hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: Fix tests and qldoc

Browse Source
This commit is contained in:
Harry Maclean
2023-03-13 20:32:37 +13:00
parent 071517c74b
commit e80ff4efba
4 changed files with 20 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
ruby/ql/test/library-tests/frameworks/sinatra/Flow.expected
View File

@@ -6,12 +6,19 @@ edges
| app.rb:75:12:75:24 | ...[...] : | app.rb:75:5:75:8 | [post] self [@foo] : |
| app.rb:76:32:76:35 | @foo : | views/index.erb:2:10:2:12 | call to foo |
| app.rb:76:32:76:35 | self [@foo] : | app.rb:76:32:76:35 | @foo : |
| app.rb:95:10:95:14 | self [@user] : | app.rb:95:10:95:14 | @user |
| app.rb:103:5:103:9 | [post] self [@user] : | app.rb:95:10:95:14 | self [@user] : |
| app.rb:103:13:103:22 | call to source : | app.rb:103:5:103:9 | [post] self [@user] : |
nodes
| app.rb:75:5:75:8 | [post] self [@foo] : | semmle.label | [post] self [@foo] : |
| app.rb:75:12:75:17 | call to params : | semmle.label | call to params : |
| app.rb:75:12:75:24 | ...[...] : | semmle.label | ...[...] : |
| app.rb:76:32:76:35 | @foo : | semmle.label | @foo : |
| app.rb:76:32:76:35 | self [@foo] : | semmle.label | self [@foo] : |
| app.rb:95:10:95:14 | @user | semmle.label | @user |
| app.rb:95:10:95:14 | self [@user] : | semmle.label | self [@user] : |
| app.rb:103:5:103:9 | [post] self [@user] : | semmle.label | [post] self [@user] : |
| app.rb:103:13:103:22 | call to source : | semmle.label | call to source : |
| views/index.erb:2:10:2:12 | call to foo | semmle.label | call to foo |
subpaths
#select

8
ruby/ql/test/library-tests/frameworks/sinatra/Flow.ql
View File

@@ -8,6 +8,12 @@ import PathGraph
import codeql.ruby.frameworks.Sinatra
import codeql.ruby.Concepts
from DataFlow::PathNode source, DataFlow::PathNode sink, DefaultTaintFlowConf conf
class SinatraConf extends DefaultTaintFlowConf {
override predicate isSource(DataFlow::Node source) {
source instanceof Http::Server::RequestInputAccess::Range
}
}
from DataFlow::PathNode source, DataFlow::PathNode sink, SinatraConf conf
where conf.hasFlowPath(source, sink)
select sink, source, sink, "$@", source, source.toString()

2
ruby/ql/test/library-tests/frameworks/sinatra/app.rb
View File

@@ -92,7 +92,7 @@ class MyApp < Sinatra::Base
end
get "/home" do
sink @user # $ hasTaintFlow=a
sink @user # $ hasValueFlow=a
end
after do