hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: add a test case for ActiveRecord dynamic finder methods

Browse Source
This commit is contained in:
Alex Ford
2022-06-16 11:28:55 +01:00
parent 56bf977498
commit c44a68613a
3 changed files with 45 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
ruby/ql/test/library-tests/frameworks/ActionController.expected
View File

@@ -1,17 +1,17 @@
actionControllerControllerClasses
| ActiveRecord.rb:23:1:37:3 | FooController |
| ActiveRecord.rb:39:1:62:3 | BarController |
| ActiveRecord.rb:64:1:68:3 | BazController |
| ActiveRecord.rb:23:1:39:3 | FooController |
| ActiveRecord.rb:41:1:64:3 | BarController |
| ActiveRecord.rb:66:1:70:3 | BazController |
| app/controllers/comments_controller.rb:1:1:7:3 | CommentsController |
| app/controllers/foo/bars_controller.rb:3:1:31:3 | BarsController |
| app/controllers/photos_controller.rb:1:1:4:3 | PhotosController |
| app/controllers/posts_controller.rb:1:1:10:3 | PostsController |
| app/controllers/users/notifications_controller.rb:2:3:5:5 | NotificationsController |
actionControllerActionMethods
| ActiveRecord.rb:27:3:36:5 | some_request_handler |
| ActiveRecord.rb:40:3:45:5 | some_other_request_handler |
| ActiveRecord.rb:47:3:61:5 | safe_paths |
| ActiveRecord.rb:65:3:67:5 | yet_another_handler |
| ActiveRecord.rb:27:3:38:5 | some_request_handler |
| ActiveRecord.rb:42:3:47:5 | some_other_request_handler |
| ActiveRecord.rb:49:3:63:5 | safe_paths |
| ActiveRecord.rb:67:3:69:5 | yet_another_handler |
| app/controllers/comments_controller.rb:2:3:3:5 | index |
| app/controllers/comments_controller.rb:5:3:6:5 | show |
| app/controllers/foo/bars_controller.rb:5:3:7:5 | index |
@@ -30,12 +30,12 @@ paramsCalls
| ActiveRecord.rb:34:34:34:39 | call to params |
| ActiveRecord.rb:35:23:35:28 | call to params |
| ActiveRecord.rb:35:38:35:43 | call to params |
| ActiveRecord.rb:41:10:41:15 | call to params |
| ActiveRecord.rb:48:11:48:16 | call to params |
| ActiveRecord.rb:52:12:52:17 | call to params |
| ActiveRecord.rb:57:12:57:17 | call to params |
| ActiveRecord.rb:60:15:60:20 | call to params |
| ActiveRecord.rb:66:21:66:26 | call to params |
| ActiveRecord.rb:43:10:43:15 | call to params |
| ActiveRecord.rb:50:11:50:16 | call to params |
| ActiveRecord.rb:54:12:54:17 | call to params |
| ActiveRecord.rb:59:12:59:17 | call to params |
| ActiveRecord.rb:62:15:62:20 | call to params |
| ActiveRecord.rb:68:21:68:26 | call to params |
| app/controllers/foo/bars_controller.rb:13:21:13:26 | call to params |
| app/controllers/foo/bars_controller.rb:14:10:14:15 | call to params |
| app/controllers/foo/bars_controller.rb:21:21:21:26 | call to params |
@@ -49,12 +49,12 @@ paramsSources
| ActiveRecord.rb:34:34:34:39 | call to params |
| ActiveRecord.rb:35:23:35:28 | call to params |
| ActiveRecord.rb:35:38:35:43 | call to params |
| ActiveRecord.rb:41:10:41:15 | call to params |
| ActiveRecord.rb:48:11:48:16 | call to params |
| ActiveRecord.rb:52:12:52:17 | call to params |
| ActiveRecord.rb:57:12:57:17 | call to params |
| ActiveRecord.rb:60:15:60:20 | call to params |
| ActiveRecord.rb:66:21:66:26 | call to params |
| ActiveRecord.rb:43:10:43:15 | call to params |
| ActiveRecord.rb:50:11:50:16 | call to params |
| ActiveRecord.rb:54:12:54:17 | call to params |
| ActiveRecord.rb:59:12:59:17 | call to params |
| ActiveRecord.rb:62:15:62:20 | call to params |
| ActiveRecord.rb:68:21:68:26 | call to params |
| app/controllers/foo/bars_controller.rb:13:21:13:26 | call to params |
| app/controllers/foo/bars_controller.rb:14:10:14:15 | call to params |
| app/controllers/foo/bars_controller.rb:21:21:21:26 | call to params |

