Ruby: Model remote input for ActionMailbox

2026-04-29 02:35:15 +02:00 · 2022-11-23 12:57:06 +13:00
parent 375403fb9d
commit eac5aa26ee
5 changed files with 110 additions and 0 deletions
--- a/ruby/ql/test/library-tests/frameworks/action_mailbox/ActionMailbox.expected
+++ b/ruby/ql/test/library-tests/frameworks/action_mailbox/ActionMailbox.expected
@@ -0,0 +1,13 @@
+processMethods
+| action_mailbox.rb:2:3:5:5 | process |
+| action_mailbox.rb:13:5:15:7 | process |
+messageInstances
+| action_mailbox.rb:3:5:3:8 | call to mail |
+| action_mailbox.rb:4:5:4:8 | call to mail |
+| action_mailbox.rb:8:5:8:8 | call to mail |
+| action_mailbox.rb:14:9:14:12 | call to mail |
+remoteContent
+| action_mailbox.rb:3:5:3:13 | call to body |
+| action_mailbox.rb:4:5:4:11 | call to to |
+| action_mailbox.rb:8:5:8:18 | call to text_part |
+| action_mailbox.rb:14:9:14:23 | call to raw_source |
--- a/ruby/ql/test/library-tests/frameworks/action_mailbox/ActionMailbox.ql
+++ b/ruby/ql/test/library-tests/frameworks/action_mailbox/ActionMailbox.ql
@@ -0,0 +1,8 @@
+private import codeql.ruby.frameworks.ActionMailbox
+private import codeql.ruby.DataFlow
+
+query predicate processMethods(ActionMailbox::Process p) { any() }
+
+query predicate messageInstances(ActionMailbox::Mail::Message c) { any() }
+
+query predicate remoteContent(ActionMailbox::Mail::RemoteContent r) { any() }
--- a/ruby/ql/test/library-tests/frameworks/action_mailbox/action_mailbox.rb
+++ b/ruby/ql/test/library-tests/frameworks/action_mailbox/action_mailbox.rb
@@ -0,0 +1,22 @@
+class A < ActionMailbox::Base
+  def process
+    mail.body
+    mail.to
+  end
+
+  def other_method
+    mail.text_part
+  end
+end
+
+class B < A
+    def process
+        mail.raw_source
+    end
+end
+
+class C # not a mailbox class
+    def process
+        mail.subject
+    end
+end