hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: Don't count private methods as Rails actions

Browse Source 
Private instance methods on ActionController classes aren't valid
request handlers. Routing to them will raise an exception.
This commit is contained in:
Harry Maclean
2021-12-07 16:25:48 +13:00
committed by Harry Maclean
parent b80a84c156
commit e1d290d4c0
4 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
View File

@@ -54,13 +54,13 @@ class ActionControllerControllerClass extends ClassDeclaration {
}
/**
* An instance method defined within an `ActionController` controller class.
* A public instance method defined within an `ActionController` controller class.
* This may be the target of a route handler, if such a route is defined.
*/
class ActionControllerActionMethod extends Method, HTTP::Server::RequestHandler::Range {
private ActionControllerControllerClass controllerClass;
ActionControllerActionMethod() { this = controllerClass.getAMethod() }
ActionControllerActionMethod() { this = controllerClass.getAMethod() and not this.isPrivate() }
/**
* Establishes a mapping between a method within the file