зеркало из https://github.com/github/codeql.git
Merge pull request #11058 from hmac/actioncontroller-logger
Ruby: Model various ActionController methods
This commit is contained in:
Коммит
a6f6936719
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Calls to `logger` in `ActiveSupport` actions are now recognised as logger instances.
|
||||
* Calls to `send_data` in `ActiveSupport` actions are recognised as HTTP responses.
|
||||
* Calls to `body_stream` in `ActiveSupport` actions are recognised as HTTP request accesses.
|
|
@ -12,6 +12,7 @@ private import codeql.ruby.frameworks.ActionDispatch
|
|||
private import codeql.ruby.frameworks.ActionView
|
||||
private import codeql.ruby.frameworks.Rails
|
||||
private import codeql.ruby.frameworks.internal.Rails
|
||||
private import codeql.ruby.dataflow.internal.DataFlowDispatch
|
||||
|
||||
/**
|
||||
* DEPRECATED: Import `codeql.ruby.frameworks.Rails` and use `Rails::ParamsCall` instead.
|
||||
|
@ -295,7 +296,7 @@ private module Request {
|
|||
|
||||
/** A method call on `request` which returns the request body. */
|
||||
private class BodyCall extends RequestInputAccess {
|
||||
BodyCall() { this.getMethodName() = ["body", "raw_post"] }
|
||||
BodyCall() { this.getMethodName() = ["body", "raw_post", "body_stream"] }
|
||||
|
||||
override Http::Server::RequestInputKind getKind() { result = Http::Server::bodyInputKind() }
|
||||
}
|
||||
|
@ -538,12 +539,34 @@ private class ActionControllerProtectFromForgeryCall extends CsrfProtectionSetti
|
|||
/**
|
||||
* A call to `send_file`, which sends the file at the given path to the client.
|
||||
*/
|
||||
private class SendFile extends FileSystemAccess::Range, DataFlow::CallNode {
|
||||
private class SendFile extends FileSystemAccess::Range, Http::Server::HttpResponse::Range,
|
||||
DataFlow::CallNode {
|
||||
SendFile() {
|
||||
this = [actionControllerInstance(), Response::response()].getAMethodCall("send_file")
|
||||
}
|
||||
|
||||
override DataFlow::Node getAPathArgument() { result = this.getArgument(0) }
|
||||
|
||||
override DataFlow::Node getBody() { result = this.getArgument(0) }
|
||||
|
||||
override DataFlow::Node getMimetypeOrContentTypeArg() { none() }
|
||||
|
||||
override string getMimetypeDefault() { result = "application/octet-stream" }
|
||||
}
|
||||
|
||||
/**
|
||||
* A call to `send_data`, which sends the given data to the client.
|
||||
*/
|
||||
class SendDataCall extends DataFlow::CallNode, Http::Server::HttpResponse::Range {
|
||||
SendDataCall() {
|
||||
this = [actionControllerInstance(), Response::response()].getAMethodCall("send_data")
|
||||
}
|
||||
|
||||
override DataFlow::Node getBody() { result = this.getArgument(0) }
|
||||
|
||||
override DataFlow::Node getMimetypeOrContentTypeArg() { none() }
|
||||
|
||||
override string getMimetypeDefault() { result = "application/octet-stream" }
|
||||
}
|
||||
|
||||
private module ParamsSummaries {
|
||||
|
@ -733,3 +756,28 @@ private module Response {
|
|||
override DataFlow::Node getValue() { result = this.getArgument(0) }
|
||||
}
|
||||
}
|
||||
|
||||
private class ActionControllerLoggerInstance extends DataFlow::Node {
|
||||
ActionControllerLoggerInstance() {
|
||||
this = actionControllerInstance().getAMethodCall("logger")
|
||||
or
|
||||
any(ActionControllerLoggerInstance i).(DataFlow::LocalSourceNode).flowsTo(this)
|
||||
}
|
||||
}
|
||||
|
||||
private class ActionControllerLoggingCall extends DataFlow::CallNode, Logging::Range {
|
||||
ActionControllerLoggingCall() {
|
||||
this.getReceiver() instanceof ActionControllerLoggerInstance and
|
||||
this.getMethodName() = ["debug", "error", "fatal", "info", "unknown", "warn"]
|
||||
}
|
||||
|
||||
// Note: this is identical to the definition `stdlib.Logger.LoggerInfoStyleCall`.
|
||||
override DataFlow::Node getAnInput() {
|
||||
// `msg` from `Logger#info(msg)`,
|
||||
// or `progname` from `Logger#info(progname) <block>`
|
||||
result = this.getArgument(0)
|
||||
or
|
||||
// a return value from the block in `Logger#info(progname) <block>`
|
||||
exprNodeReturnedFrom(result, this.getBlock().asExpr().getExpr())
|
||||
}
|
||||
}
|
||||
|
|
|
@ -60,6 +60,14 @@ class StringReplaceSanitizer extends Sanitizer {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A call to `Object#inspect`, considered as a sanitizer.
|
||||
* This is because `inspect` will replace newlines in strings with `\n`.
|
||||
*/
|
||||
class InspectSanitizer extends Sanitizer {
|
||||
InspectSanitizer() { this.(DataFlow::CallNode).getMethodName() = "inspect" }
|
||||
}
|
||||
|
||||
/**
|
||||
* A call to an HTML escape method is considered to sanitize its input.
