slightly limit viable template files from render calls

alexrford · alexrford · commit 7270fe0ee793 · 2021-10-11T17:12:08.000+01:00
diff --git a/ql/lib/codeql/ruby/frameworks/ActionView.qll b/ql/lib/codeql/ruby/frameworks/ActionView.qll
@@ -97,7 +97,7 @@ abstract class RenderCall extends MethodCall {
    */
   ErbFile getTemplateFile() {
     result.getTemplateName() = this.getBaseName() and
-    result.getRelativePath().matches("%/" + this.getSubPath() + "%")
+    result.getRelativePath().matches("%app/views/" + this.getSubPath() + "%")
   }
 
   /**

Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ abstract class RenderCall extends MethodCall {`
`97`	`97`	`*/`
`98`	`98`	`ErbFile getTemplateFile() {`
`99`	`99`	`result.getTemplateName() = this.getBaseName() and`
`100`		`- result.getRelativePath().matches("%/" + this.getSubPath() + "%")`
	`100`	`+ result.getRelativePath().matches("%app/views/" + this.getSubPath() + "%")`
`101`	`101`	`}`
`102`	`102`
`103`	`103`	`/**`