Skip to content

Commit 977e8a8

Browse files
alexrfordalexrford
committed
Ruby: add a test case for sensitive data from cookies for rb/sensitive-get-query (should not be flagged)
1 parent 880fb2b commit 977e8a8

File tree

2 files changed

+6
-0
lines changed

2 files changed

+6
-0
lines changed

ruby/ql/test/query-tests/security/cwe-598/app/controllers/users_controller.rb

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,11 @@ def login_post
1010
authenticate_user(params[:username], password)
1111
end
1212

13+
def login_get_cookies
14+
password = cookies[:password]
15+
authenticate_user(params[:username], password)
16+
end
17+
1318
private
1419
def authenticate_user(username, password)
1520
# ... authenticate the user here

ruby/ql/test/query-tests/security/cwe-598/config/routes.rb

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,4 +2,5 @@
22
match "users/login1", to: "users#login_get", via: :get
33
get "users/login2", to: "users#login_get"
44
post "users/login3", to: "users#login_post"
5+
get "users/login3", to: "users#login_get_cookies"
56
end

0 commit comments

Comments
 (0)