Add test cases

joefarebrother · joefarebrother · commit 3e61be1b6a1a · 2024-03-14T22:25:36.000Z
diff --git a/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected b/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected
@@ -2835,6 +2835,9 @@
 | file://:0:0:0:0 | [summary param] self in ActionController::Parameters#merge | file://:0:0:0:0 | [summary] to write: ReturnValue in ActionController::Parameters#merge |
 | file://:0:0:0:0 | [summary param] self in ActionController::Parameters#merge! | file://:0:0:0:0 | [summary] to write: Argument[self] in ActionController::Parameters#merge! |
 | file://:0:0:0:0 | [summary param] self in ActionController::Parameters#merge! | file://:0:0:0:0 | [summary] to write: ReturnValue in ActionController::Parameters#merge! |
+| file://:0:0:0:0 | [summary param] self in ActionDispatch::Http::UploadedFile::[original_filename,content_type,headers] | file://:0:0:0:0 | [summary] to write: ReturnValue in ActionDispatch::Http::UploadedFile::[original_filename,content_type,headers] |
+| file://:0:0:0:0 | [summary param] self in ActionDispatch::Http::UploadedFile::read | file://:0:0:0:0 | [summary] to write: Argument[1] in ActionDispatch::Http::UploadedFile::read |
+| file://:0:0:0:0 | [summary param] self in ActionDispatch::Http::UploadedFile::read | file://:0:0:0:0 | [summary] to write: ReturnValue in ActionDispatch::Http::UploadedFile::read |
 | file://:0:0:0:0 | [summary param] self in ActiveSupportStringTransform | file://:0:0:0:0 | [summary] to write: ReturnValue in ActiveSupportStringTransform |
 | file://:0:0:0:0 | [summary param] self in [] | file://:0:0:0:0 | [summary] to write: ReturnValue in [] |
 | file://:0:0:0:0 | [summary param] self in \| | file://:0:0:0:0 | [summary] read: Argument[self].Element[any] in \| |
diff --git a/ruby/ql/test/library-tests/frameworks/action_controller/ActionController.expected b/ruby/ql/test/library-tests/frameworks/action_controller/ActionController.expected
@@ -14,6 +14,7 @@ actionControllerControllerClasses
 | input_access.rb:1:1:58:3 | UsersController |
 | params_flow.rb:1:1:162:3 | MyController |
 | params_flow.rb:170:1:178:3 | Subclass |
+| params_flow.rb:180:1:205:5 | UploadedFileTests |
 actionControllerActionMethods
 | app/controllers/comments_controller.rb:17:3:51:5 | index |
 | app/controllers/comments_controller.rb:53:3:54:5 | create |
@@ -86,6 +87,12 @@ actionControllerActionMethods
 | params_flow.rb:152:3:159:5 | m33 |
 | params_flow.rb:165:3:167:5 | m34 |
 | params_flow.rb:171:3:173:5 | m35 |
+| params_flow.rb:181:3:183:5 | m36 |
+| params_flow.rb:185:3:187:5 | m37 |
+| params_flow.rb:189:3:191:5 | m38 |
+| params_flow.rb:193:3:195:5 | m39 |
+| params_flow.rb:197:3:201:5 | m40 |
+| params_flow.rb:203:3:205:5 | m41 |
 paramsCalls
 | app/controllers/comments_controller.rb:80:36:80:41 | call to params |
 | app/controllers/foo/bars_controller.rb:13:21:13:26 | call to params |
@@ -146,6 +153,12 @@ paramsCalls
 | params_flow.rb:166:10:166:15 | call to params |
 | params_flow.rb:172:10:172:15 | call to params |
 | params_flow.rb:176:10:176:15 | call to params |
+| params_flow.rb:182:10:182:15 | call to params |
+| params_flow.rb:186:10:186:15 | call to params |
+| params_flow.rb:190:10:190:15 | call to params |
+| params_flow.rb:194:10:194:15 | call to params |
+| params_flow.rb:199:5:199:10 | call to params |
+| params_flow.rb:204:10:204:15 | call to params |
 paramsSources
 | app/controllers/comments_controller.rb:80:36:80:41 | call to params |
 | app/controllers/foo/bars_controller.rb:13:21:13:26 | call to params |
@@ -206,6 +219,12 @@ paramsSources
 | params_flow.rb:166:10:166:15 | call to params |
 | params_flow.rb:172:10:172:15 | call to params |
 | params_flow.rb:176:10:176:15 | call to params |
+| params_flow.rb:182:10:182:15 | call to params |
+| params_flow.rb:186:10:186:15 | call to params |
+| params_flow.rb:190:10:190:15 | call to params |
+| params_flow.rb:194:10:194:15 | call to params |
+| params_flow.rb:199:5:199:10 | call to params |
