hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 17:25:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

model some ActionController user input sources (params)

Browse Source
This commit is contained in:
Alex Ford
2021-06-15 12:48:03 +01:00
parent 9227f3a0c3
commit 5941eb2be4
3 changed files with 113 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
ql/test/library-tests/frameworks/ActionController.expected Normal file
View File

@@ -0,0 +1,18 @@
actionControllerControllerClasses
| ActiveRecordInjection.rb:12:1:34:3 | FooController |
| ActiveRecordInjection.rb:37:1:48:3 | BarController |
| ActiveRecordInjection.rb:50:1:51:3 | BazController |
actionControllerParamsCalls
| ActiveRecordInjection.rb:19:30:19:35 | call to params |
| ActiveRecordInjection.rb:22:29:22:34 | call to params |
| ActiveRecordInjection.rb:25:31:25:36 | call to params |
| ActiveRecordInjection.rb:29:20:29:25 | call to params |
| ActiveRecordInjection.rb:32:48:32:53 | call to params |
| ActiveRecordInjection.rb:40:10:40:15 | call to params |
actionControllerParamsSources
| ActiveRecordInjection.rb:19:30:19:35 | call to params |
| ActiveRecordInjection.rb:22:29:22:34 | call to params |
| ActiveRecordInjection.rb:25:31:25:36 | call to params |
| ActiveRecordInjection.rb:29:20:29:25 | call to params |
| ActiveRecordInjection.rb:32:48:32:53 | call to params |
| ActiveRecordInjection.rb:40:10:40:15 | call to params |

8
ql/test/library-tests/frameworks/ActionController.ql Normal file
View File

@@ -0,0 +1,8 @@
import codeql_ruby.controlflow.CfgNodes
import codeql_ruby.frameworks.ActionController
query predicate actionControllerControllerClasses(ActionControllerControllerClass cls) { any() }
query predicate actionControllerParamsCalls(ActionControllerParamsCall call) { any() }
query predicate actionControllerParamsSources(ActionControllerParamsSource source) { any() }