From 2af00a0be9fa0ba9fc02eb0049793837286d618f Mon Sep 17 00:00:00 2001
From: Harry Maclean <hmac@github.com>
Date: Thu, 4 Jan 2024 12:31:13 +0000
Subject: [PATCH] Add test for erb flow

---
 .../ql/test/library-tests/dataflow/erb/erb.expected |  5 +++++
 ruby/ql/test/library-tests/dataflow/erb/erb.ql      | 13 +++++++++++++
 ruby/ql/test/library-tests/dataflow/erb/main.rb     |  7 +++++++
 ruby/ql/test/library-tests/dataflow/erb/view.erb    |  1 +
 ruby/ql/test/library-tests/dataflow/erb/view.rb     |  9 +++++++++
 5 files changed, 35 insertions(+)
 create mode 100644 ruby/ql/test/library-tests/dataflow/erb/erb.expected
 create mode 100644 ruby/ql/test/library-tests/dataflow/erb/erb.ql
 create mode 100644 ruby/ql/test/library-tests/dataflow/erb/main.rb
 create mode 100644 ruby/ql/test/library-tests/dataflow/erb/view.erb
 create mode 100644 ruby/ql/test/library-tests/dataflow/erb/view.rb

diff --git a/ruby/ql/test/library-tests/dataflow/erb/erb.expected b/ruby/ql/test/library-tests/dataflow/erb/erb.expected
new file mode 100644
index 00000000000..cf6472ea6de
--- /dev/null
+++ b/ruby/ql/test/library-tests/dataflow/erb/erb.expected
@@ -0,0 +1,5 @@
+testFailures
+edges
+nodes
+subpaths
+#select
diff --git a/ruby/ql/test/library-tests/dataflow/erb/erb.ql b/ruby/ql/test/library-tests/dataflow/erb/erb.ql
new file mode 100644
index 00000000000..ffa56c6a80d
--- /dev/null
+++ b/ruby/ql/test/library-tests/dataflow/erb/erb.ql
@@ -0,0 +1,13 @@
+/**
+ * @kind path-problem
+ */
+
+import codeql.ruby.AST
+import codeql.ruby.CFG
+import TestUtilities.InlineFlowTest
+import ValueFlowTest<DefaultFlowConfig>
+import ValueFlow::PathGraph
+
+from ValueFlow::PathNode source, ValueFlow::PathNode sink
+where ValueFlow::flowPath(source, sink)
+select sink, source, sink, "$@", source, source.toString()
\ No newline at end of file
diff --git a/ruby/ql/test/library-tests/dataflow/erb/main.rb b/ruby/ql/test/library-tests/dataflow/erb/main.rb
new file mode 100644
index 00000000000..f8ebb386d9b
--- /dev/null
+++ b/ruby/ql/test/library-tests/dataflow/erb/main.rb
@@ -0,0 +1,7 @@
+class App
+    def run
+        x = source(1)
+        view = View.new(x)
+        render(view)
+    end
+end
\ No newline at end of file
diff --git a/ruby/ql/test/library-tests/dataflow/erb/view.erb b/ruby/ql/test/library-tests/dataflow/erb/view.erb
new file mode 100644
index 00000000000..383ed98b083
--- /dev/null
+++ b/ruby/ql/test/library-tests/dataflow/erb/view.erb
@@ -0,0 +1 @@
+<%= foo() %>
\ No newline at end of file
diff --git a/ruby/ql/test/library-tests/dataflow/erb/view.rb b/ruby/ql/test/library-tests/dataflow/erb/view.rb
new file mode 100644
index 00000000000..18bcc69df2d
--- /dev/null
+++ b/ruby/ql/test/library-tests/dataflow/erb/view.rb
@@ -0,0 +1,9 @@
+class View
+    def initialize(x)
+        @x = x
+    end
+
+    def foo
+        sink(@x) # $ hasValueFlow=1
+    end
+end
\ No newline at end of file