|
||||
*/
|
||||
|
|
|
@ -1,410 +0,0 @@
|
|||
actionControllerControllerClasses
|
||||
| action_controller/input_access.rb:1:1:50:3 | UsersController |
|
||||
| action_controller/params_flow.rb:1:1:162:3 | MyController |
|
||||
| action_controller/params_flow.rb:170:1:178:3 | Subclass |
|
||||
| active_record/ActiveRecord.rb:23:1:39:3 | FooController |
|
||||
| active_record/ActiveRecord.rb:41:1:64:3 | BarController |
|
||||
| active_record/ActiveRecord.rb:66:1:98:3 | BazController |
|
||||
| active_record/ActiveRecord.rb:100:1:108:3 | AnnotatedController |
|
||||
| active_storage/active_storage.rb:39:1:45:3 | PostsController2 |
|
||||
| app/controllers/comments_controller.rb:1:1:40:3 | CommentsController |
|
||||
| app/controllers/foo/bars_controller.rb:3:1:46:3 | BarsController |
|
||||
| app/controllers/photos_controller.rb:1:1:4:3 | PhotosController |
|
||||
| app/controllers/posts_controller.rb:1:1:10:3 | PostsController |
|
||||
| app/controllers/tags_controller.rb:1:1:2:3 | TagsController |
|
||||
| app/controllers/users/notifications_controller.rb:2:3:5:5 | Users::NotificationsController |
|
||||
actionControllerActionMethods
|
||||
| action_controller/input_access.rb:2:3:49:5 | index |
|
||||
| action_controller/params_flow.rb:2:3:4:5 | m1 |
|
||||
| action_controller/params_flow.rb:6:3:8:5 | m2 |
|
||||
| action_controller/params_flow.rb:10:3:12:5 | m2 |
|
||||
| action_controller/params_flow.rb:14:3:16:5 | m3 |
|
||||
| action_controller/params_flow.rb:18:3:20:5 | m4 |
|
||||
| action_controller/params_flow.rb:22:3:24:5 | m5 |
|
||||
| action_controller/params_flow.rb:26:3:28:5 | m6 |
|
||||
| action_controller/params_flow.rb:30:3:32:5 | m7 |
|
||||
| action_controller/params_flow.rb:34:3:36:5 | m8 |
|
||||
| action_controller/params_flow.rb:38:3:40:5 | m9 |
|
||||
| action_controller/params_flow.rb:42:3:44:5 | m10 |
|
||||
| action_controller/params_flow.rb:46:3:48:5 | m11 |
|
||||
| action_controller/params_flow.rb:50:3:52:5 | m12 |
|
||||
| action_controller/params_flow.rb:54:3:56:5 | m13 |
|
||||
| action_controller/params_flow.rb:58:3:60:5 | m14 |
|
||||
| action_controller/params_flow.rb:62:3:64:5 | m15 |
|
||||
| action_controller/params_flow.rb:66:3:68:5 | m16 |
|
||||
| action_controller/params_flow.rb:70:3:72:5 | m17 |
|
||||
| action_controller/params_flow.rb:74:3:76:5 | m18 |
|
||||
| action_controller/params_flow.rb:78:3:80:5 | m19 |
|
||||
| action_controller/params_flow.rb:82:3:84:5 | m20 |
|
||||
| action_controller/params_flow.rb:86:3:88:5 | m21 |
|
||||
| action_controller/params_flow.rb:90:3:92:5 | m22 |
|
||||
| action_controller/params_flow.rb:94:3:96:5 | m23 |
|
||||
| action_controller/params_flow.rb:98:3:100:5 | m24 |
|
||||
| action_controller/params_flow.rb:102:3:104:5 | m25 |
|
||||
| action_controller/params_flow.rb:106:3:108:5 | m26 |
|
||||
| action_controller/params_flow.rb:110:3:113:5 | m27 |
|
||||
| action_controller/params_flow.rb:115:3:118:5 | m28 |
|
||||
| action_controller/params_flow.rb:120:3:123:5 | m29 |
|
||||
| action_controller/params_flow.rb:125:3:132:5 | m30 |
|
||||
| action_controller/params_flow.rb:134:3:141:5 | m31 |
|
||||
| action_controller/params_flow.rb:143:3:150:5 | m32 |
|
||||
| action_controller/params_flow.rb:152:3:159:5 | m33 |
|
||||
| action_controller/params_flow.rb:165:3:167:5 | m34 |
|
||||
| action_controller/params_flow.rb:171:3:173:5 | m35 |
|
||||
| active_record/ActiveRecord.rb:27:3:38:5 | some_request_handler |
|
||||
| active_record/ActiveRecord.rb:42:3:47:5 | some_other_request_handler |
|
||||
| active_record/ActiveRecord.rb:49:3:63:5 | safe_paths |
|
||||
| active_record/ActiveRecord.rb:67:3:69:5 | yet_another_handler |
|
||||
| active_record/ActiveRecord.rb:71:3:73:5 | create1 |
|
||||
| active_record/ActiveRecord.rb:75:3:77:5 | create2 |
|
||||
| active_record/ActiveRecord.rb:79:3:81:5 | create3 |
|
||||
| active_record/ActiveRecord.rb:83:3:85:5 | create4 |
|
||||
| active_record/ActiveRecord.rb:87:3:89:5 | update1 |
|
||||
| active_record/ActiveRecord.rb:91:3:93:5 | update2 |
|
||||
| active_record/ActiveRecord.rb:95:3:97:5 | update3 |
|
||||
| active_record/ActiveRecord.rb:101:3:103:5 | index |
|
||||
| active_record/ActiveRecord.rb:105:3:107:5 | unsafe_action |
|
||||
| active_storage/active_storage.rb:40:3:44:5 | create |
|
||||
| app/controllers/comments_controller.rb:2:3:36:5 | index |
|
||||
| app/controllers/comments_controller.rb:38:3:39:5 | show |
|
||||
| app/controllers/foo/bars_controller.rb:5:3:7:5 | index |
|
||||
| app/controllers/foo/bars_controller.rb:9:3:18:5 | show_debug |
|
||||
| app/controllers/foo/bars_controller.rb:20:3:24:5 | show |
|
||||
| app/controllers/foo/bars_controller.rb:26:3:28:5 | go_back |
|
||||
| app/controllers/foo/bars_controller.rb:30:3:32:5 | go_back_2 |
|
||||
| app/controllers/foo/bars_controller.rb:34:3:39:5 | show_2 |
|
||||
| app/controllers/photos_controller.rb:2:3:3:5 | show |
|
||||
| app/controllers/posts_controller.rb:2:3:3:5 | index |
|
||||
| app/controllers/posts_controller.rb:5:3:6:5 | show |
|
||||
| app/controllers/posts_controller.rb:8:3:9:5 | upvote |
|
||||
| app/controllers/users/notifications_controller.rb:3:5:4:7 | mark_as_read |
|
||||
paramsCalls
|
||||
| action_controller/params_flow.rb:3:10:3:15 | call to params |
|
||||
| action_controller/params_flow.rb:7:10:7:15 | call to params |
|
||||
| action_controller/params_flow.rb:11:10:11:15 | call to params |
|
||||
| action_controller/params_flow.rb:15:10:15:15 | call to params |
|
||||
| action_controller/params_flow.rb:19:10:19:15 | call to params |
|
||||
| action_controller/params_flow.rb:23:10:23:15 | call to params |
|
||||
| action_controller/params_flow.rb:27:10:27:15 | call to params |
|
||||
| action_controller/params_flow.rb:31:10:31:15 | call to params |
|
||||
| action_controller/params_flow.rb:35:10:35:15 | call to params |
|
||||
| action_controller/params_flow.rb:39:10:39:15 | call to params |
|
||||
| action_controller/params_flow.rb:43:10:43:15 | call to params |
|
||||
| action_controller/params_flow.rb:47:10:47:15 | call to params |
|
||||
| action_controller/params_flow.rb:51:10:51:15 | call to params |
|
||||
| action_controller/params_flow.rb:55:10:55:15 | call to params |
|
||||
| action_controller/params_flow.rb:59:10:59:15 | call to params |
|
||||
| action_controller/params_flow.rb:63:10:63:15 | call to params |
|
||||
| action_controller/params_flow.rb:67:10:67:15 | call to params |
|
||||
| action_controller/params_flow.rb:71:10:71:15 | call to params |
|
||||
| action_controller/params_flow.rb:75:10:75:15 | call to params |
|
||||
| action_controller/params_flow.rb:79:10:79:15 | call to params |
|
||||
| action_controller/params_flow.rb:83:10:83:15 | call to params |
|
||||
