hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: add cookies call to frameworks test

Browse Source
This commit is contained in:
Nick Rolfe
2021-12-09 12:07:04 +00:00
parent b49ca6a24c
commit f6a8b9a7e5
3 changed files with 25 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
ruby/ql/test/library-tests/frameworks/ActionController.expected
View File

@@ -2,15 +2,15 @@ actionControllerControllerClasses
| ActiveRecordInjection.rb:27:1:58:3 | FooController |
| ActiveRecordInjection.rb:60:1:90:3 | BarController |
| ActiveRecordInjection.rb:92:1:96:3 | BazController |
| app/controllers/foo/bars_controller.rb:1:1:20:3 | BarsController |
| app/controllers/foo/bars_controller.rb:3:1:25:3 | BarsController |
actionControllerActionMethods
| ActiveRecordInjection.rb:32:3:57:5 | some_request_handler |
| ActiveRecordInjection.rb:61:3:69:5 | some_other_request_handler |
| ActiveRecordInjection.rb:71:3:89:5 | safe_paths |
| ActiveRecordInjection.rb:93:3:95:5 | yet_another_handler |
| app/controllers/foo/bars_controller.rb:3:3:5:5 | index |
| app/controllers/foo/bars_controller.rb:7:3:13:5 | show_debug |
| app/controllers/foo/bars_controller.rb:15:3:19:5 | show |
| app/controllers/foo/bars_controller.rb:5:3:7:5 | index |
| app/controllers/foo/bars_controller.rb:9:3:18:5 | show_debug |
| app/controllers/foo/bars_controller.rb:20:3:24:5 | show |
paramsCalls
| ActiveRecordInjection.rb:35:30:35:35 | call to params |
| ActiveRecordInjection.rb:39:29:39:34 | call to params |
@@ -25,10 +25,10 @@ paramsCalls
| ActiveRecordInjection.rb:83:12:83:17 | call to params |
| ActiveRecordInjection.rb:88:15:88:20 | call to params |
| ActiveRecordInjection.rb:94:21:94:26 | call to params |
| app/controllers/foo/bars_controller.rb:8:21:8:26 | call to params |
| app/controllers/foo/bars_controller.rb:9:10:9:15 | call to params |
| app/controllers/foo/bars_controller.rb:16:21:16:26 | call to params |
| app/controllers/foo/bars_controller.rb:17:10:17:15 | call to params |
| app/controllers/foo/bars_controller.rb:13:21:13:26 | call to params |
| app/controllers/foo/bars_controller.rb:14:10:14:15 | call to params |
| app/controllers/foo/bars_controller.rb:21:21:21:26 | call to params |
| app/controllers/foo/bars_controller.rb:22:10:22:15 | call to params |
| app/views/foo/bars/show.html.erb:5:9:5:14 | call to params |
paramsSources
| ActiveRecordInjection.rb:35:30:35:35 | call to params |
@@ -44,17 +44,17 @@ paramsSources
| ActiveRecordInjection.rb:83:12:83:17 | call to params |
| ActiveRecordInjection.rb:88:15:88:20 | call to params |
| ActiveRecordInjection.rb:94:21:94:26 | call to params |
| app/controllers/foo/bars_controller.rb:8:21:8:26 | call to params |
| app/controllers/foo/bars_controller.rb:9:10:9:15 | call to params |
| app/controllers/foo/bars_controller.rb:16:21:16:26 | call to params |
| app/controllers/foo/bars_controller.rb:17:10:17:15 | call to params |
| app/controllers/foo/bars_controller.rb:13:21:13:26 | call to params |
| app/controllers/foo/bars_controller.rb:14:10:14:15 | call to params |
| app/controllers/foo/bars_controller.rb:21:21:21:26 | call to params |
| app/controllers/foo/bars_controller.rb:22:10:22:15 | call to params |
| app/views/foo/bars/show.html.erb:5:9:5:14 | call to params |
redirectToCalls
| app/controllers/foo/bars_controller.rb:12:5:12:30 | call to redirect_to |
| app/controllers/foo/bars_controller.rb:17:5:17:30 | call to redirect_to |
actionControllerHelperMethods
getAssociatedControllerClasses
| app/controllers/foo/bars_controller.rb:1:1:20:3 | BarsController | app/views/foo/bars/_widget.html.erb:0:0:0:0 | app/views/foo/bars/_widget.html.erb |
| app/controllers/foo/bars_controller.rb:1:1:20:3 | BarsController | app/views/foo/bars/show.html.erb:0:0:0:0 | app/views/foo/bars/show.html.erb |
| app/controllers/foo/bars_controller.rb:3:1:25:3 | BarsController | app/views/foo/bars/_widget.html.erb:0:0:0:0 | app/views/foo/bars/_widget.html.erb |
| app/controllers/foo/bars_controller.rb:3:1:25:3 | BarsController | app/views/foo/bars/show.html.erb:0:0:0:0 | app/views/foo/bars/show.html.erb |
controllerTemplateFiles
| app/controllers/foo/bars_controller.rb:1:1:20:3 | BarsController | app/views/foo/bars/_widget.html.erb:0:0:0:0 | app/views/foo/bars/_widget.html.erb |
| app/controllers/foo/bars_controller.rb:1:1:20:3 | BarsController | app/views/foo/bars/show.html.erb:0:0:0:0 | app/views/foo/bars/show.html.erb |
| app/controllers/foo/bars_controller.rb:3:1:25:3 | BarsController | app/views/foo/bars/_widget.html.erb:0:0:0:0 | app/views/foo/bars/_widget.html.erb |
| app/controllers/foo/bars_controller.rb:3:1:25:3 | BarsController | app/views/foo/bars/show.html.erb:0:0:0:0 | app/views/foo/bars/show.html.erb |

6
ruby/ql/test/library-tests/frameworks/ActionView.expected
View File

@@ -12,10 +12,10 @@ rawCalls
| app/views/foo/bars/show.html.erb:5:5:5:21 | call to raw |
| app/views/foo/bars/show.html.erb:7:5:7:19 | call to raw |
renderCalls
| app/controllers/foo/bars_controller.rb:4:5:4:37 | call to render |
| app/controllers/foo/bars_controller.rb:18:5:18:76 | call to render |
| app/controllers/foo/bars_controller.rb:6:5:6:37 | call to render |
| app/controllers/foo/bars_controller.rb:23:5:23:76 | call to render |
| app/views/foo/bars/show.html.erb:31:5:31:89 | call to render |
renderToCalls
| app/controllers/foo/bars_controller.rb:10:16:10:97 | call to render_to_string |
| app/controllers/foo/bars_controller.rb:15:16:15:97 | call to render_to_string |
linkToCalls
| app/views/foo/bars/show.html.erb:33:5:33:41 | call to link_to |

5
ruby/ql/test/library-tests/frameworks/app/controllers/foo/bars_controller.rb
View File

@@ -1,3 +1,5 @@
require 'json'
class BarsController < ApplicationController
def index
@@ -5,6 +7,9 @@ class BarsController < ApplicationController
end
def show_debug
user_info = JSON.load cookies[:user_info]
puts "User: #{user_info['name']}"
@user_website = params[:website]
dt = params[:text]
rendered = render_to_string "foo/bars/show", locals: { display_text: dt, safe_text: "hello" }