Ruby: Add test for AR PersistentWriteAccesses

hmac · hmac · commit d4f7f2b75e39 · 2022-08-04T17:22:46.000+12:00
diff --git a/ruby/ql/test/library-tests/frameworks/active_record/ActiveRecord.ql b/ruby/ql/test/library-tests/frameworks/active_record/ActiveRecord.ql
@@ -1,5 +1,7 @@
 import codeql.ruby.controlflow.CfgNodes
 import codeql.ruby.frameworks.ActiveRecord
+import codeql.ruby.Concepts
+import codeql.ruby.DataFlow
 
 query predicate activeRecordModelClasses(ActiveRecordModelClass cls) { any() }
 
@@ -18,3 +20,7 @@ query predicate activeRecordModelInstantiations(
 ) {
   i.getClass() = cls
 }
+
+query predicate persistentWriteAccesses(PersistentWriteAccess w, DataFlow::Node value) {
+  w.getValue() = value
+}
diff --git a/ruby/ql/test/library-tests/frameworks/active_record/ActiveRecord.rb b/ruby/ql/test/library-tests/frameworks/active_record/ActiveRecord.rb
@@ -67,6 +67,22 @@ class BazController < BarController
   def yet_another_handler
     Admin.delete_by(params[:admin_condition])
   end
+
+  def create1
+    Admin.create(params)
+  end
+
+  def create2
+    Admin.create(name: params[:name])
+  end
+
+  def update1
+    Admin.update(params)
+  end
+
+  def update2
+    Admin.update(name: params[:name])
+  end
 end
 
 class AnnotatedController < ActionController::Base