| action_controller/params_flow.rb:87:10:87:15 | call to params |
|
||||
| action_controller/params_flow.rb:91:10:91:15 | call to params |
|
||||
| action_controller/params_flow.rb:95:10:95:15 | call to params |
|
||||
| action_controller/params_flow.rb:99:10:99:15 | call to params |
|
||||
| action_controller/params_flow.rb:103:10:103:15 | call to params |
|
||||
| action_controller/params_flow.rb:107:10:107:15 | call to params |
|
||||
| action_controller/params_flow.rb:111:10:111:15 | call to params |
|
||||
| action_controller/params_flow.rb:112:23:112:28 | call to params |
|
||||
| action_controller/params_flow.rb:116:10:116:15 | call to params |
|
||||
| action_controller/params_flow.rb:117:31:117:36 | call to params |
|
||||
| action_controller/params_flow.rb:121:10:121:15 | call to params |
|
||||
| action_controller/params_flow.rb:122:31:122:36 | call to params |
|
||||
| action_controller/params_flow.rb:126:10:126:15 | call to params |
|
||||
| action_controller/params_flow.rb:127:24:127:29 | call to params |
|
||||
| action_controller/params_flow.rb:130:14:130:19 | call to params |
|
||||
| action_controller/params_flow.rb:135:10:135:15 | call to params |
|
||||
| action_controller/params_flow.rb:136:32:136:37 | call to params |
|
||||
| action_controller/params_flow.rb:139:22:139:27 | call to params |
|
||||
| action_controller/params_flow.rb:144:10:144:15 | call to params |
|
||||
| action_controller/params_flow.rb:145:32:145:37 | call to params |
|
||||
| action_controller/params_flow.rb:148:22:148:27 | call to params |
|
||||
| action_controller/params_flow.rb:153:10:153:15 | call to params |
|
||||
| action_controller/params_flow.rb:154:32:154:37 | call to params |
|
||||
| action_controller/params_flow.rb:157:22:157:27 | call to params |
|
||||
| action_controller/params_flow.rb:166:10:166:15 | call to params |
|
||||
| action_controller/params_flow.rb:172:10:172:15 | call to params |
|
||||
| action_controller/params_flow.rb:176:10:176:15 | call to params |
|
||||
| action_mailer/mailer.rb:3:10:3:15 | call to params |
|
||||
| active_record/ActiveRecord.rb:28:30:28:35 | call to params |
|
||||
| active_record/ActiveRecord.rb:29:29:29:34 | call to params |
|
||||
| active_record/ActiveRecord.rb:30:31:30:36 | call to params |
|
||||
| active_record/ActiveRecord.rb:32:21:32:26 | call to params |
|
||||
| active_record/ActiveRecord.rb:34:34:34:39 | call to params |
|
||||
| active_record/ActiveRecord.rb:35:23:35:28 | call to params |
|
||||
| active_record/ActiveRecord.rb:35:38:35:43 | call to params |
|
||||
| active_record/ActiveRecord.rb:43:10:43:15 | call to params |
|
||||
| active_record/ActiveRecord.rb:50:11:50:16 | call to params |
|
||||
| active_record/ActiveRecord.rb:54:12:54:17 | call to params |
|
||||
| active_record/ActiveRecord.rb:59:12:59:17 | call to params |
|
||||
| active_record/ActiveRecord.rb:62:15:62:20 | call to params |
|
||||
| active_record/ActiveRecord.rb:68:21:68:26 | call to params |
|
||||
| active_record/ActiveRecord.rb:72:18:72:23 | call to params |
|
||||
| active_record/ActiveRecord.rb:76:24:76:29 | call to params |
|
||||
| active_record/ActiveRecord.rb:76:49:76:54 | call to params |
|
||||
| active_record/ActiveRecord.rb:80:25:80:30 | call to params |
|
||||
| active_record/ActiveRecord.rb:80:50:80:55 | call to params |
|
||||
| active_record/ActiveRecord.rb:88:21:88:26 | call to params |
|
||||
| active_record/ActiveRecord.rb:92:27:92:32 | call to params |
|
||||
| active_record/ActiveRecord.rb:92:52:92:57 | call to params |
|
||||
| active_record/ActiveRecord.rb:96:28:96:33 | call to params |
|
||||
| active_record/ActiveRecord.rb:96:53:96:58 | call to params |
|
||||
| active_record/ActiveRecord.rb:106:59:106:64 | call to params |
|
||||
| active_storage/active_storage.rb:41:21:41:26 | call to params |
|
||||
| active_storage/active_storage.rb:42:24:42:29 | call to params |
|
||||
| app/controllers/foo/bars_controller.rb:13:21:13:26 | call to params |
|
||||
| app/controllers/foo/bars_controller.rb:14:10:14:15 | call to params |
|
||||
| app/controllers/foo/bars_controller.rb:21:21:21:26 | call to params |
|
||||
| app/controllers/foo/bars_controller.rb:22:10:22:15 | call to params |
|
||||
| app/views/foo/bars/show.html.erb:5:9:5:14 | call to params |
|
||||
paramsSources
|
||||
| action_controller/params_flow.rb:3:10:3:15 | call to params |
|
||||
| action_controller/params_flow.rb:7:10:7:15 | call to params |
|
||||
| action_controller/params_flow.rb:11:10:11:15 | call to params |
|
||||
| action_controller/params_flow.rb:15:10:15:15 | call to params |
|
||||
| action_controller/params_flow.rb:19:10:19:15 | call to params |
|
||||
| action_controller/params_flow.rb:23:10:23:15 | call to params |
|
||||
| action_controller/params_flow.rb:27:10:27:15 | call to params |
|
||||
| action_controller/params_flow.rb:31:10:31:15 | call to params |
|
||||
| action_controller/params_flow.rb:35:10:35:15 | call to params |
|
||||
| action_controller/params_flow.rb:39:10:39:15 | call to params |
|
||||
| action_controller/params_flow.rb:43:10:43:15 | call to params |
|
||||
| action_controller/params_flow.rb:47:10:47:15 | call to params |
|
||||
| action_controller/params_flow.rb:51:10:51:15 | call to params |
|
||||
| action_controller/params_flow.rb:55:10:55:15 | call to params |
|
||||
| action_controller/params_flow.rb:59:10:59:15 | call to params |
|
||||
| action_controller/params_flow.rb:63:10:63:15 | call to params |
|
||||
| action_controller/params_flow.rb:67:10:67:15 | call to params |
|
||||
| action_controller/params_flow.rb:71:10:71:15 | call to params |
|
||||
| action_controller/params_flow.rb:75:10:75:15 | call to params |
|
||||
| action_controller/params_flow.rb:79:10:79:15 | call to params |
|
||||
| action_controller/params_flow.rb:83:10:83:15 | call to params |
|
||||
| action_controller/params_flow.rb:87:10:87:15 | call to params |
|
||||
| action_controller/params_flow.rb:91:10:91:15 | call to params |
|
||||
| action_controller/params_flow.rb:95:10:95:15 | call to params |
|
||||
| action_controller/params_flow.rb:99:10:99:15 | call to params |
|
||||
| action_controller/params_flow.rb:103:10:103:15 | call to params |
|
||||
| action_controller/params_flow.rb:107:10:107:15 | call to params |
|
||||
| action_controller/params_flow.rb:111:10:111:15 | call to params |
|
||||
| action_controller/params_flow.rb:112:23:112:28 | call to params |
|
||||
| action_controller/params_flow.rb:116:10:116:15 | call to params |
|
||||
| action_controller/params_flow.rb:117:31:117:36 | call to params |
|
||||
| action_controller/params_flow.rb:121:10:121:15 | call to params |
|
||||
| action_controller/params_flow.rb:122:31:122:36 | call to params |
|
||||
| action_controller/params_flow.rb:126:10:126:15 | call to params |