+| params_flow.rb:204:10:204:15 | call to params |
 httpInputAccesses
 | app/controllers/application_controller.rb:11:53:11:64 | call to path | ActionDispatch::Request#path |
 | app/controllers/comments_controller.rb:18:5:18:18 | call to params | ActionDispatch::Request#params |
@@ -324,6 +343,12 @@ httpInputAccesses
 | params_flow.rb:166:10:166:15 | call to params | ActionController::Metal#params |
 | params_flow.rb:172:10:172:15 | call to params | ActionController::Metal#params |
 | params_flow.rb:176:10:176:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:182:10:182:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:186:10:186:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:190:10:190:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:194:10:194:15 | call to params | ActionController::Metal#params |
+| params_flow.rb:199:5:199:10 | call to params | ActionController::Metal#params |
+| params_flow.rb:204:10:204:15 | call to params | ActionController::Metal#params |
 cookiesCalls
 | app/controllers/foo/bars_controller.rb:10:27:10:33 | call to cookies |
 cookiesSources
diff --git a/ruby/ql/test/library-tests/frameworks/action_controller/params-flow.expected b/ruby/ql/test/library-tests/frameworks/action_controller/params-flow.expected
@@ -101,6 +101,21 @@ edges
 | params_flow.rb:166:10:166:15 | call to params | params_flow.rb:166:10:166:19 | ...[...] | provenance |  |
 | params_flow.rb:172:10:172:15 | call to params | params_flow.rb:172:10:172:19 | ...[...] | provenance |  |
 | params_flow.rb:176:10:176:15 | call to params | params_flow.rb:176:10:176:19 | ...[...] | provenance |  |
+| params_flow.rb:182:10:182:15 | call to params | params_flow.rb:182:10:182:22 | ...[...] | provenance |  |
+| params_flow.rb:182:10:182:22 | ...[...] | params_flow.rb:182:10:182:40 | call to original_filename | provenance |  |
+| params_flow.rb:186:10:186:15 | call to params | params_flow.rb:186:10:186:30 | call to require | provenance |  |
+| params_flow.rb:186:10:186:30 | call to require | params_flow.rb:186:10:186:43 | call to content_type | provenance |  |
+| params_flow.rb:190:10:190:15 | call to params | params_flow.rb:190:10:190:29 | call to permit | provenance |  |
+| params_flow.rb:190:10:190:29 | call to permit | params_flow.rb:190:10:190:36 | ...[...] | provenance |  |
+| params_flow.rb:190:10:190:36 | ...[...] | params_flow.rb:190:10:190:44 | call to headers | provenance |  |
+| params_flow.rb:194:10:194:15 | call to params | params_flow.rb:194:10:194:19 | ...[...] | provenance |  |
+| params_flow.rb:194:10:194:19 | ...[...] | params_flow.rb:194:10:194:31 | call to to_unsafe_h | provenance |  |
+| params_flow.rb:194:10:194:31 | call to to_unsafe_h | params_flow.rb:194:10:194:35 | ...[...] | provenance |  |
+| params_flow.rb:194:10:194:35 | ...[...] | params_flow.rb:194:10:194:42 | ...[...] | provenance |  |
+| params_flow.rb:194:10:194:42 | ...[...] | params_flow.rb:194:10:194:47 | call to read | provenance |  |
+| params_flow.rb:198:5:198:10 | call to params | params_flow.rb:198:5:198:17 | ...[...] | provenance |  |
+| params_flow.rb:198:5:198:17 | ...[...] | params_flow.rb:198:28:198:28 | [post] a | provenance |  |
+| params_flow.rb:198:28:198:28 | [post] a | params_flow.rb:199:10:199:10 | a | provenance |  |
 nodes
 | filter_flow.rb:14:5:14:8 | [post] self [@foo] | semmle.label | [post] self [@foo] |
 | filter_flow.rb:14:12:14:17 | call to params | semmle.label | call to params |
@@ -244,6 +259,26 @@ nodes
 | params_flow.rb:172:10:172:19 | ...[...] | semmle.label | ...[...] |
 | params_flow.rb:176:10:176:15 | call to params | semmle.label | call to params |
 | params_flow.rb:176:10:176:19 | ...[...] | semmle.label | ...[...] |
+| params_flow.rb:182:10:182:15 | call to params | semmle.label | call to params |
+| params_flow.rb:182:10:182:22 | ...[...] | semmle.label | ...[...] |
+| params_flow.rb:182:10:182:40 | call to original_filename | semmle.label | call to original_filename |
+| params_flow.rb:186:10:186:15 | call to params | semmle.label | call to params |
