Skip to content

Commit 58d7af4

Browse files
hmachmac
committed
Ruby: Move ActionView tests into their own dir
This ensures that changes to unrelated test files don't affect these tests.
1 parent 7642245 commit 58d7af4

25 files changed

+382
-81
lines changed

ruby/ql/test/library-tests/frameworks/ActionView.expected

Lines changed: 0 additions & 58 deletions
This file was deleted.

ruby/ql/test/library-tests/frameworks/ActionView.ql

Lines changed: 0 additions & 21 deletions
This file was deleted.

ruby/ql/test/library-tests/frameworks/action_view/ActionView.expected

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1 +1,44 @@
1+
fileSystemResolverAccesses
12
| ActionView.rb:5:39:5:92 | call to new | ActionView.rb:5:74:5:82 | view_path |
3+
| app/controllers/comments_controller.rb:21:5:21:37 | call to send_file | app/controllers/comments_controller.rb:21:24:21:36 | "my-file.ext" |
4+
| app/controllers/foo/bars_controller.rb:1:1:1:14 | call to require | app/controllers/foo/bars_controller.rb:1:9:1:14 | "json" |
5+
rawCalls
6+
| app/views/foo/bars/_widget.html.erb:1:5:1:21 | call to raw |
7+
| app/views/foo/bars/_widget.html.erb:2:5:2:20 | call to raw |
8+
| app/views/foo/bars/_widget.html.erb:3:5:3:29 | call to raw |
9+
| app/views/foo/bars/show.html.erb:1:14:1:29 | call to raw |
10+
| app/views/foo/bars/show.html.erb:2:5:2:21 | call to raw |
11+
| app/views/foo/bars/show.html.erb:3:5:3:20 | call to raw |
12+
| app/views/foo/bars/show.html.erb:4:5:4:29 | call to raw |
13+
| app/views/foo/bars/show.html.erb:5:5:5:21 | call to raw |
14+
| app/views/foo/bars/show.html.erb:7:5:7:19 | call to raw |
15+
renderCalls
16+
| app/controllers/foo/bars_controller.rb:6:5:6:37 | call to render |
17+
| app/controllers/foo/bars_controller.rb:23:5:23:76 | call to render |
18+
| app/controllers/foo/bars_controller.rb:35:5:35:33 | call to render |
19+
| app/controllers/foo/bars_controller.rb:38:5:38:50 | call to render |
20+
| app/controllers/foo/bars_controller.rb:44:5:44:17 | call to render |
21+
| app/views/foo/bars/show.html.erb:31:5:31:89 | call to render |
22+
renderToCalls
23+
| app/controllers/foo/bars_controller.rb:15:16:15:97 | call to render_to_string |
24+
| app/controllers/foo/bars_controller.rb:36:12:36:67 | call to render_to_string |
25+
linkToCalls
26+
| app/views/foo/bars/show.html.erb:33:5:33:41 | call to link_to |
27+
httpResponses
28+
| app/controllers/comments_controller.rb:11:5:11:17 | call to body= | app/controllers/comments_controller.rb:11:21:11:34 | ... = ... | text/http |
29+
| app/controllers/comments_controller.rb:21:5:21:37 | call to send_file | app/controllers/comments_controller.rb:21:24:21:36 | "my-file.ext" | application/octet-stream |
30+
| app/controllers/foo/bars_controller.rb:15:16:15:97 | call to render_to_string | app/controllers/foo/bars_controller.rb:15:33:15:47 | "foo/bars/show" | text/html |
31+
| app/controllers/foo/bars_controller.rb:23:5:23:76 | call to render | app/controllers/foo/bars_controller.rb:23:12:23:26 | "foo/bars/show" | text/html |
32+
| app/controllers/foo/bars_controller.rb:35:5:35:33 | call to render | app/controllers/foo/bars_controller.rb:35:18:35:33 | call to [] | application/json |
33+
| app/controllers/foo/bars_controller.rb:36:12:36:67 | call to render_to_string | app/controllers/foo/bars_controller.rb:36:29:36:33 | @user | application/json |
34+
| app/controllers/foo/bars_controller.rb:38:5:38:50 | call to render | app/controllers/foo/bars_controller.rb:38:12:38:22 | call to backtrace | text/plain |
35+
| app/controllers/foo/bars_controller.rb:44:5:44:17 | call to render | app/controllers/foo/bars_controller.rb:44:12:44:17 | "show" | text/html |
36+
rawHelperCalls
37+
| helpers.erb:4:1:4:36 | call to simple_format | helpers.erb:4:15:4:15 | call to x |
38+
| helpers.erb:7:1:7:26 | call to truncate | helpers.erb:7:10:7:10 | call to x |
39+
| helpers.erb:10:1:10:29 | call to highlight | helpers.erb:10:11:10:11 | call to x |
40+
| helpers.erb:12:1:12:17 | call to javascript_tag | helpers.erb:12:16:12:16 | call to x |
41+
| helpers.erb:15:1:15:27 | call to content_tag | helpers.erb:15:16:15:16 | call to y |
42+
| helpers.erb:18:1:18:19 | call to tag | helpers.erb:18:5:18:5 | call to x |
43+
| helpers.erb:21:1:21:24 | call to h1 | helpers.erb:21:8:21:8 | call to x |
44+
| helpers.erb:24:1:24:23 | call to p | helpers.erb:24:7:24:7 | call to x |

