Tom Hvitved
e258324960
Ruby: Allow for implicit array reads at all sinks during taint tracking
2023-09-14 09:40:05 +02:00
Tom Hvitved
a2912cd72b
Ruby: Use proper PathGraph module in inline flow tests
...
Gets rid of
```
PathNode is incompatible with PathNode (the type of the edge relation).
```
warnings.
2023-09-04 20:27:34 +02:00
Jeroen Ketema
9d573e5544
Consolidate all InlineFlowTest libraries in the dataflow qlpack
2023-08-24 21:38:46 +02:00
Jeroen Ketema
d82c3ce11a
Ruby: Rewrite InlineFlowTest as a parameterized module
2023-06-15 10:52:23 +02:00
Anders Schack-Mulligen
90f84bb516
Ruby: Update expected output.
2023-04-26 13:08:16 +02:00
Harry Maclean
ba4d0a81d5
Ruby: Simplify filter dataflow
...
This introduces some false flow (the `ThreeController` and
`FourController` examples in `filter_flow.rb`) but is simpler and
in line with how we model flow for normal method calls.
2023-02-21 19:28:53 +13:00
Harry Maclean
0a02b45ad7
Ruby: More filter flow steps
...
Add a jump step from the last self post-update node in a method to the self parameter of the
next method.
2023-02-21 19:28:26 +13:00
Harry Maclean
fae5320c3a
Ruby: Add filter flow tests
2023-02-21 19:27:53 +13:00
Harry Maclean
ae3d91b546
Ruby: First draft of rails callback flow
2023-02-21 19:26:36 +13:00
Harry Maclean
4e07fd3eb1
Ruby: Model ApplicationController.renderer
2023-02-19 13:37:27 +13:00
Harry Maclean
c99a096c9b
Ruby: Update test fixtures
2023-01-31 11:27:19 +13:00
Harry Maclean
708e303c01
Ruby: Model except: with a const argument
2023-01-30 21:17:31 +13:00
Harry Maclean
246ad46eb1
Ruby: Account for filter skip ordering
...
A `skip_*_filter :foo` call only has an effect if there was an earlier
call that registered `:foo` as a filter.
2023-01-30 18:50:30 +13:00
Harry Maclean
a164e76a5d
Ruby: Model actioncontroller filter overrides
...
If a filter is registered twice with the same name, the last
registration wins.
2023-01-30 18:05:22 +13:00
Harry Maclean
fb86ef4aac
Ruby: Model ActionController filters
...
ActionController filters provide a way to register callbacks that run
before, after or around an action (i.e. HTTP request handler). They run
in the same class context as the action, so can get/set instance
variables and generally interact with the action in arbitrary ways.
In order to track flow between filters and actions, we have to model the
callback chain. This commit does that. A later change will add dataflow
steps to actually track flow through the chain.
2023-01-30 17:41:36 +13:00
Harry Maclean
ed3270fb04
Ruby: Update for upstream changes
2022-11-16 14:06:32 +13:00
Harry Maclean
d2c0250b41
Ruby: Model ActionDispatch::Request#body_stream
2022-11-16 13:46:51 +13:00
Harry Maclean
9f357837fa
Ruby: Model send_data as an HTTP response
2022-11-16 13:46:51 +13:00
Harry Maclean
5cfc494e16
Ruby: Test render inside redirect_to
...
This test shows that we correctly identify redirect_to and render calls
inside respond_to blocks.
2022-11-16 13:46:51 +13:00
Harry Maclean
155b64d3fc
Ruby: Add test for render calls
2022-11-16 13:46:51 +13:00
Harry Maclean
b7e14311be
Ruby: Model ActionController logger
2022-11-16 13:46:50 +13:00
Harry Maclean
27681ac987
Ruby: Move ActionController tests to own directory
2022-11-16 13:46:49 +13:00
Nick Rolfe
0d9aa0cdac
Ruby: fix clashing method names from merge conflict
2022-11-09 17:06:43 +00:00
Nick Rolfe
c8c53cb424
Merge remote-tracking branch 'origin/main' into nickrolfe/active_support_flow_summaries
2022-11-09 17:02:05 +00:00
Nick Rolfe
04575674db
Ruby: generalise summaries for ActiveSupport Hash extensions
2022-11-08 15:48:20 +00:00
Asger F
b4b34cc994
Ruby: port part of ActionController model
2022-10-31 13:33:41 +01:00
Harry Maclean
e6dc27a7b5
Add content_mime_type, fix env/filtered_env
2022-10-14 19:49:22 +13:00
Nick Rolfe
a6674a5313
Ruby: fix uses of deprecated class name
2022-10-07 13:17:05 +01:00
Harry Maclean
a5998fbe4d
Ruby: Model ActionController::Parameters
...
Add flow summaries for methods on ActionController::Parameters,
which mostly propagate taint from receiver to return value.
2022-10-03 09:45:59 +13:00
