.rb:225:28:225:39 | call to debug_helper | app.rb:225:13:225:24 | debug_result | provenance | |
|
||||
| app.rb:230:9:230:21 | rescue_result | app.rb:231:14:231:26 | rescue_result | provenance | |
|
||||
| app.rb:230:9:230:21 | rescue_result | app.rb:231:14:231:26 | rescue_result | provenance | |
|
||||
| app.rb:230:25:230:37 | call to rescue_helper | app.rb:230:9:230:21 | rescue_result | provenance | |
|
||||
| app.rb:230:25:230:37 | call to rescue_helper | app.rb:230:9:230:21 | rescue_result | provenance | |
|
||||
| app.rb:235:13:235:23 | case_result | app.rb:236:18:236:28 | case_result | provenance | |
|
||||
| app.rb:235:13:235:23 | case_result | app.rb:236:18:236:28 | case_result | provenance | |
|
||||
| app.rb:235:27:235:37 | call to test_helper | app.rb:235:13:235:23 | case_result | provenance | |
|
||||
| app.rb:235:27:235:37 | call to test_helper | app.rb:235:13:235:23 | case_result | provenance | |
|
||||
nodes
|
||||
| app.rb:103:13:103:18 | call to params | semmle.label | call to params |
|
||||
| app.rb:103:13:103:70 | call to select | semmle.label | call to select |
|
||||
@@ -48,58 +84,118 @@ nodes
|
||||
| app.rb:107:13:107:32 | call to source | semmle.label | call to source |
|
||||
| app.rb:111:13:111:33 | call to source | semmle.label | call to source |
|
||||
| app.rb:111:13:111:33 | call to source | semmle.label | call to source |
|
||||
| app.rb:126:9:126:15 | user_id | semmle.label | user_id |
|
||||
| app.rb:126:19:126:24 | call to params | semmle.label | call to params |
|
||||
| app.rb:126:19:126:34 | ...[...] | semmle.label | ...[...] |
|
||||
| app.rb:127:9:127:16 | route_id | semmle.label | route_id |
|
||||
| app.rb:127:20:127:40 | call to route_param | semmle.label | call to route_param |
|
||||
| app.rb:128:9:128:12 | auth | semmle.label | auth |
|
||||
| app.rb:128:16:128:22 | call to headers | semmle.label | call to headers |
|
||||
| app.rb:128:16:128:38 | ...[...] | semmle.label | ...[...] |
|
||||
| app.rb:129:9:129:15 | session | semmle.label | session |
|
||||
| app.rb:129:19:129:25 | call to cookies | semmle.label | call to cookies |
|
||||
| app.rb:129:19:129:38 | ...[...] | semmle.label | ...[...] |
|
||||
| app.rb:133:14:133:20 | user_id | semmle.label | user_id |
|
||||
| app.rb:134:14:134:21 | route_id | semmle.label | route_id |
|
||||
| app.rb:135:14:135:17 | auth | semmle.label | auth |
|
||||
| app.rb:136:14:136:20 | session | semmle.label | session |
|
||||
| app.rb:143:9:143:14 | result | semmle.label | result |
|
||||
| app.rb:143:9:143:14 | result | semmle.label | result |
|
||||
| app.rb:143:18:143:43 | call to vulnerable_helper | semmle.label | call to vulnerable_helper |
|
||||
| app.rb:143:18:143:43 | call to vulnerable_helper | semmle.label | call to vulnerable_helper |
|
||||
| app.rb:144:14:144:19 | result | semmle.label | result |
|
||||
| app.rb:144:14:144:19 | result | semmle.label | result |
|
||||
| app.rb:149:9:149:17 | user_data | semmle.label | user_data |
|
||||
| app.rb:149:9:149:17 | user_data : [collection] [element] | semmle.label | user_data : [collection] [element] |
|
||||
| app.rb:149:21:149:31 | call to user_params | semmle.label | call to user_params |
|
||||
| app.rb:149:21:149:31 | call to user_params : [collection] [element] | semmle.label | call to user_params : [collection] [element] |
|
||||
| app.rb:150:9:150:21 | simple_result | semmle.label | simple_result |
|
||||
| app.rb:150:9:150:21 | simple_result | semmle.label | simple_result |
|
||||