|
||||
| action_controller/params_flow.rb:127:24:127:29 | call to params |
|
||||
| action_controller/params_flow.rb:130:14:130:19 | call to params |
|
||||
| action_controller/params_flow.rb:135:10:135:15 | call to params |
|
||||
| action_controller/params_flow.rb:136:32:136:37 | call to params |
|
||||
| action_controller/params_flow.rb:139:22:139:27 | call to params |
|
||||
| action_controller/params_flow.rb:144:10:144:15 | call to params |
|
||||
| action_controller/params_flow.rb:145:32:145:37 | call to params |
|
||||
| action_controller/params_flow.rb:148:22:148:27 | call to params |
|
||||
| action_controller/params_flow.rb:153:10:153:15 | call to params |
|
||||
| action_controller/params_flow.rb:154:32:154:37 | call to params |
|
||||
| action_controller/params_flow.rb:157:22:157:27 | call to params |
|
||||
| action_controller/params_flow.rb:166:10:166:15 | call to params |
|
||||
| action_controller/params_flow.rb:172:10:172:15 | call to params |
|
||||
| action_controller/params_flow.rb:176:10:176:15 | call to params |
|
||||
| action_mailer/mailer.rb:3:10:3:15 | call to params |
|
||||
| active_record/ActiveRecord.rb:28:30:28:35 | call to params |
|
||||
| active_record/ActiveRecord.rb:29:29:29:34 | call to params |
|
||||
| active_record/ActiveRecord.rb:30:31:30:36 | call to params |
|
||||
| active_record/ActiveRecord.rb:32:21:32:26 | call to params |
|
||||
| active_record/ActiveRecord.rb:34:34:34:39 | call to params |
|
||||
| active_record/ActiveRecord.rb:35:23:35:28 | call to params |
|
||||
| active_record/ActiveRecord.rb:35:38:35:43 | call to params |
|
||||
| active_record/ActiveRecord.rb:43:10:43:15 | call to params |
|
||||
| active_record/ActiveRecord.rb:50:11:50:16 | call to params |
|
||||
| active_record/ActiveRecord.rb:54:12:54:17 | call to params |
|
||||
| active_record/ActiveRecord.rb:59:12:59:17 | call to params |
|
||||
| active_record/ActiveRecord.rb:62:15:62:20 | call to params |
|
||||
| active_record/ActiveRecord.rb:68:21:68:26 | call to params |
|
||||
| active_record/ActiveRecord.rb:72:18:72:23 | call to params |
|
||||
| active_record/ActiveRecord.rb:76:24:76:29 | call to params |
|
||||
| active_record/ActiveRecord.rb:76:49:76:54 | call to params |
|
||||
| active_record/ActiveRecord.rb:80:25:80:30 | call to params |
|
||||
| active_record/ActiveRecord.rb:80:50:80:55 | call to params |
|
||||
| active_record/ActiveRecord.rb:88:21:88:26 | call to params |
|
||||
| active_record/ActiveRecord.rb:92:27:92:32 | call to params |
|
||||
| active_record/ActiveRecord.rb:92:52:92:57 | call to params |
|
||||
| active_record/ActiveRecord.rb:96:28:96:33 | call to params |
|
||||
| active_record/ActiveRecord.rb:96:53:96:58 | call to params |
|
||||
| active_record/ActiveRecord.rb:106:59:106:64 | call to params |
|
||||
| active_storage/active_storage.rb:41:21:41:26 | call to params |
|
||||
| active_storage/active_storage.rb:42:24:42:29 | call to params |
|
||||
| app/controllers/foo/bars_controller.rb:13:21:13:26 | call to params |
|
||||
| app/controllers/foo/bars_controller.rb:14:10:14:15 | call to params |
|
||||
| app/controllers/foo/bars_controller.rb:21:21:21:26 | call to params |
|
||||
| app/controllers/foo/bars_controller.rb:22:10:22:15 | call to params |
|
||||
| app/views/foo/bars/show.html.erb:5:9:5:14 | call to params |
|
||||
httpInputAccesses
|
||||
| action_controller/input_access.rb:3:5:3:18 | call to params | ActionDispatch::Request#params |
|
||||
| action_controller/input_access.rb:4:5:4:22 | call to parameters | ActionDispatch::Request#parameters |
|
||||
| action_controller/input_access.rb:5:5:5:15 | call to GET | ActionDispatch::Request#GET |
|
||||
| action_controller/input_access.rb:6:5:6:16 | call to POST | ActionDispatch::Request#POST |
|
||||
| action_controller/input_access.rb:7:5:7:28 | call to query_parameters | ActionDispatch::Request#query_parameters |
|
||||
| action_controller/input_access.rb:8:5:8:30 | call to request_parameters | ActionDispatch::Request#request_parameters |
|
||||
| action_controller/input_access.rb:9:5:9:31 | call to filtered_parameters | ActionDispatch::Request#filtered_parameters |
|
||||
| action_controller/input_access.rb:11:5:11:25 | call to authorization | ActionDispatch::Request#authorization |
|
||||
| action_controller/input_access.rb:12:5:12:23 | call to script_name | ActionDispatch::Request#script_name |
|
||||
| action_controller/input_access.rb:13:5:13:21 | call to path_info | ActionDispatch::Request#path_info |
|
||||
| action_controller/input_access.rb:14:5:14:22 | call to user_agent | ActionDispatch::Request#user_agent |
|
||||
| action_controller/input_access.rb:15:5:15:19 | call to referer | ActionDispatch::Request#referer |
|
||||
| action_controller/input_access.rb:16:5:16:20 | call to referrer | ActionDispatch::Request#referrer |
|
||||
| action_controller/input_access.rb:17:5:17:26 | call to host_authority | ActionDispatch::Request#host_authority |
|
||||
| action_controller/input_access.rb:18:5:18:24 | call to content_type | ActionDispatch::Request#content_type |
|
||||
| action_controller/input_access.rb:19:5:19:16 | call to host | ActionDispatch::Request#host |
|
||||
| action_controller/input_access.rb:20:5:20:20 | call to hostname | ActionDispatch::Request#hostname |
|
||||
| action_controller/input_access.rb:21:5:21:27 | call to accept_encoding | ActionDispatch::Request#accept_encoding |
|
||||
| action_controller/input_access.rb:22:5:22:27 | call to accept_language | ActionDispatch::Request#accept_language |
|
||||
| action_controller/input_access.rb:23:5:23:25 | call to if_none_match | ActionDispatch::Request#if_none_match |
|
||||
| action_controller/input_access.rb:24:5:24:31 | call to if_none_match_etags | ActionDispatch::Request#if_none_match_etags |
|
||||
| action_controller/input_access.rb:25:5:25:29 | call to content_mime_type | ActionDispatch::Request#content_mime_type |
|
||||
| action_controller/input_access.rb:27:5:27:21 | call to authority | ActionDispatch::Request#authority |
|
||||
| action_controller/input_access.rb:28:5:28:16 | call to host | ActionDispatch::Request#host |
|
||||
| action_controller/input_access.rb:29:5:29:26 | call to host_authority | ActionDispatch::Request#host_authority |
|
||||
| action_controller/input_access.rb:30:5:30:26 | call to host_with_port | ActionDispatch::Request#host_with_port |
|
||||
| action_controller/input_access.rb:31:5:31:20 | call to hostname | ActionDispatch::Request#hostname |
|
||||
| action_controller/input_access.rb:32:5:32:25 | call to forwarded_for | ActionDispatch::Request#forwarded_for |
|
||||
| action_controller/input_access.rb:33:5:33:26 | call to forwarded_host | ActionDispatch::Request#forwarded_host |
|
||||