44
ruby/ql/test/library-tests/frameworks/ActiveRecord.expected
View File

@@ -5,11 +5,12 @@ activeRecordModelClasses
activeRecordInstances
| ActiveRecord.rb:9:5:9:68 | call to find |
| ActiveRecord.rb:13:5:13:40 | call to find_by |
| ActiveRecord.rb:53:5:55:7 | if ... |
| ActiveRecord.rb:53:43:54:40 | then ... |
| ActiveRecord.rb:54:7:54:40 | call to find_by |
| ActiveRecord.rb:58:5:58:33 | call to find_by |
| ActiveRecord.rb:60:5:60:34 | call to find |
| ActiveRecord.rb:36:5:36:30 | call to find_by_name |
| ActiveRecord.rb:55:5:57:7 | if ... |
| ActiveRecord.rb:55:43:56:40 | then ... |
| ActiveRecord.rb:56:7:56:40 | call to find_by |
| ActiveRecord.rb:60:5:60:33 | call to find_by |
| ActiveRecord.rb:62:5:62:34 | call to find |
activeRecordSqlExecutionRanges
| ActiveRecord.rb:9:33:9:67 | "name='#{...}' and pass='#{...}'" |
| ActiveRecord.rb:19:16:19:24 | condition |
@@ -18,9 +19,9 @@ activeRecordSqlExecutionRanges
| ActiveRecord.rb:30:22:30:44 | "id = '#{...}'" |
| ActiveRecord.rb:31:16:31:21 | <<-SQL |
| ActiveRecord.rb:34:20:34:47 | "user.id = '#{...}'" |
| ActiveRecord.rb:44:20:44:32 | ... + ... |
| ActiveRecord.rb:50:16:50:28 | "name #{...}" |
| ActiveRecord.rb:54:20:54:39 | "username = #{...}" |
| ActiveRecord.rb:46:20:46:32 | ... + ... |
| ActiveRecord.rb:52:16:52:28 | "name #{...}" |
| ActiveRecord.rb:56:20:56:39 | "username = #{...}" |
activeRecordModelClassMethodCalls
| ActiveRecord.rb:2:3:2:17 | call to has_many |
| ActiveRecord.rb:6:3:6:24 | call to belongs_to |
@@ -35,12 +36,14 @@ activeRecordModelClassMethodCalls
| ActiveRecord.rb:34:5:34:14 | call to where |
| ActiveRecord.rb:34:5:34:48 | call to not |
| ActiveRecord.rb:35:5:35:51 | call to authenticate |
| ActiveRecord.rb:44:5:44:33 | call to delete_by |
| ActiveRecord.rb:50:5:50:29 | call to order |
| ActiveRecord.rb:54:7:54:40 | call to find_by |
| ActiveRecord.rb:58:5:58:33 | call to find_by |
| ActiveRecord.rb:60:5:60:34 | call to find |
| ActiveRecord.rb:66:5:66:45 | call to delete_by |
| ActiveRecord.rb:36:5:36:30 | call to find_by_name |
| ActiveRecord.rb:37:5:37:36 | call to not_a_find_by_method |
| ActiveRecord.rb:46:5:46:33 | call to delete_by |
| ActiveRecord.rb:52:5:52:29 | call to order |
| ActiveRecord.rb:56:7:56:40 | call to find_by |
| ActiveRecord.rb:60:5:60:33 | call to find_by |
| ActiveRecord.rb:62:5:62:34 | call to find |
| ActiveRecord.rb:68:5:68:45 | call to delete_by |
potentiallyUnsafeSqlExecutingMethodCall
| ActiveRecord.rb:9:5:9:68 | call to find |
| ActiveRecord.rb:19:5:19:25 | call to destroy_by |
@@ -49,12 +52,13 @@ potentiallyUnsafeSqlExecutingMethodCall
| ActiveRecord.rb:30:5:30:46 | call to destroy_by |
| ActiveRecord.rb:31:5:31:35 | call to where |
| ActiveRecord.rb:34:5:34:48 | call to not |
| ActiveRecord.rb:44:5:44:33 | call to delete_by |
| ActiveRecord.rb:50:5:50:29 | call to order |
| ActiveRecord.rb:54:7:54:40 | call to find_by |
| ActiveRecord.rb:46:5:46:33 | call to delete_by |
| ActiveRecord.rb:52:5:52:29 | call to order |
| ActiveRecord.rb:56:7:56:40 | call to find_by |
activeRecordModelInstantiations
| ActiveRecord.rb:9:5:9:68 | call to find | ActiveRecord.rb:5:1:15:3 | User |
| ActiveRecord.rb:13:5:13:40 | call to find_by | ActiveRecord.rb:1:1:3:3 | UserGroup |
| ActiveRecord.rb:54:7:54:40 | call to find_by | ActiveRecord.rb:5:1:15:3 | User |
| ActiveRecord.rb:58:5:58:33 | call to find_by | ActiveRecord.rb:5:1:15:3 | User |
| ActiveRecord.rb:60:5:60:34 | call to find | ActiveRecord.rb:5:1:15:3 | User |
| ActiveRecord.rb:36:5:36:30 | call to find_by_name | ActiveRecord.rb:5:1:15:3 | User |
| ActiveRecord.rb:56:7:56:40 | call to find_by | ActiveRecord.rb:5:1:15:3 | User |
| ActiveRecord.rb:60:5:60:33 | call to find_by | ActiveRecord.rb:5:1:15:3 | User |
| ActiveRecord.rb:62:5:62:34 | call to find | ActiveRecord.rb:5:1:15:3 | User |

2
ruby/ql/test/library-tests/frameworks/ActiveRecord.rb
View File

@@ -33,6 +33,8 @@ class FooController < ActionController::Base
SQL
User.where.not("user.id = '#{params[:id]}'")
User.authenticate(params[:name], params[:pass])
User.find_by_name("alice")
User.not_a_find_by_method("bob")
end
end