| app.rb:150:25:150:37 | call to simple_helper | semmle.label | call to simple_helper |
|
||||
| app.rb:150:25:150:37 | call to simple_helper | semmle.label | call to simple_helper |
|
||||
| app.rb:151:14:151:22 | user_data | semmle.label | user_data |
|
||||
| app.rb:152:14:152:26 | simple_result | semmle.label | simple_result |
|
||||
| app.rb:152:14:152:26 | simple_result | semmle.label | simple_result |
|
||||
| app.rb:159:13:159:19 | user_id | semmle.label | user_id |
|
||||
| app.rb:159:23:159:28 | call to params | semmle.label | call to params |
|
||||
| app.rb:159:23:159:33 | ...[...] | semmle.label | ...[...] |
|
||||
| app.rb:160:18:160:24 | user_id | semmle.label | user_id |
|
||||
| app.rb:165:9:165:17 | user_data | semmle.label | user_data |
|
||||
| app.rb:165:9:165:17 | user_data : [collection] [element] | semmle.label | user_data : [collection] [element] |
|
||||
| app.rb:165:21:165:31 | call to user_params | semmle.label | call to user_params |
|
||||
| app.rb:165:21:165:31 | call to user_params : [collection] [element] | semmle.label | call to user_params : [collection] [element] |
|
||||
| app.rb:166:14:166:22 | user_data | semmle.label | user_data |
|
||||
| app.rb:118:17:118:43 | call to source | semmle.label | call to source |
|
||||
| app.rb:118:17:118:43 | call to source | semmle.label | call to source |
|
||||
| app.rb:122:17:122:47 | call to source | semmle.label | call to source |
|
||||
| app.rb:122:17:122:47 | call to source | semmle.label | call to source |
|
||||
| app.rb:128:17:128:42 | call to source | semmle.label | call to source |
|
||||
| app.rb:128:17:128:42 | call to source | semmle.label | call to source |
|
||||
| app.rb:134:17:134:42 | call to source | semmle.label | call to source |
|
||||
| app.rb:134:17:134:42 | call to source | semmle.label | call to source |
|
||||
| app.rb:140:17:140:37 | call to source | semmle.label | call to source |
|
||||
| app.rb:140:17:140:37 | call to source | semmle.label | call to source |
|
||||
| app.rb:150:17:150:35 | call to source | semmle.label | call to source |
|
||||
| app.rb:150:17:150:35 | call to source | semmle.label | call to source |
|
||||
| app.rb:166:9:166:15 | user_id | semmle.label | user_id |
|
||||
| app.rb:166:19:166:24 | call to params | semmle.label | call to params |
|
||||
| app.rb:166:19:166:34 | ...[...] | semmle.label | ...[...] |
|
||||
| app.rb:167:9:167:16 | route_id | semmle.label | route_id |
|
||||
| app.rb:167:20:167:40 | call to route_param | semmle.label | call to route_param |
|
||||
| app.rb:168:9:168:12 | auth | semmle.label | auth |
|
||||
| app.rb:168:16:168:22 | call to headers | semmle.label | call to headers |
|
||||
| app.rb:168:16:168:38 | ...[...] | semmle.label | ...[...] |
|
||||
| app.rb:169:9:169:15 | session | semmle.label | session |
|
||||
| app.rb:169:19:169:25 | call to cookies | semmle.label | call to cookies |
|
||||
| app.rb:169:19:169:38 | ...[...] | semmle.label | ...[...] |
|
||||
| app.rb:173:14:173:20 | user_id | semmle.label | user_id |
|
||||
| app.rb:174:14:174:21 | route_id | semmle.label | route_id |
|
||||
| app.rb:175:14:175:17 | auth | semmle.label | auth |
|
||||
| app.rb:176:14:176:20 | session | semmle.label | session |
|
||||
| app.rb:183:9:183:14 | result | semmle.label | result |
|
||||
| app.rb:183:9:183:14 | result | semmle.label | result |
|
||||
| app.rb:183:18:183:43 | call to vulnerable_helper | semmle.label | call to vulnerable_helper |
|
||||
