Ruby: add space for test case

alexrford · alexrford · commit c4baf0b8fa99 · 2022-10-09T22:16:23.000+01:00
diff --git a/ruby/ql/test/query-tests/security/cwe-094/CodeInjection.expected b/ruby/ql/test/query-tests/security/cwe-094/CodeInjection.expected
@@ -1,29 +1,29 @@
 edges
-| CodeInjection.rb:3:12:3:17 | call to params :  | CodeInjection.rb:3:12:3:24 | ...[...] :  |
-| CodeInjection.rb:3:12:3:24 | ...[...] :  | CodeInjection.rb:6:10:6:13 | code |
-| CodeInjection.rb:3:12:3:24 | ...[...] :  | CodeInjection.rb:18:20:18:23 | code |
-| CodeInjection.rb:3:12:3:24 | ...[...] :  | CodeInjection.rb:21:21:21:24 | code |
-| CodeInjection.rb:3:12:3:24 | ...[...] :  | CodeInjection.rb:27:15:27:18 | code |
-| CodeInjection.rb:3:12:3:24 | ...[...] :  | CodeInjection.rb:30:19:30:22 | code |
-| CodeInjection.rb:3:12:3:24 | ...[...] :  | CodeInjection.rb:36:24:36:27 | code :  |
-| CodeInjection.rb:36:24:36:27 | code :  | CodeInjection.rb:36:10:36:28 | call to escape |
+| CodeInjection.rb:5:12:5:17 | call to params :  | CodeInjection.rb:5:12:5:24 | ...[...] :  |
+| CodeInjection.rb:5:12:5:24 | ...[...] :  | CodeInjection.rb:8:10:8:13 | code |
+| CodeInjection.rb:5:12:5:24 | ...[...] :  | CodeInjection.rb:20:20:20:23 | code |
+| CodeInjection.rb:5:12:5:24 | ...[...] :  | CodeInjection.rb:23:21:23:24 | code |
+| CodeInjection.rb:5:12:5:24 | ...[...] :  | CodeInjection.rb:29:15:29:18 | code |
+| CodeInjection.rb:5:12:5:24 | ...[...] :  | CodeInjection.rb:32:19:32:22 | code |
+| CodeInjection.rb:5:12:5:24 | ...[...] :  | CodeInjection.rb:38:24:38:27 | code :  |
+| CodeInjection.rb:38:24:38:27 | code :  | CodeInjection.rb:38:10:38:28 | call to escape |
 nodes
-| CodeInjection.rb:3:12:3:17 | call to params :  | semmle.label | call to params :  |
-| CodeInjection.rb:3:12:3:24 | ...[...] :  | semmle.label | ...[...] :  |
-| CodeInjection.rb:6:10:6:13 | code | semmle.label | code |
-| CodeInjection.rb:9:10:9:15 | call to params | semmle.label | call to params |
-| CodeInjection.rb:18:20:18:23 | code | semmle.label | code |
-| CodeInjection.rb:21:21:21:24 | code | semmle.label | code |
-| CodeInjection.rb:27:15:27:18 | code | semmle.label | code |
-| CodeInjection.rb:30:19:30:22 | code | semmle.label | code |
-| CodeInjection.rb:36:10:36:28 | call to escape | semmle.label | call to escape |
-| CodeInjection.rb:36:24:36:27 | code :  | semmle.label | code :  |
+| CodeInjection.rb:5:12:5:17 | call to params :  | semmle.label | call to params :  |
+| CodeInjection.rb:5:12:5:24 | ...[...] :  | semmle.label | ...[...] :  |
+| CodeInjection.rb:8:10:8:13 | code | semmle.label | code |
+| CodeInjection.rb:11:10:11:15 | call to params | semmle.label | call to params |
+| CodeInjection.rb:20:20:20:23 | code | semmle.label | code |
+| CodeInjection.rb:23:21:23:24 | code | semmle.label | code |
+| CodeInjection.rb:29:15:29:18 | code | semmle.label | code |
+| CodeInjection.rb:32:19:32:22 | code | semmle.label | code |
+| CodeInjection.rb:38:10:38:28 | call to escape | semmle.label | call to escape |
+| CodeInjection.rb:38:24:38:27 | code :  | semmle.label | code :  |
 subpaths
 #select
-| CodeInjection.rb:6:10:6:13 | code | CodeInjection.rb:3:12:3:17 | call to params :  | CodeInjection.rb:6:10:6:13 | code | This code execution depends on a $@. | CodeInjection.rb:3:12:3:17 | call to params | user-provided value |