| action_controller/input_access.rb:34:5:34:16 | call to port | ActionDispatch::Request#port |
|
||||
| action_controller/input_access.rb:35:5:35:26 | call to forwarded_port | ActionDispatch::Request#forwarded_port |
|
||||
| action_controller/input_access.rb:37:5:37:22 | call to media_type | ActionDispatch::Request#media_type |
|
||||
| action_controller/input_access.rb:38:5:38:29 | call to media_type_params | ActionDispatch::Request#media_type_params |
|
||||
| action_controller/input_access.rb:39:5:39:27 | call to content_charset | ActionDispatch::Request#content_charset |
|
||||
| action_controller/input_access.rb:40:5:40:20 | call to base_url | ActionDispatch::Request#base_url |
|
||||
| action_controller/input_access.rb:42:5:42:16 | call to body | ActionDispatch::Request#body |
|
||||
| action_controller/input_access.rb:43:5:43:20 | call to raw_post | ActionDispatch::Request#raw_post |
|
||||
| action_controller/input_access.rb:45:5:45:30 | ...[...] | ActionDispatch::Request#env[] |
|
||||
| action_controller/input_access.rb:47:5:47:39 | ...[...] | ActionDispatch::Request#env[] |
|
||||
| action_controller/params_flow.rb:3:10:3:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:7:10:7:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:11:10:11:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:15:10:15:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:19:10:19:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:23:10:23:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:27:10:27:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:31:10:31:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:35:10:35:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:39:10:39:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:43:10:43:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:47:10:47:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:51:10:51:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:55:10:55:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:59:10:59:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:63:10:63:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:67:10:67:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:71:10:71:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:75:10:75:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:79:10:79:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:83:10:83:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:87:10:87:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:91:10:91:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:95:10:95:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:99:10:99:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:103:10:103:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:107:10:107:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:111:10:111:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:112:23:112:28 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:116:10:116:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:117:31:117:36 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:121:10:121:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:122:31:122:36 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:126:10:126:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:127:24:127:29 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:130:14:130:19 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:135:10:135:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:136:32:136:37 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:139:22:139:27 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:144:10:144:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:145:32:145:37 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:148:22:148:27 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:153:10:153:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:154:32:154:37 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:157:22:157:27 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:166:10:166:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:172:10:172:15 | call to params | ActionController::Metal#params |
|
||||
| action_controller/params_flow.rb:176:10:176:15 | call to params | ActionController::Metal#params |
|
||||
| action_mailer/mailer.rb:3:10:3:15 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:28:30:28:35 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:29:29:29:34 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:30:31:30:36 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:32:21:32:26 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:34:34:34:39 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:35:23:35:28 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:35:38:35:43 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:43:10:43:15 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:50:11:50:16 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:54:12:54:17 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:59:12:59:17 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:62:15:62:20 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:68:21:68:26 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:72:18:72:23 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:76:24:76:29 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:76:49:76:54 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:80:25:80:30 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:80:50:80:55 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:88:21:88:26 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:92:27:92:32 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:92:52:92:57 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:96:28:96:33 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:96:53:96:58 | call to params | ActionController::Metal#params |
|
||||
| active_record/ActiveRecord.rb:106:59:106:64 | call to params | ActionController::Metal#params |
|
||||
| active_storage/active_storage.rb:41:21:41:26 | call to params | ActionController::Metal#params |
|
||||
| active_storage/active_storage.rb:42:24:42:29 | call to params | ActionController::Metal#params |
|
||||
| app/controllers/comments_controller.rb:3:5:3:18 | call to params | ActionDispatch::Request#params |
|
||||
| app/controllers/comments_controller.rb:4:5:4:22 | call to parameters | ActionDispatch::Request#parameters |
|
||||
| app/controllers/comments_controller.rb:5:5:5:15 | call to GET | ActionDispatch::Request#GET |
|
||||
| app/controllers/comments_controller.rb:6:5:6:16 | call to POST | ActionDispatch::Request#POST |
|
||||
| app/controllers/comments_controller.rb:7:5:7:28 | call to query_parameters | ActionDispatch::Request#query_parameters |
|
||||