| app.rb:183:18:183:43 | call to vulnerable_helper | semmle.label | call to vulnerable_helper |
|
||||
| app.rb:184:14:184:19 | result | semmle.label | result |
|
||||
| app.rb:184:14:184:19 | result | semmle.label | result |
|
||||
| app.rb:189:9:189:17 | user_data | semmle.label | user_data |
|
||||
| app.rb:189:9:189:17 | user_data : [collection] [element] | semmle.label | user_data : [collection] [element] |
|
||||
| app.rb:189:21:189:31 | call to user_params | semmle.label | call to user_params |
|
||||
| app.rb:189:21:189:31 | call to user_params : [collection] [element] | semmle.label | call to user_params : [collection] [element] |
|
||||
| app.rb:190:9:190:21 | simple_result | semmle.label | simple_result |
|
||||
| app.rb:190:9:190:21 | simple_result | semmle.label | simple_result |
|
||||
| app.rb:190:25:190:37 | call to simple_helper | semmle.label | call to simple_helper |
|
||||
| app.rb:190:25:190:37 | call to simple_helper | semmle.label | call to simple_helper |
|
||||
| app.rb:191:14:191:22 | user_data | semmle.label | user_data |
|
||||
| app.rb:192:14:192:26 | simple_result | semmle.label | simple_result |
|
||||
| app.rb:192:14:192:26 | simple_result | semmle.label | simple_result |
|
||||
| app.rb:199:13:199:19 | user_id | semmle.label | user_id |
|
||||
| app.rb:199:23:199:28 | call to params | semmle.label | call to params |
|
||||
| app.rb:199:23:199:33 | ...[...] | semmle.label | ...[...] |
|
||||
| app.rb:200:18:200:24 | user_id | semmle.label | user_id |
|
||||
| app.rb:205:9:205:17 | user_data | semmle.label | user_data |
|
||||
| app.rb:205:9:205:17 | user_data : [collection] [element] | semmle.label | user_data : [collection] [element] |
|
||||
| app.rb:205:21:205:31 | call to user_params | semmle.label | call to user_params |
|
||||
| app.rb:205:21:205:31 | call to user_params : [collection] [element] | semmle.label | call to user_params : [collection] [element] |
|
||||
| app.rb:206:14:206:22 | user_data | semmle.label | user_data |
|
||||
| app.rb:212:9:212:19 | auth_result | semmle.label | auth_result |
|
||||
| app.rb:212:9:212:19 | auth_result | semmle.label | auth_result |
|
||||
| app.rb:212:23:212:39 | call to authenticate_user | semmle.label | call to authenticate_user |
|
||||
| app.rb:212:23:212:39 | call to authenticate_user | semmle.label | call to authenticate_user |
|
||||
| app.rb:213:14:213:24 | auth_result | semmle.label | auth_result |
|
||||
| app.rb:213:14:213:24 | auth_result | semmle.label | auth_result |
|
||||
| app.rb:216:9:216:19 | perm_result | semmle.label | perm_result |
|
||||
| app.rb:216:9:216:19 | perm_result | semmle.label | perm_result |
|
||||
| app.rb:216:23:216:48 | call to check_permissions | semmle.label | call to check_permissions |
|
||||
| app.rb:216:23:216:48 | call to check_permissions | semmle.label | call to check_permissions |
|
||||
| app.rb:217:14:217:24 | perm_result | semmle.label | perm_result |
|
||||
| app.rb:217:14:217:24 | perm_result | semmle.label | perm_result |
|
||||
| app.rb:220:9:220:25 | validation_result | semmle.label | validation_result |
|
||||
| app.rb:220:9:220:25 | validation_result | semmle.label | validation_result |
|
||||
| app.rb:220:29:220:80 | call to validate_email | semmle.label | call to validate_email |
|
||||
| app.rb:220:29:220:80 | call to validate_email | semmle.label | call to validate_email |
|
||||
| app.rb:221:14:221:30 | validation_result | semmle.label | validation_result |
|
||||
| app.rb:221:14:221:30 | validation_result | semmle.label | validation_result |