+| params_flow.rb:186:10:186:30 | call to require | semmle.label | call to require |
+| params_flow.rb:186:10:186:43 | call to content_type | semmle.label | call to content_type |
+| params_flow.rb:190:10:190:15 | call to params | semmle.label | call to params |
+| params_flow.rb:190:10:190:29 | call to permit | semmle.label | call to permit |
+| params_flow.rb:190:10:190:36 | ...[...] | semmle.label | ...[...] |
+| params_flow.rb:190:10:190:44 | call to headers | semmle.label | call to headers |
+| params_flow.rb:194:10:194:15 | call to params | semmle.label | call to params |
+| params_flow.rb:194:10:194:19 | ...[...] | semmle.label | ...[...] |
+| params_flow.rb:194:10:194:31 | call to to_unsafe_h | semmle.label | call to to_unsafe_h |
+| params_flow.rb:194:10:194:35 | ...[...] | semmle.label | ...[...] |
+| params_flow.rb:194:10:194:42 | ...[...] | semmle.label | ...[...] |
+| params_flow.rb:194:10:194:47 | call to read | semmle.label | call to read |
+| params_flow.rb:198:5:198:10 | call to params | semmle.label | call to params |
+| params_flow.rb:198:5:198:17 | ...[...] | semmle.label | ...[...] |
+| params_flow.rb:198:28:198:28 | [post] a | semmle.label | [post] a |
+| params_flow.rb:199:10:199:10 | a | semmle.label | a |
 subpaths
 #select
 | filter_flow.rb:21:10:21:13 | @foo | filter_flow.rb:14:12:14:17 | call to params | filter_flow.rb:21:10:21:13 | @foo | $@ | filter_flow.rb:14:12:14:17 | call to params | call to params |
@@ -298,3 +333,8 @@ subpaths
 | params_flow.rb:166:10:166:19 | ...[...] | params_flow.rb:166:10:166:15 | call to params | params_flow.rb:166:10:166:19 | ...[...] | $@ | params_flow.rb:166:10:166:15 | call to params | call to params |
 | params_flow.rb:172:10:172:19 | ...[...] | params_flow.rb:172:10:172:15 | call to params | params_flow.rb:172:10:172:19 | ...[...] | $@ | params_flow.rb:172:10:172:15 | call to params | call to params |
 | params_flow.rb:176:10:176:19 | ...[...] | params_flow.rb:176:10:176:15 | call to params | params_flow.rb:176:10:176:19 | ...[...] | $@ | params_flow.rb:176:10:176:15 | call to params | call to params |
+| params_flow.rb:182:10:182:40 | call to original_filename | params_flow.rb:182:10:182:15 | call to params | params_flow.rb:182:10:182:40 | call to original_filename | $@ | params_flow.rb:182:10:182:15 | call to params | call to params |
+| params_flow.rb:186:10:186:43 | call to content_type | params_flow.rb:186:10:186:15 | call to params | params_flow.rb:186:10:186:43 | call to content_type | $@ | params_flow.rb:186:10:186:15 | call to params | call to params |
+| params_flow.rb:190:10:190:44 | call to headers | params_flow.rb:190:10:190:15 | call to params | params_flow.rb:190:10:190:44 | call to headers | $@ | params_flow.rb:190:10:190:15 | call to params | call to params |
+| params_flow.rb:194:10:194:47 | call to read | params_flow.rb:194:10:194:15 | call to params | params_flow.rb:194:10:194:47 | call to read | $@ | params_flow.rb:194:10:194:15 | call to params | call to params |
+| params_flow.rb:199:10:199:10 | a | params_flow.rb:198:5:198:10 | call to params | params_flow.rb:199:10:199:10 | a | $@ | params_flow.rb:198:5:198:10 | call to params | call to params |
diff --git a/ruby/ql/test/library-tests/frameworks/action_controller/params_flow.rb b/ruby/ql/test/library-tests/frameworks/action_controller/params_flow.rb
@@ -176,3 +176,32 @@ def m35
     sink params[:x] # $hasTaintFlow
   end
 end
+
+class UploadedFileTests < MyController
+  def m36
+    sink params[:file].original_filename # $hasTaintFlow
+  end
+
+  def m37
+    sink params.require(:file).content_type # $hasTaintFlow
+  end
+
+  def m38
+    sink params.permit(:file)[:file].headers # $hasTaintFlow
+  end
+
+  def m39
+    sink params[:a].to_unsafe_h[:b][:file].read # $hasTaintFlow
+  end
+
+  def m40(a)
+    params[:file].read(nil,a)
+    sink a # $ hasTaintFlow
+  end
+
+  def m41
+    a = ""
+    params[:file].read(nil,a)
+    sink a # $ MISSING:hasTaintFlow
+  end
+end
