mirror of
https://github.com/github/codeql.git
synced 2026-06-29 16:47:09 +02:00
Ruby: Address more inline expectation testFailures.
This commit is contained in:
@@ -9,7 +9,7 @@ end
|
||||
class OneController < ActionController::Base
|
||||
before_action :a
|
||||
after_action :c
|
||||
|
||||
|
||||
def a
|
||||
@foo = params[:foo]
|
||||
end
|
||||
@@ -18,14 +18,14 @@ class OneController < ActionController::Base
|
||||
end
|
||||
|
||||
def c
|
||||
sink @foo
|
||||
sink @foo # $ hasTaintFlow
|
||||
end
|
||||
end
|
||||
|
||||
class TwoController < ActionController::Base
|
||||
before_action :a
|
||||
after_action :c
|
||||
|
||||
|
||||
def a
|
||||
@foo = params[:foo]
|
||||
end
|
||||
@@ -35,14 +35,14 @@ class TwoController < ActionController::Base
|
||||
end
|
||||
|
||||
def c
|
||||
sink @foo
|
||||
sink @foo # $ SPURIOUS: hasTaintFlow
|
||||
end
|
||||
end
|
||||
|
||||
class ThreeController < ActionController::Base
|
||||
before_action :a
|
||||
after_action :c
|
||||
|
||||
|
||||
def a
|
||||
@foo = params[:foo]
|
||||
@foo = "safe"
|
||||
@@ -52,14 +52,14 @@ class ThreeController < ActionController::Base
|
||||
end
|
||||
|
||||
def c
|
||||
sink @foo
|
||||
sink @foo # $ SPURIOUS: hasTaintFlow
|
||||
end
|
||||
end
|
||||
|
||||
class FourController < ActionController::Base
|
||||
before_action :a
|
||||
after_action :c
|
||||
|
||||
|
||||
def a
|
||||
@foo.bar = params[:foo]
|
||||
end
|
||||
@@ -68,14 +68,14 @@ class FourController < ActionController::Base
|
||||
end
|
||||
|
||||
def c
|
||||
sink(@foo.bar)
|
||||
sink(@foo.bar) # $ hasTaintFlow
|
||||
end
|
||||
end
|
||||
|
||||
class FiveController < ActionController::Base
|
||||
before_action :a
|
||||
after_action :c
|
||||
|
||||
|
||||
def a
|
||||
self.taint_foo
|
||||
end
|
||||
@@ -84,10 +84,10 @@ class FiveController < ActionController::Base
|
||||
end
|
||||
|
||||
def c
|
||||
sink @foo
|
||||
sink @foo # $ hasTaintFlow
|
||||
end
|
||||
|
||||
|
||||
def taint_foo
|
||||
@foo = params[:foo]
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -270,11 +270,6 @@ nodes
|
||||
| params_flow.rb:205:10:205:10 | a | semmle.label | a |
|
||||
subpaths
|
||||
testFailures
|
||||
| filter_flow.rb:21:10:21:13 | @foo | Unexpected result: hasTaintFlow |
|
||||
| filter_flow.rb:38:10:38:13 | @foo | Unexpected result: hasTaintFlow |
|
||||
| filter_flow.rb:55:10:55:13 | @foo | Unexpected result: hasTaintFlow |
|
||||
| filter_flow.rb:71:10:71:17 | call to bar | Unexpected result: hasTaintFlow |
|
||||
| filter_flow.rb:87:11:87:14 | @foo | Unexpected result: hasTaintFlow |
|
||||
#select
|
||||
| filter_flow.rb:21:10:21:13 | @foo | filter_flow.rb:14:12:14:17 | call to params | filter_flow.rb:21:10:21:13 | @foo | $@ | filter_flow.rb:14:12:14:17 | call to params | call to params |
|
||||
| filter_flow.rb:38:10:38:13 | @foo | filter_flow.rb:30:12:30:17 | call to params | filter_flow.rb:38:10:38:13 | @foo | $@ | filter_flow.rb:30:12:30:17 | call to params | call to params |
|
||||
|
||||
Reference in New Issue
Block a user