|
||||
| app.rb:225:13:225:24 | debug_result | semmle.label | debug_result |
|
||||
| app.rb:225:13:225:24 | debug_result | semmle.label | debug_result |
|
||||
| app.rb:225:28:225:39 | call to debug_helper | semmle.label | call to debug_helper |
|
||||
| app.rb:225:28:225:39 | call to debug_helper | semmle.label | call to debug_helper |
|
||||
| app.rb:226:18:226:29 | debug_result | semmle.label | debug_result |
|
||||
| app.rb:226:18:226:29 | debug_result | semmle.label | debug_result |
|
||||
| app.rb:230:9:230:21 | rescue_result | semmle.label | rescue_result |
|
||||
| app.rb:230:9:230:21 | rescue_result | semmle.label | rescue_result |
|
||||
| app.rb:230:25:230:37 | call to rescue_helper | semmle.label | call to rescue_helper |
|
||||
| app.rb:230:25:230:37 | call to rescue_helper | semmle.label | call to rescue_helper |
|
||||
| app.rb:231:14:231:26 | rescue_result | semmle.label | rescue_result |
|
||||
| app.rb:231:14:231:26 | rescue_result | semmle.label | rescue_result |
|
||||
| app.rb:235:13:235:23 | case_result | semmle.label | case_result |
|
||||
| app.rb:235:13:235:23 | case_result | semmle.label | case_result |
|
||||
| app.rb:235:27:235:37 | call to test_helper | semmle.label | call to test_helper |
|
||||
| app.rb:235:27:235:37 | call to test_helper | semmle.label | call to test_helper |
|
||||
| app.rb:236:18:236:28 | case_result | semmle.label | case_result |
|
||||
| app.rb:236:18:236:28 | case_result | semmle.label | case_result |
|
||||
subpaths
|
||||
testFailures
|
||||
#select
|
||||
| app.rb:133:14:133:20 | user_id | app.rb:126:19:126:24 | call to params | app.rb:133:14:133:20 | user_id | $@ | app.rb:126:19:126:24 | call to params | call to params |
|
||||
| app.rb:134:14:134:21 | route_id | app.rb:127:20:127:40 | call to route_param | app.rb:134:14:134:21 | route_id | $@ | app.rb:127:20:127:40 | call to route_param | call to route_param |
|
||||
| app.rb:135:14:135:17 | auth | app.rb:128:16:128:22 | call to headers | app.rb:135:14:135:17 | auth | $@ | app.rb:128:16:128:22 | call to headers | call to headers |
|
||||
| app.rb:136:14:136:20 | session | app.rb:129:19:129:25 | call to cookies | app.rb:136:14:136:20 | session | $@ | app.rb:129:19:129:25 | call to cookies | call to cookies |
|
||||
| app.rb:144:14:144:19 | result | app.rb:107:13:107:32 | call to source | app.rb:144:14:144:19 | result | $@ | app.rb:107:13:107:32 | call to source | call to source |
|
||||
| app.rb:144:14:144:19 | result | app.rb:107:13:107:32 | call to source | app.rb:144:14:144:19 | result | $@ | app.rb:107:13:107:32 | call to source | call to source |
|
||||
| app.rb:151:14:151:22 | user_data | app.rb:103:13:103:18 | call to params | app.rb:151:14:151:22 | user_data | $@ | app.rb:103:13:103:18 | call to params | call to params |
|
||||
| app.rb:152:14:152:26 | simple_result | app.rb:111:13:111:33 | call to source | app.rb:152:14:152:26 | simple_result | $@ | app.rb:111:13:111:33 | call to source | call to source |
|
||||
| app.rb:152:14:152:26 | simple_result | app.rb:111:13:111:33 | call to source | app.rb:152:14:152:26 | simple_result | $@ | app.rb:111:13:111:33 | call to source | call to source |
|
||||
| app.rb:160:18:160:24 | user_id | app.rb:159:23:159:28 | call to params | app.rb:160:18:160:24 | user_id | $@ | app.rb:159:23:159:28 | call to params | call to params |
|
||||
| app.rb:166:14:166:22 | user_data | app.rb:103:13:103:18 | call to params | app.rb:166:14:166:22 | user_data | $@ | app.rb:103:13:103:18 | call to params | call to params |