-| CodeInjection.rb:9:10:9:15 | call to params | CodeInjection.rb:9:10:9:15 | call to params | CodeInjection.rb:9:10:9:15 | call to params | This code execution depends on a $@. | CodeInjection.rb:9:10:9:15 | call to params | user-provided value |
-| CodeInjection.rb:18:20:18:23 | code | CodeInjection.rb:3:12:3:17 | call to params :  | CodeInjection.rb:18:20:18:23 | code | This code execution depends on a $@. | CodeInjection.rb:3:12:3:17 | call to params | user-provided value |
-| CodeInjection.rb:21:21:21:24 | code | CodeInjection.rb:3:12:3:17 | call to params :  | CodeInjection.rb:21:21:21:24 | code | This code execution depends on a $@. | CodeInjection.rb:3:12:3:17 | call to params | user-provided value |
-| CodeInjection.rb:27:15:27:18 | code | CodeInjection.rb:3:12:3:17 | call to params :  | CodeInjection.rb:27:15:27:18 | code | This code execution depends on a $@. | CodeInjection.rb:3:12:3:17 | call to params | user-provided value |
-| CodeInjection.rb:30:19:30:22 | code | CodeInjection.rb:3:12:3:17 | call to params :  | CodeInjection.rb:30:19:30:22 | code | This code execution depends on a $@. | CodeInjection.rb:3:12:3:17 | call to params | user-provided value |
-| CodeInjection.rb:36:10:36:28 | call to escape | CodeInjection.rb:3:12:3:17 | call to params :  | CodeInjection.rb:36:10:36:28 | call to escape | This code execution depends on a $@. | CodeInjection.rb:3:12:3:17 | call to params | user-provided value |
+| CodeInjection.rb:8:10:8:13 | code | CodeInjection.rb:5:12:5:17 | call to params :  | CodeInjection.rb:8:10:8:13 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
+| CodeInjection.rb:11:10:11:15 | call to params | CodeInjection.rb:11:10:11:15 | call to params | CodeInjection.rb:11:10:11:15 | call to params | This code execution depends on a $@. | CodeInjection.rb:11:10:11:15 | call to params | user-provided value |
+| CodeInjection.rb:20:20:20:23 | code | CodeInjection.rb:5:12:5:17 | call to params :  | CodeInjection.rb:20:20:20:23 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
+| CodeInjection.rb:23:21:23:24 | code | CodeInjection.rb:5:12:5:17 | call to params :  | CodeInjection.rb:23:21:23:24 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
+| CodeInjection.rb:29:15:29:18 | code | CodeInjection.rb:5:12:5:17 | call to params :  | CodeInjection.rb:29:15:29:18 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
+| CodeInjection.rb:32:19:32:22 | code | CodeInjection.rb:5:12:5:17 | call to params :  | CodeInjection.rb:32:19:32:22 | code | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
+| CodeInjection.rb:38:10:38:28 | call to escape | CodeInjection.rb:5:12:5:17 | call to params :  | CodeInjection.rb:38:10:38:28 | call to escape | This code execution depends on a $@. | CodeInjection.rb:5:12:5:17 | call to params | user-provided value |
diff --git a/ruby/ql/test/query-tests/security/cwe-094/CodeInjection.rb b/ruby/ql/test/query-tests/security/cwe-094/CodeInjection.rb
@@ -1,3 +1,5 @@
+require 'active_job'
+
 class UsersController < ActionController::Base
   def create
     code = params[:code]
@@ -22,18 +24,21 @@ def create
 
     # GOOD
     Bar.class_eval(code)
-    
+
     # BAD
     const_get(code)
-    
+
     # BAD
     Foo.const_get(code)
-    
+
     # GOOD
     Bar.const_get(code)
 
     # BAD
     eval(Regexp.escape(code))
+
+
+
   end
 
   def update
@@ -62,8 +67,8 @@ class Bar
   def self.class_eval(x)
     true
   end
-  
+
   def self.const_get(x)
     true
   end
-end
+end
