Harry Maclean
7ef6ffbc54
Ruby: Recognise Rails render calls as HTTP responses
2022-08-16 14:03:26 +12:00
Harry Maclean
83393dc195
Ruby: Recognise more AR write accesses
...
This change means we recognise calls like
```rb
User.create(params)
User.update(id, params)
```
as instances of `PersistentWriteAccess`.
2022-08-04 17:22:46 +12:00
Harry Maclean
7ed81db32d
Ruby: Move ActiveRecord tests to new directory
2022-08-04 17:22:46 +12:00
thiggy1342
e8e8da1b31
fix lib test expect for ActionController
2022-07-08 19:01:01 +00:00
Harry Maclean
7dfab371f6
Ruby: Model redirect_back and redirect_back_or_to
...
These are ActionController methods that redirect to the HTTP Referer,
falling back to the given location if there is no Referer.
2022-06-20 13:36:02 +12:00
Alex Ford
c44a68613a
Ruby: add a test case for ActiveRecord dynamic finder methods
2022-06-16 11:29:56 +01:00
Alex Ford
56bf977498
Ruby: trim some SQLi related comments from ActiveRecord.rb
2022-06-16 11:29:56 +01:00
Alex Ford
de486baf4a
Ruby: rename ActiveRecord.rb test case file
2022-06-16 11:29:56 +01:00
Harry Maclean
870c6d7412
Ruby: Rails route resolution
...
Add `Route` classes which model Rails routing information, typically
defined in a `routes.rb` file. We extract only the most basic
information: HTTP method, path, controller and action. This is enough to
determine whether a given controller method is a route handler, and what
HTTP method it handles, which is useful for, among other things, the URL
redirect query.
2022-02-02 16:26:19 +13:00
Harry Maclean
e1d290d4c0
Ruby: Don't count private methods as Rails actions
...
Private instance methods on ActionController classes aren't valid
request handlers. Routing to them will raise an exception.
2021-12-13 15:36:55 +13:00
Nick Rolfe
d46564caa6
Ruby: treat ActionController#cookies as a remote flow source
2021-12-09 12:13:17 +00:00
Nick Rolfe
f6a8b9a7e5
Ruby: add cookies call to frameworks test
2021-12-09 12:07:04 +00:00
Arthur Baars
976daddd36
Move files to ruby subfolder
2021-10-15 11:47:28 +02:00
