Ruby: add a test case for sensitive data from cookies for rb/sensitive-get-query (should not be flagged)

Author: alexrford

ruby/ql/test/query-tests/security/cwe-598/app/controllers/users_controller.rb

@@ -10,6 +10,11 @@ def login_post
     authenticate_user(params[:username], password)
   end
 
+  def login_get_cookies
+    password = cookies[:password]
+    authenticate_user(params[:username], password)
+  end
+
   private
   def authenticate_user(username, password)
     # ... authenticate the user here

ruby/ql/test/query-tests/security/cwe-598/config/routes.rb

@@ -2,4 +2,5 @@
   match "users/login1", to: "users#login_get", via: :get
   get "users/login2", to: "users#login_get"
   post "users/login3", to: "users#login_post"
+  get "users/login3", to: "users#login_get_cookies"
 end