| app/controllers/comments_controller.rb:8:5:8:30 | call to request_parameters | ActionDispatch::Request#request_parameters |
|
||||
| app/controllers/comments_controller.rb:9:5:9:31 | call to filtered_parameters | ActionDispatch::Request#filtered_parameters |
|
||||
| app/controllers/foo/bars_controller.rb:10:27:10:33 | call to cookies | ActionController::Metal#cookies |
|
||||
| app/controllers/foo/bars_controller.rb:13:21:13:26 | call to params | ActionController::Metal#params |
|
||||
| app/controllers/foo/bars_controller.rb:14:10:14:15 | call to params | ActionController::Metal#params |
|
||||
| app/controllers/foo/bars_controller.rb:21:21:21:26 | call to params | ActionController::Metal#params |
|
||||
| app/controllers/foo/bars_controller.rb:22:10:22:15 | call to params | ActionController::Metal#params |
|
||||
| app/graphql/mutations/dummy.rb:5:24:5:25 | id | GraphQL RoutedParameter |
|
||||
| app/graphql/mutations/dummy.rb:9:17:9:25 | something | GraphQL RoutedParameter |
|
||||
| app/graphql/resolvers/dummy_resolver.rb:6:24:6:25 | id | GraphQL RoutedParameter |
|
||||
| app/graphql/resolvers/dummy_resolver.rb:10:17:10:25 | something | GraphQL RoutedParameter |
|
||||
| app/graphql/types/query_type.rb:10:18:10:23 | number | GraphQL RoutedParameter |
|
||||
| app/graphql/types/query_type.rb:18:23:18:33 | blah_number | GraphQL RoutedParameter |
|
||||
| app/graphql/types/query_type.rb:27:20:27:25 | **args | GraphQL RoutedParameter |
|
||||
| app/graphql/types/query_type.rb:36:34:36:37 | arg1 | GraphQL RoutedParameter |
|
||||
| app/graphql/types/query_type.rb:36:41:36:46 | **rest | GraphQL RoutedParameter |
|
||||
| app/views/foo/bars/show.html.erb:5:9:5:14 | call to params | ActionController::Metal#params |
|
||||
cookiesCalls
|
||||
| app/controllers/foo/bars_controller.rb:10:27:10:33 | call to cookies |
|
||||
cookiesSources
|
||||
| app/controllers/foo/bars_controller.rb:10:27:10:33 | call to cookies |
|
||||
redirectToCalls
|
||||
| app/controllers/foo/bars_controller.rb:17:5:17:30 | call to redirect_to |
|
||||
| app/controllers/foo/bars_controller.rb:27:5:27:39 | call to redirect_back_or_to |
|
||||
| app/controllers/foo/bars_controller.rb:31:5:31:56 | call to redirect_back |
|
||||
actionControllerHelperMethods
|
||||
getAssociatedControllerClasses
|
||||
| app/controllers/foo/bars_controller.rb:3:1:46:3 | BarsController | app/views/foo/bars/_widget.html.erb:0:0:0:0 | app/views/foo/bars/_widget.html.erb |
|
||||
| app/controllers/foo/bars_controller.rb:3:1:46:3 | BarsController | app/views/foo/bars/show.html.erb:0:0:0:0 | app/views/foo/bars/show.html.erb |
|
||||
controllerTemplateFiles
|
||||
| app/controllers/foo/bars_controller.rb:3:1:46:3 | BarsController | app/views/foo/bars/_widget.html.erb:0:0:0:0 | app/views/foo/bars/_widget.html.erb |
|
||||
| app/controllers/foo/bars_controller.rb:3:1:46:3 | BarsController | app/views/foo/bars/show.html.erb:0:0:0:0 | app/views/foo/bars/show.html.erb |
|
||||
headerWriteAccesses
|
||||
| app/controllers/comments_controller.rb:15:5:15:35 | call to []= | content-type | app/controllers/comments_controller.rb:15:39:15:49 | ... = ... |
|
||||
| app/controllers/comments_controller.rb:16:5:16:46 | call to set_header | content-length | app/controllers/comments_controller.rb:16:43:16:45 | 100 |
|
||||
| app/controllers/comments_controller.rb:17:5:17:39 | call to []= | x-custom-header | app/controllers/comments_controller.rb:17:43:17:46 | ... = ... |
|
||||
| app/controllers/comments_controller.rb:18:5:18:39 | call to []= | x-another-custom-header | app/controllers/comments_controller.rb:18:43:18:47 | ... = ... |
|
||||
| app/controllers/comments_controller.rb:19:5:19:49 | call to add_header | x-yet-another | app/controllers/comments_controller.rb:19:42:19:49 | "indeed" |
|
||||
| app/controllers/comments_controller.rb:25:5:25:21 | call to location= | location | app/controllers/comments_controller.rb:25:25:25:36 | ... = ... |
|
||||
| app/controllers/comments_controller.rb:26:5:26:26 | call to cache_control= | cache-control | app/controllers/comments_controller.rb:26:30:26:36 | ... = ... |
|
||||
| app/controllers/comments_controller.rb:27:5:27:27 | call to _cache_control= | cache-control | app/controllers/comments_controller.rb:27:31:27:37 | ... = ... |
|
||||
| app/controllers/comments_controller.rb:28:5:28:17 | call to etag= | etag | app/controllers/comments_controller.rb:28:21:28:27 | ... = ... |
|
||||
| app/controllers/comments_controller.rb:29:5:29:20 | call to charset= | content-type | app/controllers/comments_controller.rb:29:24:29:30 | ... = ... |
|
||||
| app/controllers/comments_controller.rb:30:5:30:25 | call to content_type= | content-type | app/controllers/comments_controller.rb:30:29:30:35 | ... = ... |
|
||||
| app/controllers/comments_controller.rb:32:5:32:17 | call to date= | date | app/controllers/comments_controller.rb:32:21:32:30 | ... = ... |
|
||||
| app/controllers/comments_controller.rb:33:5:33:26 | call to last_modified= | last-modified | app/controllers/comments_controller.rb:33:30:33:43 | ... = ... |
|
||||
| app/controllers/comments_controller.rb:34:5:34:22 | call to weak_etag= | etag | app/controllers/comments_controller.rb:34:26:34:32 | ... = ... |
|
||||
| app/controllers/comments_controller.rb:35:5:35:24 | call to strong_etag= | etag | app/controllers/comments_controller.rb:35:28:35:34 | ... = ... |
|
|
@ -34,15 +34,26 @@ actionDispatchRoutes
|
|||
| app/config/routes.rb:49:5:49:95 | call to delete | delete | users/:user/notifications | users/notifications | destroy |
|
||||
| app/config/routes.rb:50:5:50:94 | call to post | post | users/:user/notifications/:notification_id/mark_as_read | users/notifications | mark_as_read |
|
||||
actionDispatchControllerMethods
|
||||
| app/config/routes.rb:2:3:8:5 | call to resources | action_controller/controllers/posts_controller.rb:2:3:3:5 | index |
|
||||
| app/config/routes.rb:2:3:8:5 | call to resources | action_controller/controllers/posts_controller.rb:5:3:6:5 | show |
|
||||
| app/config/routes.rb:2:3:8:5 | call to resources | app/controllers/posts_controller.rb:2:3:3:5 | index |
|
||||
| app/config/routes.rb:2:3:8:5 | call to resources | app/controllers/posts_controller.rb:5:3:6:5 | show |
|
||||
| app/config/routes.rb:3:5:6:7 | call to resources | action_controller/controllers/comments_controller.rb:2:3:36:5 | index |
|
||||
| app/config/routes.rb:3:5:6:7 | call to resources | action_controller/controllers/comments_controller.rb:38:3:44:5 | show |
|
||||
| app/config/routes.rb:3:5:6:7 | call to resources | action_controller/controllers/comments_controller.rb:50:3:52:5 | destroy |
|
||||
| app/config/routes.rb:3:5:6:7 | call to resources | app/controllers/comments_controller.rb:2:3:36:5 | index |
|
||||