|
||||
| app.rb:173:14:173:20 | user_id | app.rb:166:19:166:24 | call to params | app.rb:173:14:173:20 | user_id | $@ | app.rb:166:19:166:24 | call to params | call to params |
|
||||
| app.rb:174:14:174:21 | route_id | app.rb:167:20:167:40 | call to route_param | app.rb:174:14:174:21 | route_id | $@ | app.rb:167:20:167:40 | call to route_param | call to route_param |
|
||||
| app.rb:175:14:175:17 | auth | app.rb:168:16:168:22 | call to headers | app.rb:175:14:175:17 | auth | $@ | app.rb:168:16:168:22 | call to headers | call to headers |
|
||||
| app.rb:176:14:176:20 | session | app.rb:169:19:169:25 | call to cookies | app.rb:176:14:176:20 | session | $@ | app.rb:169:19:169:25 | call to cookies | call to cookies |
|
||||
| app.rb:184:14:184:19 | result | app.rb:107:13:107:32 | call to source | app.rb:184:14:184:19 | result | $@ | app.rb:107:13:107:32 | call to source | call to source |
|
||||
| app.rb:184:14:184:19 | result | app.rb:107:13:107:32 | call to source | app.rb:184:14:184:19 | result | $@ | app.rb:107:13:107:32 | call to source | call to source |
|
||||
| app.rb:191:14:191:22 | user_data | app.rb:103:13:103:18 | call to params | app.rb:191:14:191:22 | user_data | $@ | app.rb:103:13:103:18 | call to params | call to params |
|
||||
| app.rb:192:14:192:26 | simple_result | app.rb:111:13:111:33 | call to source | app.rb:192:14:192:26 | simple_result | $@ | app.rb:111:13:111:33 | call to source | call to source |
|
||||
| app.rb:192:14:192:26 | simple_result | app.rb:111:13:111:33 | call to source | app.rb:192:14:192:26 | simple_result | $@ | app.rb:111:13:111:33 | call to source | call to source |
|
||||
| app.rb:200:18:200:24 | user_id | app.rb:199:23:199:28 | call to params | app.rb:200:18:200:24 | user_id | $@ | app.rb:199:23:199:28 | call to params | call to params |
|
||||
| app.rb:206:14:206:22 | user_data | app.rb:103:13:103:18 | call to params | app.rb:206:14:206:22 | user_data | $@ | app.rb:103:13:103:18 | call to params | call to params |
|
||||
| app.rb:213:14:213:24 | auth_result | app.rb:118:17:118:43 | call to source | app.rb:213:14:213:24 | auth_result | $@ | app.rb:118:17:118:43 | call to source | call to source |
|
||||
| app.rb:213:14:213:24 | auth_result | app.rb:118:17:118:43 | call to source | app.rb:213:14:213:24 | auth_result | $@ | app.rb:118:17:118:43 | call to source | call to source |
|
||||
| app.rb:217:14:217:24 | perm_result | app.rb:122:17:122:47 | call to source | app.rb:217:14:217:24 | perm_result | $@ | app.rb:122:17:122:47 | call to source | call to source |
|
||||
| app.rb:217:14:217:24 | perm_result | app.rb:122:17:122:47 | call to source | app.rb:217:14:217:24 | perm_result | $@ | app.rb:122:17:122:47 | call to source | call to source |
|
||||
| app.rb:221:14:221:30 | validation_result | app.rb:128:17:128:42 | call to source | app.rb:221:14:221:30 | validation_result | $@ | app.rb:128:17:128:42 | call to source | call to source |
|
||||
| app.rb:221:14:221:30 | validation_result | app.rb:128:17:128:42 | call to source | app.rb:221:14:221:30 | validation_result | $@ | app.rb:128:17:128:42 | call to source | call to source |
|
||||
| app.rb:226:18:226:29 | debug_result | app.rb:134:17:134:42 | call to source | app.rb:226:18:226:29 | debug_result | $@ | app.rb:134:17:134:42 | call to source | call to source |
|
||||
| app.rb:226:18:226:29 | debug_result | app.rb:134:17:134:42 | call to source | app.rb:226:18:226:29 | debug_result | $@ | app.rb:134:17:134:42 | call to source | call to source |