ruby/ql/test/library-tests/frameworks/action_view/ActionView.ql

Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,26 @@
1-
import codeql.ruby.Concepts
2-
import codeql.ruby.DataFlow
1+
private import ruby
2+
private import codeql.ruby.AST
3+
private import codeql.ruby.frameworks.ActionView
4+
private import codeql.ruby.frameworks.Rails
5+
private import codeql.ruby.Concepts
6+
private import codeql.ruby.DataFlow
37

48
query predicate fileSystemResolverAccesses(FileSystemAccess a, DataFlow::Node path) {
59
a.getAPathArgument() = path
610
}
11+
12+
query predicate rawCalls(RawCall c) { any() }
13+
14+
query predicate renderCalls(Rails::RenderCall c) { any() }
15+
16+
query predicate renderToCalls(Rails::RenderToCall c) { any() }
17+
18+
query predicate linkToCalls(LinkToCall c) { any() }
19+
20+
query predicate httpResponses(Http::Server::HttpResponse r, DataFlow::Node body, string mimeType) {
21+
r.getBody() = body and r.getMimetype() = mimeType
22+
}
23+
24+
query predicate rawHelperCalls(ActionView::Helpers::RawHelperCall c, Expr arg) {
25+
arg = c.getRawArgument()
26+
}

ruby/ql/test/library-tests/frameworks/action_view/app/components/DummyComponent.rb

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
class DummyComponent < ViewComponent::Base
2+
end

ruby/ql/test/library-tests/frameworks/action_view/app/config/routes.rb

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
Rails.application.routes.draw do
2+
resources :posts, only: [:show, :index] do
3+
resources :comments do
4+
resources :replies, only: [:create]
5+
post "flag", to: :flag
6+
end
7+
post "upvote", to: "posts#upvote"
8+
end
9+
10+
if Rails.env.test?
11+
post "destroy_all_posts", to: "posts#destroy_alll"
12+
end
13+
14+
constraints(number: /[0-9]+/) do
15+
get "/numbers/:number", to: "numbers#show"
16+
end
17+
18+
scope path: "/admin" do
19+
get "/jobs", to: "background_jobs#index"
20+
end
21+
22+
scope "/admin" do
23+
get "secrets", controller: "secrets", action: "view_secrets"
24+
delete ":user_id", to: "users#destroy"
25+
end
26+
27+
match "photos/:id" => "photos#show", via: :get
28+
match "photos/:id", to: "photos#show", via: :get
29+
match "photos/:id", controller: "photos", action: "show", via: :get
30+
match "photos/:id", to: "photos#show", via: :all
31+
32+
scope controller: "users" do
33+
post "upgrade", action: "start_upgrade"
34+
end
35+
36+
scope module: "enterprise", controller: "billing" do
37+
get "current_billing_cycle"
38+
end
39+
40+
resource :global_config, only: [:show]
41+
42+
namespace :foo do
43+
resources :bar, only: [:index, :show] do
44+
get "show_debug", to: :show_debug
45+
end
46+
end
47+
48+
scope "/users/:user" do
49+
delete "/notifications", to: "users/notifications#destroy", as: :user_destroy_notifications
50+
post "notifications/:notification_id/mark_as_read", to: "users/notifications#mark_as_read"
51+
end
52+
end