| app/config/routes.rb:3:5:6:7 | call to resources | app/controllers/comments_controller.rb:38:3:39:5 | show |
|
||||
| app/config/routes.rb:7:5:7:37 | call to post | action_controller/controllers/posts_controller.rb:8:3:9:5 | upvote |
|
||||
| app/config/routes.rb:7:5:7:37 | call to post | app/controllers/posts_controller.rb:8:3:9:5 | upvote |
|
||||
| app/config/routes.rb:27:3:27:48 | call to match | action_controller/controllers/photos_controller.rb:2:3:3:5 | show |
|
||||
| app/config/routes.rb:27:3:27:48 | call to match | app/controllers/photos_controller.rb:2:3:3:5 | show |
|
||||
| app/config/routes.rb:28:3:28:50 | call to match | action_controller/controllers/photos_controller.rb:2:3:3:5 | show |
|
||||
| app/config/routes.rb:28:3:28:50 | call to match | app/controllers/photos_controller.rb:2:3:3:5 | show |
|
||||
| app/config/routes.rb:29:3:29:69 | call to match | action_controller/controllers/photos_controller.rb:2:3:3:5 | show |
|
||||
| app/config/routes.rb:29:3:29:69 | call to match | app/controllers/photos_controller.rb:2:3:3:5 | show |
|
||||
| app/config/routes.rb:30:3:30:50 | call to match | action_controller/controllers/photos_controller.rb:2:3:3:5 | show |
|
||||
| app/config/routes.rb:30:3:30:50 | call to match | app/controllers/photos_controller.rb:2:3:3:5 | show |
|
||||
| app/config/routes.rb:50:5:50:94 | call to post | action_controller/controllers/users/notifications_controller.rb:3:5:4:7 | mark_as_read |
|
||||
| app/config/routes.rb:50:5:50:94 | call to post | app/controllers/users/notifications_controller.rb:3:5:4:7 | mark_as_read |
|
||||
underscore
|
||||
| Foo | foo |
|
||||
|
|
|
@ -9,6 +9,12 @@ rawCalls
|
|||
| app/views/foo/bars/show.html.erb:5:5:5:21 | call to raw |
|
||||
| app/views/foo/bars/show.html.erb:7:5:7:19 | call to raw |
|
||||
renderCalls
|
||||
| action_controller/controllers/comments_controller.rb:42:21:42:64 | call to render |
|
||||
| action_controller/controllers/foo/bars_controller.rb:6:5:6:37 | call to render |
|
||||
| action_controller/controllers/foo/bars_controller.rb:23:5:23:76 | call to render |
|
||||
| action_controller/controllers/foo/bars_controller.rb:35:5:35:33 | call to render |
|
||||
| action_controller/controllers/foo/bars_controller.rb:38:5:38:50 | call to render |
|
||||
| action_controller/controllers/foo/bars_controller.rb:44:5:44:17 | call to render |
|
||||
| app/controllers/foo/bars_controller.rb:6:5:6:37 | call to render |
|
||||
| app/controllers/foo/bars_controller.rb:23:5:23:76 | call to render |
|
||||
| app/controllers/foo/bars_controller.rb:35:5:35:33 | call to render |
|
||||
|
@ -16,11 +22,22 @@ renderCalls
|
|||
| app/controllers/foo/bars_controller.rb:44:5:44:17 | call to render |
|
||||
| app/views/foo/bars/show.html.erb:31:5:31:89 | call to render |
|
||||
renderToCalls
|
||||
| action_controller/controllers/foo/bars_controller.rb:15:16:15:97 | call to render_to_string |
|
||||
| action_controller/controllers/foo/bars_controller.rb:36:12:36:67 | call to render_to_string |
|
||||
| app/controllers/foo/bars_controller.rb:15:16:15:97 | call to render_to_string |
|
||||
| app/controllers/foo/bars_controller.rb:36:12:36:67 | call to render_to_string |
|
||||
linkToCalls
|
||||
| app/views/foo/bars/show.html.erb:33:5:33:41 | call to link_to |
|
||||
httpResponses
|
||||
| action_controller/controllers/comments_controller.rb:11:5:11:17 | call to body= | action_controller/controllers/comments_controller.rb:11:21:11:34 | ... = ... | text/http |
|
||||
| action_controller/controllers/comments_controller.rb:21:5:21:37 | call to send_file | action_controller/controllers/comments_controller.rb:21:24:21:36 | "my-file.ext" | application/octet-stream |
|
||||
| action_controller/controllers/comments_controller.rb:47:5:47:20 | call to send_data | action_controller/controllers/comments_controller.rb:47:15:47:20 | @photo | application/octet-stream |
|
||||
| action_controller/controllers/foo/bars_controller.rb:15:16:15:97 | call to render_to_string | action_controller/controllers/foo/bars_controller.rb:15:33:15:47 | "foo/bars/show" | text/html |
|
||||
| action_controller/controllers/foo/bars_controller.rb:23:5:23:76 | call to render | action_controller/controllers/foo/bars_controller.rb:23:12:23:26 | "foo/bars/show" | text/html |
|
||||
| action_controller/controllers/foo/bars_controller.rb:35:5:35:33 | call to render | action_controller/controllers/foo/bars_controller.rb:35:18:35:33 | call to [] | application/json |
|
||||
| action_controller/controllers/foo/bars_controller.rb:36:12:36:67 | call to render_to_string | action_controller/controllers/foo/bars_controller.rb:36:29:36:33 | @user | application/json |
|
||||
| action_controller/controllers/foo/bars_controller.rb:38:5:38:50 | call to render | action_controller/controllers/foo/bars_controller.rb:38:12:38:22 | call to backtrace | text/plain |
|
||||
| action_controller/controllers/foo/bars_controller.rb:44:5:44:17 | call to render | action_controller/controllers/foo/bars_controller.rb:44:12:44:17 | "show" | text/html |
|
||||
| app/controllers/comments_controller.rb:11:5:11:17 | call to body= | app/controllers/comments_controller.rb:11:21:11:34 | ... = ... | text/http |
|
||||
| app/controllers/comments_controller.rb:21:5:21:37 | call to send_file | app/controllers/comments_controller.rb:21:24:21:36 | "my-file.ext" | application/octet-stream |
|
||||
| app/controllers/foo/bars_controller.rb:15:16:15:97 | call to render_to_string | app/controllers/foo/bars_controller.rb:15:33:15:47 | "foo/bars/show" | text/html |
|
||||
|
|
|
@ -0,0 +1,322 @@
|
|||
actionControllerControllerClasses
|
||||
| controllers/comments_controller.rb:1:1:53:3 | CommentsController |
|
||||
| controllers/foo/bars_controller.rb:3:1:46:3 | BarsController |
|
||||
| controllers/photos_controller.rb:1:1:4:3 | PhotosController |
|
||||
| controllers/posts_controller.rb:1:1:10:3 | PostsController |
|
||||
| controllers/tags_controller.rb:1:1:2:3 | TagsController |
|
||||
| controllers/users/notifications_controller.rb:2:3:5:5 | Users::NotificationsController |
|
||||
| input_access.rb:1:1:50:3 | UsersController |
|
||||
| params_flow.rb:1:1:162:3 | MyController |
|
||||
| params_flow.rb:170:1:178:3 | Subclass |
|
||||
actionControllerActionMethods
|
||||
| controllers/comments_controller.rb:2:3:36:5 | index |
|
||||
| controllers/comments_controller.rb:38:3:44:5 | show |
|
||||
| controllers/comments_controller.rb:46:3:48:5 | photo |
|
||||
| controllers/comments_controller.rb:50:3:52:5 | destroy |
|
||||
| controllers/foo/bars_controller.rb:5:3:7:5 | index |
|
||||
| controllers/foo/bars_controller.rb:9:3:18:5 | show_debug |
|
||||
| controllers/foo/bars_controller.rb:20:3:24:5 | show |
|
||||
| controllers/foo/bars_controller.rb:26:3:28:5 | go_back |
|
||||
