hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: Update for upstream changes

Browse Source
This commit is contained in:
Harry Maclean
2022-11-16 14:06:32 +13:00
parent 2e2fcd49bf
commit ed3270fb04
2 changed files with 26 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
View File

@@ -559,11 +559,7 @@ private class SendFile extends FileSystemAccess::Range, Http::Server::HttpRespon
*/
class SendDataCall extends DataFlow::CallNode, Http::Server::HttpResponse::Range {
SendDataCall() {
this.getMethodName() = "send_data" and
(
this.asExpr().getExpr() instanceof ActionControllerContextCall or
this.getReceiver().asExpr().getExpr() instanceof Response::ResponseCall
)
this = [actionControllerInstance(), Response::response()].getAMethodCall("send_data")
}
override DataFlow::Node getBody() { result = this.getArgument(0) }
@@ -763,8 +759,7 @@ private module Response {
private class ActionControllerLoggerInstance extends DataFlow::Node {
ActionControllerLoggerInstance() {
this.asExpr().getExpr() instanceof ActionControllerContextCall and
this.(DataFlow::CallNode).getMethodName() = "logger"
this = actionControllerInstance().getAMethodCall("logger")
or
any(ActionControllerLoggerInstance i).(DataFlow::LocalSourceNode).flowsTo(this)
}

27
ruby/ql/test/library-tests/frameworks/action_controller/ActionController.expected
View File

@@ -4,10 +4,10 @@ actionControllerControllerClasses
| controllers/photos_controller.rb:1:1:4:3 | PhotosController |
| controllers/posts_controller.rb:1:1:10:3 | PostsController |
| controllers/tags_controller.rb:1:1:2:3 | TagsController |
| controllers/users/notifications_controller.rb:2:3:5:5 | NotificationsController |
| controllers/users/notifications_controller.rb:2:3:5:5 | Users::NotificationsController |
| input_access.rb:1:1:50:3 | UsersController |
| logging.rb:1:1:9:3 | UsersController |
| params_flow.rb:1:1:151:3 | MyController |
| params_flow.rb:1:1:162:3 | MyController |
| params_flow.rb:170:1:178:3 | Subclass |
actionControllerActionMethods
| controllers/comments_controller.rb:2:3:36:5 | index |
| controllers/comments_controller.rb:38:3:44:5 | show |
@@ -59,6 +59,9 @@ actionControllerActionMethods
| params_flow.rb:125:3:132:5 | m30 |
| params_flow.rb:134:3:141:5 | m31 |
| params_flow.rb:143:3:150:5 | m32 |
| params_flow.rb:152:3:159:5 | m33 |
| params_flow.rb:165:3:167:5 | m34 |
| params_flow.rb:171:3:173:5 | m35 |
paramsCalls
| controllers/foo/bars_controller.rb:13:21:13:26 | call to params |
| controllers/foo/bars_controller.rb:14:10:14:15 | call to params |
@@ -106,6 +109,12 @@ paramsCalls
| params_flow.rb:144:10:144:15 | call to params |
| params_flow.rb:145:32:145:37 | call to params |
| params_flow.rb:148:22:148:27 | call to params |
| params_flow.rb:153:10:153:15 | call to params |
| params_flow.rb:154:32:154:37 | call to params |
| params_flow.rb:157:22:157:27 | call to params |
| params_flow.rb:166:10:166:15 | call to params |
| params_flow.rb:172:10:172:15 | call to params |
| params_flow.rb:176:10:176:15 | call to params |
paramsSources
| controllers/foo/bars_controller.rb:13:21:13:26 | call to params |
| controllers/foo/bars_controller.rb:14:10:14:15 | call to params |
@@ -153,6 +162,12 @@ paramsSources
| params_flow.rb:144:10:144:15 | call to params |
| params_flow.rb:145:32:145:37 | call to params |
| params_flow.rb:148:22:148:27 | call to params |
| params_flow.rb:153:10:153:15 | call to params |
| params_flow.rb:154:32:154:37 | call to params |
| params_flow.rb:157:22:157:27 | call to params |
| params_flow.rb:166:10:166:15 | call to params |
| params_flow.rb:172:10:172:15 | call to params |
| params_flow.rb:176:10:176:15 | call to params |
httpInputAccesses
| controllers/comments_controller.rb:3:5:3:18 | call to params | ActionDispatch::Request#params |
| controllers/comments_controller.rb:4:5:4:22 | call to parameters | ActionDispatch::Request#parameters |
@@ -249,6 +264,12 @@ httpInputAccesses
| params_flow.rb:144:10:144:15 | call to params | ActionController::Metal#params |
| params_flow.rb:145:32:145:37 | call to params | ActionController::Metal#params |
| params_flow.rb:148:22:148:27 | call to params | ActionController::Metal#params |
| params_flow.rb:153:10:153:15 | call to params | ActionController::Metal#params |
| params_flow.rb:154:32:154:37 | call to params | ActionController::Metal#params |
| params_flow.rb:157:22:157:27 | call to params | ActionController::Metal#params |
| params_flow.rb:166:10:166:15 | call to params | ActionController::Metal#params |
| params_flow.rb:172:10:172:15 | call to params | ActionController::Metal#params |
| params_flow.rb:176:10:176:15 | call to params | ActionController::Metal#params |
cookiesCalls
| controllers/foo/bars_controller.rb:10:27:10:33 | call to cookies |
cookiesSources