Ruby: Attempt to mitigate potential bad join

hmac · hmac · commit 749dc092ae37 · 2022-02-02T17:03:46.000+13:00
By joining simultaneously on controller class and name.
diff --git a/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll b/ruby/ql/lib/codeql/ruby/frameworks/ActionController.qll
@@ -94,7 +94,7 @@ class ActionControllerActionMethod extends Method, HTTP::Server::RequestHandler:
   ActionDispatch::Route getARoute() {
     result.getController() + "_controller" =
       ActionDispatch::underscore(namespaceDeclaration(controllerClass)) and
-    this.getName() = result.getAction()
+    isActionControllerMethod(this, result.getAction(), controllerClass)
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -94,7 +94,7 @@ class ActionControllerActionMethod extends Method, HTTP::Server::RequestHandler:`
`94`	`94`	`ActionDispatch::Route getARoute() {`
`95`	`95`	`result.getController() + "_controller" =`
`96`	`96`	`ActionDispatch::underscore(namespaceDeclaration(controllerClass)) and`
`97`		`- this.getName() = result.getAction()`
	`97`	`+ isActionControllerMethod(this, result.getAction(), controllerClass)`
`98`	`98`	`}`
`99`	`99`	`}`
`100`	`100`