File tree Expand file tree Collapse file tree
ruby/ql/test/library-tests/frameworks/action_controller Expand file tree Collapse file tree Original file line number Diff line number Diff line change 99class OneController < ActionController ::Base
1010 before_action :a
1111 after_action :c
12-
12+
1313 def a
1414 @foo = params [ :foo ]
1515 end
@@ -18,14 +18,14 @@ def b
1818 end
1919
2020 def c
21- sink @foo
21+ sink @foo # $ hasTaintFlow
2222 end
2323end
2424
2525class TwoController < ActionController ::Base
2626 before_action :a
2727 after_action :c
28-
28+
2929 def a
3030 @foo = params [ :foo ]
3131 end
@@ -35,14 +35,14 @@ def b
3535 end
3636
3737 def c
38- sink @foo
38+ sink @foo # $ SPURIOUS: hasTaintFlow
3939 end
4040end
4141
4242class ThreeController < ActionController ::Base
4343 before_action :a
4444 after_action :c
45-
45+
4646 def a
4747 @foo = params [ :foo ]
4848 @foo = "safe"
@@ -52,14 +52,14 @@ def b
5252 end
5353
5454 def c
55- sink @foo
55+ sink @foo # $ SPURIOUS: hasTaintFlow
5656 end
5757end
5858
5959class FourController < ActionController ::Base
6060 before_action :a
6161 after_action :c
62-
62+
6363 def a
6464 @foo . bar = params [ :foo ]
6565 end
@@ -68,14 +68,14 @@ def b
6868 end
6969
7070 def c
71- sink ( @foo . bar )
71+ sink ( @foo . bar ) # $ hasTaintFlow
7272 end
7373end
7474
7575class FiveController < ActionController ::Base
7676 before_action :a
7777 after_action :c
78-
78+
7979 def a
8080 self . taint_foo
8181 end
@@ -84,10 +84,10 @@ def b
8484 end
8585
8686 def c
87- sink @foo
87+ sink @foo # $ hasTaintFlow
8888 end
89-
89+
9090 def taint_foo
9191 @foo = params [ :foo ]
9292 end
93- end
93+ end
Original file line number Diff line number Diff line change @@ -270,11 +270,6 @@ nodes
270270| params_flow.rb:205:10:205:10 | a | semmle.label | a |
271271subpaths
272272testFailures
273- | filter_flow.rb:21:10:21:13 | @foo | Unexpected result: hasTaintFlow |
274- | filter_flow.rb:38:10:38:13 | @foo | Unexpected result: hasTaintFlow |
275- | filter_flow.rb:55:10:55:13 | @foo | Unexpected result: hasTaintFlow |
276- | filter_flow.rb:71:10:71:17 | call to bar | Unexpected result: hasTaintFlow |
277- | filter_flow.rb:87:11:87:14 | @foo | Unexpected result: hasTaintFlow |
278273#select
279274| filter_flow.rb:21:10:21:13 | @foo | filter_flow.rb:14:12:14:17 | call to params | filter_flow.rb:21:10:21:13 | @foo | $@ | filter_flow.rb:14:12:14:17 | call to params | call to params |
280275| filter_flow.rb:38:10:38:13 | @foo | filter_flow.rb:30:12:30:17 | call to params | filter_flow.rb:38:10:38:13 | @foo | $@ | filter_flow.rb:30:12:30:17 | call to params | call to params |
You can’t perform that action at this time.
0 commit comments