ruby: rack responses implement are HTTP responses

2026-04-29 18:55:14 +02:00 · 2023-05-16 16:40:41 +01:00
parent c87c266871
commit f8d2cbbe79
3 changed files with 36 additions and 17 deletions
--- a/ruby/ql/test/library-tests/frameworks/rack/Rack.expected
+++ b/ruby/ql/test/library-tests/frameworks/rack/Rack.expected
@@ -6,6 +6,7 @@ rackApps
 rackResponseStatusCodes
 | rack.rb:7:5:7:63 | call to [] | 200 |
 | rack.rb:7:5:7:63 | call to [] | 500 |
-| rack.rb:39:5:39:13 | call to [] | 1 |
+| rack.rb:18:5:18:27 | call to [] | <unknown> |
+| rack.rb:33:5:33:26 | call to [] | <unknown> |
 | rack.rb:56:7:56:22 | call to [] | 200 |
 | rack.rb:63:5:63:21 | call to [] | 400 |
--- a/ruby/ql/test/library-tests/frameworks/rack/Rack.ql
+++ b/ruby/ql/test/library-tests/frameworks/rack/Rack.ql
@@ -3,6 +3,8 @@ private import codeql.ruby.DataFlow

 query predicate rackApps(Rack::AppCandidate c, DataFlow::ParameterNode env) { env = c.getEnv() }

-query predicate rackResponseStatusCodes(Rack::ResponseNode resp, int status) {
-  status = resp.getAStatusCode()
+query predicate rackResponseStatusCodes(Rack::ResponseNode resp, string status) {
+  if exists(resp.getAStatusCode())
+  then status = resp.getAStatusCode().toString()
+  else status = "<unknown>"
 }