ruby/ql/test/library-tests/frameworks/action_view/app/controllers/comments_controller.rb

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
class CommentsController < ApplicationController
2+
def index
3+
request.params
4+
request.parameters
5+
request.GET
6+
request.POST
7+
request.query_parameters
8+
request.request_parameters
9+
request.filtered_parameters
10+
11+
response.body = "some content"
12+
13+
response.status = 200
14+
15+
response.header["Content-Type"] = "text/html"
16+
response.set_header("Content-Length", 100)
17+
response.headers["X-Custom-Header"] = "hi"
18+
response["X-Another-Custom-Header"] = "yes"
19+
response.add_header "X-Yet-Another", "indeed"
20+
21+
response.send_file("my-file.ext")
22+
23+
response.request
24+
25+
response.location = "http://..." # relevant for url redirect query
26+
response.cache_control = "value"
27+
response._cache_control = "value"
28+
response.etag = "value"
29+
response.charset = "value" # sets the charset part of the content-type header
30+
response.content_type = "value" # sets the main part of the content-type header
31+
32+
response.date = Date.today
33+
response.last_modified = Date.yesterday
34+
response.weak_etag = "value"
35+
response.strong_etag = "value"
36+
end
37+
38+
def show
39+
end
40+
end

ruby/ql/test/library-tests/frameworks/action_view/app/controllers/foo/bars_controller.rb

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
require 'json'
2+
3+
class BarsController < ApplicationController
4+
5+
def index
6+
render template: "foo/bars/index"
7+
end
8+
9+
def show_debug
10+
user_info = JSON.load cookies[:user_info]
11+
puts "User: #{user_info['name']}"
12+
13+
@user_website = params[:website]
14+
dt = params[:text]
15+
rendered = render_to_string "foo/bars/show", locals: { display_text: dt, safe_text: "hello" }
16+
puts rendered
17+
redirect_to action: "show"
18+
end
19+
20+
def show
21+
@user_website = params[:website]
22+
dt = params[:text]
23+
render "foo/bars/show", locals: { display_text: dt, safe_text: "hello" }
24+
end
25+
26+
def go_back
27+
redirect_back_or_to action: "index"
28+
end
29+
30+
def go_back_2
31+
redirect_back fallback_location: { action: "index" }
32+
end
33+
34+
def show_2
35+
render json: { some: "data" }
36+
body = render_to_string @user, content_type: "application/json"
37+
rescue => e
38+
render e.backtrace, content_type: "text/plain"
39+
end
40+
41+
private
42+
43+
def unreachable_action
44+
render "show"
45+
end
46+
end

ruby/ql/test/library-tests/frameworks/action_view/app/controllers/photos_controller.rb

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
class PhotosController < ApplicationController
2+
def show
3+
end
4+
end

ruby/ql/test/library-tests/frameworks/action_view/app/controllers/posts_controller.rb

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
class PostsController < ApplicationController
2+
def index
3+
end
4+
5+
def show
6+
end
7+
8+
def upvote
9+
end
10+
end

0 commit comments

Comments
 (0)