mirror of
https://github.com/github/codeql.git
synced 2025-12-17 09:13:20 +01:00
117 lines
2.3 KiB
Ruby
117 lines
2.3 KiB
Ruby
class ExampleController < ActionController::Base
|
|
# Should find
|
|
def example_action
|
|
if request.get?
|
|
Resource.find(id: params[:example_id])
|
|
end
|
|
end
|
|
|
|
# Should find
|
|
def other_action
|
|
method = request.env['REQUEST_METHOD']
|
|
if method == "GET"
|
|
Resource.find(id: params[:id])
|
|
end
|
|
end
|
|
|
|
# Should find
|
|
def foo
|
|
method = request.request_method
|
|
if method == "GET"
|
|
Resource.find(id: params[:id])
|
|
end
|
|
end
|
|
|
|
# Should find
|
|
def bar
|
|
method = request.method
|
|
if method == "GET"
|
|
Resource.find(id: params[:id])
|
|
end
|
|
end
|
|
|
|
# Should find
|
|
def baz
|
|
method = request.raw_request_method
|
|
if method == "GET"
|
|
Resource.find(id: params[:id])
|
|
end
|
|
end
|
|
|
|
# Should not find
|
|
def baz2
|
|
method = request.raw_request_method
|
|
if some_other_function == "GET"
|
|
Resource.find(id: params[:id])
|
|
end
|
|
end
|
|
|
|
# Should find
|
|
def foobarbaz
|
|
method = request.request_method_symbol
|
|
if method == :GET
|
|
Resource.find(id: params[:id])
|
|
end
|
|
end
|
|
|
|
# Should find
|
|
def resource_action
|
|
case request.env['REQUEST_METHOD']
|
|
when "GET"
|
|
Resource.find(id: params[:id])
|
|
when "POST"
|
|
Resource.new(id: params[:id], details: params[:details])
|
|
end
|
|
end
|
|
|
|
# Should not find
|
|
def resource_action
|
|
case request.random_method
|
|
when "GET"
|
|
Resource.find(id: params[:id])
|
|
when "POST"
|
|
Resource.new(id: params[:id], details: params[:details])
|
|
end
|
|
end
|
|
end
|
|
|
|
class SafeController < ActionController::Base
|
|
# this class should have no hits because controllers rely on conventional Rails routes
|
|
def index
|
|
Resource.find(id: params[:id])
|
|
end
|
|
|
|
def create
|
|
Resource.new(id: params[:id], details: params[:details])
|
|
end
|
|
|
|
def update
|
|
Resource.update(id: params[:id], details: params[:details])
|
|
end
|
|
|
|
def delete
|
|
s = Resource.find(id: params[:id])
|
|
s.delete
|
|
end
|
|
end
|
|
|
|
# There should be no hits from this class because it does not inherit from ActionController
|
|
class NotAController
|
|
def example_action
|
|
if request.get?
|
|
Resource.find(params[:example_id])
|
|
end
|
|
end
|
|
|
|
def resource_action
|
|
case env['REQUEST_METHOD']
|
|
when "GET"
|
|
Resource.find(params[:id])
|
|
when "POST"
|
|
Resource.new(params[:id], params[:details])
|
|
end
|
|
end
|
|
end
|
|
|
|
class Resource < ActiveRecord::Base
|
|
end |