added one more test

Author: Sim4n6

ruby/ql/test/query-tests/experimental/cwe-176/unicode_normalization.rb

@@ -1,3 +1,7 @@
+require "erb"
+include ERB::Util
+require 'cgi'
+
 class UnicodeNormalizationOKController < ActionController::Base
   def unicodeNormalize
     unicode_input = params[:unicode_input]
@@ -15,11 +19,20 @@ def unicodeNormalize
   end
 end
 
-class UnicodeNormalizationHtMLSafeController < ActionController::Base
+class UnicodeNormalizationHtMLEscapeController < ActionController::Base
   def unicodeNormalize
     unicode_input = params[:unicode_input]
-    unicode_html_safe = CGI.escapeHTML(unicode_input).html_safe
+    unicode_html_safe = html_escape(unicode_input)
     normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkc)    # $result=BAD
     normalized_nfc = unicode_html_safe.unicode_normalize(:nfc)      # $result=BAD
   end
 end
+
+class UnicodeNormalizationCGIHtMLEscapeController < ActionController::Base
+  def unicodeNormalize
+    unicode_input = params[:unicode_input]
+    unicode_html_safe = CGI.escapeHTML(unicode_input).html_safe
+    normalized_nfkc = unicode_html_safe.unicode_normalize(:nfkd)    # $result=BAD
+    normalized_nfc = unicode_html_safe.unicode_normalize(:nfd)      # $result=BAD
+  end
+end