Ruby: Fix tests and qldoc

Author: hmac

ruby/ql/lib/codeql/ruby/frameworks/Sinatra.qll

@@ -169,8 +169,9 @@ module Sinatra {
   }
 
   /**
-   *  A summary for accessing a local variable in an ERB template.
-   * This is the second half of the modelling of the flow from the `locals` keyword argument to variables in the ERB template.
+   * A summary for accessing a local variable in an ERB template.
+   * This is the second half of the modeling of the flow from the `locals`
+   * keyword argument to variables in the ERB template.
    * The first half is modeled by `ErbLocalsSummary`.
    */
   private class ErbLocalsAccessSummary extends SummarizedCallable {
@@ -233,14 +234,14 @@ module Sinatra {
   }
 
   /**
-   * `before` filters run before the route handler.
+   * A class for Sinatra `before` filters. These run before the route handler.
    */
   class BeforeFilter extends Filter {
     BeforeFilter() { this.getMethodName() = "before" }
   }
 
   /**
-   * `after` filters run after the route handler.
+   * A class for Sinatra `after` filters. These run after the route handler.
    */
   class AfterFilter extends Filter {
     AfterFilter() { this.getMethodName() = "after" }

ruby/ql/test/library-tests/frameworks/sinatra/Flow.expected

@@ -6,12 +6,19 @@ edges
 | app.rb:75:12:75:24 | ...[...] :  | app.rb:75:5:75:8 | [post] self [@foo] :  |
 | app.rb:76:32:76:35 | @foo :  | views/index.erb:2:10:2:12 | call to foo |
 | app.rb:76:32:76:35 | self [@foo] :  | app.rb:76:32:76:35 | @foo :  |
+| app.rb:95:10:95:14 | self [@user] :  | app.rb:95:10:95:14 | @user |
+| app.rb:103:5:103:9 | [post] self [@user] :  | app.rb:95:10:95:14 | self [@user] :  |
+| app.rb:103:13:103:22 | call to source :  | app.rb:103:5:103:9 | [post] self [@user] :  |
 nodes
 | app.rb:75:5:75:8 | [post] self [@foo] :  | semmle.label | [post] self [@foo] :  |
 | app.rb:75:12:75:17 | call to params :  | semmle.label | call to params :  |
 | app.rb:75:12:75:24 | ...[...] :  | semmle.label | ...[...] :  |
 | app.rb:76:32:76:35 | @foo :  | semmle.label | @foo :  |
 | app.rb:76:32:76:35 | self [@foo] :  | semmle.label | self [@foo] :  |
+| app.rb:95:10:95:14 | @user | semmle.label | @user |
+| app.rb:95:10:95:14 | self [@user] :  | semmle.label | self [@user] :  |
+| app.rb:103:5:103:9 | [post] self [@user] :  | semmle.label | [post] self [@user] :  |
+| app.rb:103:13:103:22 | call to source :  | semmle.label | call to source :  |
 | views/index.erb:2:10:2:12 | call to foo | semmle.label | call to foo |
 subpaths
 #select

ruby/ql/test/library-tests/frameworks/sinatra/Flow.ql

@@ -8,6 +8,12 @@ import PathGraph
 import codeql.ruby.frameworks.Sinatra
 import codeql.ruby.Concepts
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, DefaultTaintFlowConf conf
+class SinatraConf extends DefaultTaintFlowConf {
+  override predicate isSource(DataFlow::Node source) {
+    source instanceof Http::Server::RequestInputAccess::Range
+  }
+}
+
+from DataFlow::PathNode source, DataFlow::PathNode sink, SinatraConf conf
 where conf.hasFlowPath(source, sink)
 select sink, source, sink, "$@", source, source.toString()

ruby/ql/test/library-tests/frameworks/sinatra/app.rb

@@ -92,7 +92,7 @@ class MyApp < Sinatra::Base
   end
 
   get "/home" do
-    sink @user # $ hasTaintFlow=a
+    sink @user # $ hasValueFlow=a
   end
 
   after do