|
||||
| app.rb:231:14:231:26 | rescue_result | app.rb:140:17:140:37 | call to source | app.rb:231:14:231:26 | rescue_result | $@ | app.rb:140:17:140:37 | call to source | call to source |
|
||||
| app.rb:231:14:231:26 | rescue_result | app.rb:140:17:140:37 | call to source | app.rb:231:14:231:26 | rescue_result | $@ | app.rb:140:17:140:37 | call to source | call to source |
|
||||
| app.rb:236:18:236:28 | case_result | app.rb:150:17:150:35 | call to source | app.rb:236:18:236:28 | case_result | $@ | app.rb:150:17:150:35 | call to source | call to source |
|
||||
| app.rb:236:18:236:28 | case_result | app.rb:150:17:150:35 | call to source | app.rb:236:18:236:28 | case_result | $@ | app.rb:150:17:150:35 | call to source | call to source |
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
grapeApiClasses
|
||||
| app.rb:1:1:90:3 | MyAPI |
|
||||
| app.rb:92:1:96:3 | AdminAPI |
|
||||
| app.rb:98:1:168:3 | UserAPI |
|
||||
| app.rb:98:1:239:3 | UserAPI |
|
||||
grapeEndpoints
|
||||
| app.rb:1:1:90:3 | MyAPI | app.rb:7:3:11:5 | call to get | GET | /hello/:name |
|
||||
| app.rb:1:1:90:3 | MyAPI | app.rb:17:3:20:5 | call to post | POST | /messages |
|
||||
@@ -14,10 +14,11 @@ grapeEndpoints
|
||||
| app.rb:1:1:90:3 | MyAPI | app.rb:78:3:82:5 | call to get | GET | /cookie_test |
|
||||
| app.rb:1:1:90:3 | MyAPI | app.rb:85:3:89:5 | call to get | GET | /header_test |
|
||||
| app.rb:92:1:96:3 | AdminAPI | app.rb:93:3:95:5 | call to get | GET | /admin |
|
||||
| app.rb:98:1:168:3 | UserAPI | app.rb:124:5:138:7 | call to get | GET | /comprehensive_test/:user_id |
|
||||
| app.rb:98:1:168:3 | UserAPI | app.rb:140:5:145:7 | call to get | GET | /helper_test/:user_id |
|
||||
| app.rb:98:1:168:3 | UserAPI | app.rb:147:5:153:7 | call to post | POST | /users |
|
||||
| app.rb:98:1:168:3 | UserAPI | app.rb:164:5:167:7 | call to post | POST | /users |
|
||||
| app.rb:98:1:239:3 | UserAPI | app.rb:164:5:178:7 | call to get | GET | /comprehensive_test/:user_id |
|
||||
| app.rb:98:1:239:3 | UserAPI | app.rb:180:5:185:7 | call to get | GET | /helper_test/:user_id |
|
||||
| app.rb:98:1:239:3 | UserAPI | app.rb:187:5:193:7 | call to post | POST | /users |
|
||||
| app.rb:98:1:239:3 | UserAPI | app.rb:204:5:207:7 | call to post | POST | /users |
|
||||
| app.rb:98:1:239:3 | UserAPI | app.rb:210:5:238:7 | call to get | GET | /nested_test/:token |
|
||||
grapeParams
|
||||
| app.rb:8:12:8:17 | call to params |
|
||||
| app.rb:14:3:16:5 | call to params |
|
||||
@@ -28,29 +29,30 @@ grapeParams
|
||||
| app.rb:60:12:60:17 | call to params |
|
||||
| app.rb:94:5:94:10 | call to params |
|
||||
| app.rb:103:13:103:18 | call to params |
|
||||
| app.rb:126:19:126:24 | call to params |
|
||||
| app.rb:142:19:142:24 | call to params |
|
||||
| app.rb:159:23:159:28 | call to params |
|
||||
| app.rb:117:25:117:30 | call to params |
|
||||
| app.rb:166:19:166:24 | call to params |
|
||||
| app.rb:182:19:182:24 | call to params |
|
||||
| app.rb:199:23:199:28 | call to params |
|
||||
grapeHeaders
|
||||
| app.rb:9:18:9:24 | call to headers |
|
||||
| app.rb:46:5:46:11 | call to headers |
|
||||
| app.rb:66:3:69:5 | call to headers |
|
||||
| app.rb:86:12:86:18 | call to headers |
|
||||
| app.rb:87:14:87:20 | call to headers |
|
||||
| app.rb:116:5:118:7 | call to headers |
|
||||
| app.rb:128:16:128:22 | call to headers |
|
||||
| app.rb:156:5:158:7 | call to headers |
|
||||
| app.rb:168:16:168:22 | call to headers |
|
||||
grapeRequest
|
||||
| app.rb:25:12:25:18 | call to request |
|
||||
| app.rb:130:21:130:27 | call to request |
|
||||
| app.rb:170:21:170:27 | call to request |
|
||||
grapeRouteParam
|
||||
| app.rb:51:15:51:35 | call to route_param |
|
||||
| app.rb:52:15:52:36 | call to route_param |
|
||||
| app.rb:57:3:63:5 | call to route_param |
|
||||
| app.rb:127:20:127:40 | call to route_param |
|
||||
| app.rb:156:5:162:7 | call to route_param |
|
||||
| app.rb:167:20:167:40 | call to route_param |
|
||||
| app.rb:196:5:202:7 | call to route_param |
|
||||
grapeCookies
|
||||
| app.rb:72:3:75:5 | call to cookies |
|
||||
| app.rb:79:15:79:21 | call to cookies |
|
||||
| app.rb:80:16:80:22 | call to cookies |
|
||||
| app.rb:120:5:122:7 | call to cookies |
|
||||
| app.rb:129:19:129:25 | call to cookies |
|
||||
| app.rb:160:5:162:7 | call to cookies |
|
||||
| app.rb:169:19:169:25 | call to cookies |
|
||||
|
||||
@@ -110,6 +110,46 @@ class UserAPI < Grape::API
|
||||
def simple_helper
|
||||
source "simpleHelper" # Test simple helper return
|
||||
end
|
||||
|
||||
# Nested helper scenarios that require getParent+()
|
||||
module AuthHelpers
|
||||
def authenticate_user
|
||||
token = params[:token]
|
||||
source "nestedModuleHelper" # Test nested module helper
|
||||
end
|
||||
|
||||
def check_permissions(resource)
|
||||
source "nestedPermissionHelper" # Test nested module helper with params
|
||||
end
|
||||
end
|
||||
|
||||
class ValidationHelpers
|
||||
def self.validate_email(email)
|
||||
source "nestedClassHelper" # Test nested class helper
|
||||
end
|
||||
end
|
||||
|
||||
if Rails.env.development?
|
||||
def debug_helper
|
||||
source "conditionalHelper" # Test helper inside conditional block
|
||||
end
|
||||
end
|
||||
|
||||
begin
|
||||
def rescue_helper
|
||||
source "rescueHelper" # Test helper inside begin block
|
||||
end
|
||||
rescue
|
||||
# error handling
|
||||
end
|
||||
|
||||
# Helper inside a case statement
|
||||
case ENV['RACK_ENV']
|
||||
when 'test'
|
||||
def test_helper
|
||||
source "caseHelper" # Test helper inside case block
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
# Headers and cookies blocks for DSL testing
|
||||
@@ -165,4 +205,35 @@ class UserAPI < Grape::API
|
||||
user_data = user_params
|
||||
sink user_data # $ hasTaintFlow
|
||||
end
|
||||
|
||||
# Test nested helper methods
|
||||
get '/nested_test/:token' do
|
||||
# Test nested module helper
|
||||
auth_result = authenticate_user
|
||||
sink auth_result # $ hasValueFlow=nestedModuleHelper
|
||||
|
||||
# Test nested module helper with parameters
|
||||
perm_result = check_permissions("admin")
|
||||
sink perm_result # $ hasValueFlow=nestedPermissionHelper
|
||||
|
||||
# Test nested class helper
|
||||
validation_result = ValidationHelpers.validate_email("test@example.com")
|
||||
sink validation_result # $ hasValueFlow=nestedClassHelper
|
||||
|
||||
# Test conditional helper (if it exists)
|
||||
if respond_to?(:debug_helper)
|
||||
debug_result = debug_helper
|
||||
sink debug_result # $ hasValueFlow=conditionalHelper
|
||||
end
|
||||
|
||||
# Test rescue helper
|
||||
rescue_result = rescue_helper
|
||||
sink rescue_result # $ hasValueFlow=rescueHelper
|
||||
|
||||
# Test case helper (if it exists)
|
||||
if respond_to?(:test_helper)
|
||||
case_result = test_helper
|
||||
sink case_result # $ hasValueFlow=caseHelper
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user