| controllers/foo/bars_controller.rb:30:3:32:5 | go_back_2 |
|
||||
| controllers/foo/bars_controller.rb:34:3:39:5 | show_2 |
|
||||
| controllers/photos_controller.rb:2:3:3:5 | show |
|
||||
| controllers/posts_controller.rb:2:3:3:5 | index |
|
||||
| controllers/posts_controller.rb:5:3:6:5 | show |
|
||||
| controllers/posts_controller.rb:8:3:9:5 | upvote |
|
||||
| controllers/users/notifications_controller.rb:3:5:4:7 | mark_as_read |
|
||||
| input_access.rb:2:3:49:5 | index |
|
||||
| logging.rb:2:5:8:7 | index |
|
||||
| params_flow.rb:2:3:4:5 | m1 |
|
||||
| params_flow.rb:6:3:8:5 | m2 |
|
||||
| params_flow.rb:10:3:12:5 | m2 |
|
||||
| params_flow.rb:14:3:16:5 | m3 |
|
||||
| params_flow.rb:18:3:20:5 | m4 |
|
||||
| params_flow.rb:22:3:24:5 | m5 |
|
||||
| params_flow.rb:26:3:28:5 | m6 |
|
||||
| params_flow.rb:30:3:32:5 | m7 |
|
||||
| params_flow.rb:34:3:36:5 | m8 |
|
||||
| params_flow.rb:38:3:40:5 | m9 |
|
||||
| params_flow.rb:42:3:44:5 | m10 |
|
||||
| params_flow.rb:46:3:48:5 | m11 |
|
||||
| params_flow.rb:50:3:52:5 | m12 |
|
||||
| params_flow.rb:54:3:56:5 | m13 |
|
||||
| params_flow.rb:58:3:60:5 | m14 |
|
||||
| params_flow.rb:62:3:64:5 | m15 |
|
||||
| params_flow.rb:66:3:68:5 | m16 |
|
||||
| params_flow.rb:70:3:72:5 | m17 |
|
||||
| params_flow.rb:74:3:76:5 | m18 |
|
||||
| params_flow.rb:78:3:80:5 | m19 |
|
||||
| params_flow.rb:82:3:84:5 | m20 |
|
||||
| params_flow.rb:86:3:88:5 | m21 |
|
||||
| params_flow.rb:90:3:92:5 | m22 |
|
||||
| params_flow.rb:94:3:96:5 | m23 |
|
||||
| params_flow.rb:98:3:100:5 | m24 |
|
||||
| params_flow.rb:102:3:104:5 | m25 |
|
||||
| params_flow.rb:106:3:108:5 | m26 |
|
||||
| params_flow.rb:110:3:113:5 | m27 |
|
||||
| params_flow.rb:115:3:118:5 | m28 |
|
||||
| params_flow.rb:120:3:123:5 | m29 |
|
||||
| params_flow.rb:125:3:132:5 | m30 |
|
||||
| params_flow.rb:134:3:141:5 | m31 |
|
||||
| params_flow.rb:143:3:150:5 | m32 |
|
||||
| params_flow.rb:152:3:159:5 | m33 |
|
||||
| params_flow.rb:165:3:167:5 | m34 |
|
||||
| params_flow.rb:171:3:173:5 | m35 |
|
||||
paramsCalls
|
||||
| controllers/foo/bars_controller.rb:13:21:13:26 | call to params |
|
||||
| controllers/foo/bars_controller.rb:14:10:14:15 | call to params |
|
||||
| controllers/foo/bars_controller.rb:21:21:21:26 | call to params |
|
||||
| controllers/foo/bars_controller.rb:22:10:22:15 | call to params |
|
||||
| params_flow.rb:3:10:3:15 | call to params |
|
||||
| params_flow.rb:7:10:7:15 | call to params |
|
||||
| params_flow.rb:11:10:11:15 | call to params |
|
||||
| params_flow.rb:15:10:15:15 | call to params |
|
||||
| params_flow.rb:19:10:19:15 | call to params |
|
||||
| params_flow.rb:23:10:23:15 | call to params |
|
||||
| params_flow.rb:27:10:27:15 | call to params |
|
||||
| params_flow.rb:31:10:31:15 | call to params |
|
||||
| params_flow.rb:35:10:35:15 | call to params |
|
||||
| params_flow.rb:39:10:39:15 | call to params |
|
||||
| params_flow.rb:43:10:43:15 | call to params |
|
||||
| params_flow.rb:47:10:47:15 | call to params |
|
||||
| params_flow.rb:51:10:51:15 | call to params |
|
||||
| params_flow.rb:55:10:55:15 | call to params |
|
||||
| params_flow.rb:59:10:59:15 | call to params |
|
||||
| params_flow.rb:63:10:63:15 | call to params |
|
||||
| params_flow.rb:67:10:67:15 | call to params |
|
||||
| params_flow.rb:71:10:71:15 | call to params |
|
||||
| params_flow.rb:75:10:75:15 | call to params |
|
||||
| params_flow.rb:79:10:79:15 | call to params |
|
||||
| params_flow.rb:83:10:83:15 | call to params |
|
||||
| params_flow.rb:87:10:87:15 | call to params |
|
||||
| params_flow.rb:91:10:91:15 | call to params |
|
||||
| params_flow.rb:95:10:95:15 | call to params |
|
||||
| params_flow.rb:99:10:99:15 | call to params |
|
||||
| params_flow.rb:103:10:103:15 | call to params |
|
||||
| params_flow.rb:107:10:107:15 | call to params |
|
||||
| params_flow.rb:111:10:111:15 | call to params |
|
||||
| params_flow.rb:112:23:112:28 | call to params |
|
||||
| params_flow.rb:116:10:116:15 | call to params |
|
||||
| params_flow.rb:117:31:117:36 | call to params |
|
||||
| params_flow.rb:121:10:121:15 | call to params |
|
||||
| params_flow.rb:122:31:122:36 | call to params |
|
||||
| params_flow.rb:126:10:126:15 | call to params |
|
||||
| params_flow.rb:127:24:127:29 | call to params |
|
||||
| params_flow.rb:130:14:130:19 | call to params |
|
||||
| params_flow.rb:135:10:135:15 | call to params |
|
||||
| params_flow.rb:136:32:136:37 | call to params |
|
||||
| params_flow.rb:139:22:139:27 | call to params |
|
||||
| params_flow.rb:144:10:144:15 | call to params |
|
||||
| params_flow.rb:145:32:145:37 | call to params |
|
||||
| params_flow.rb:148:22:148:27 | call to params |
|
||||
| params_flow.rb:153:10:153:15 | call to params |
|
||||
| params_flow.rb:154:32:154:37 | call to params |
|
||||
| params_flow.rb:157:22:157:27 | call to params |
|
||||
| params_flow.rb:166:10:166:15 | call to params |
|
||||
| params_flow.rb:172:10:172:15 | call to params |
|
||||
| params_flow.rb:176:10:176:15 | call to params |
|
||||
paramsSources
|
||||
| controllers/foo/bars_controller.rb:13:21:13:26 | call to params |
|
||||
| controllers/foo/bars_controller.rb:14:10:14:15 | call to params |
|
||||
| controllers/foo/bars_controller.rb:21:21:21:26 | call to params |
|
||||
| controllers/foo/bars_controller.rb:22:10:22:15 | call to params |
|
||||
| params_flow.rb:3:10:3:15 | call to params |
|
||||
| params_flow.rb:7:10:7:15 | call to params |
|
||||
| params_flow.rb:11:10:11:15 | call to params |
|
||||
| params_flow.rb:15:10:15:15 | call to params |
|
||||
| params_flow.rb:19:10:19:15 | call to params |
|
||||
| params_flow.rb:23:10:23:15 | call to params |
|
||||
| params_flow.rb:27:10:27:15 | call to params |
|
||||
| params_flow.rb:31:10:31:15 | call to params |
|
||||
| params_flow.rb:35:10:35:15 | call to params |
|
||||
| params_flow.rb:39:10:39:15 | call to params |
|
||||
| params_flow.rb:43:10:43:15 | call to params |
|
||||
| params_flow.rb:47:10:47:15 | call to params |
|
||||
| params_flow.rb:51:10:51:15 | call to params |
|
||||
| params_flow.rb:55:10:55:15 | call to params |
|
||||
| params_flow.rb:59:10:59:15 | call to params |
|
||||
| params_flow.rb:63:10:63:15 | call to params |
|
||||
| params_flow.rb:67:10:67:15 | call to params |
|
||||
| params_flow.rb:71:10:71:15 | call to params |
|
||||
| params_flow.rb:75:10:75:15 | call to params |
|
||||
| params_flow.rb:79:10:79:15 | call to params |
|
||||
| params_flow.rb:83:10:83:15 | call to params |
|
||||
| params_flow.rb:87:10:87:15 | call to params |
|
||||
| params_flow.rb:91:10:91:15 | call to params |
|
||||
| params_flow.rb:95:10:95:15 | call to params |
|
||||
| params_flow.rb:99:10:99:15 | call to params |
|
||||
| params_flow.rb:103:10:103:15 | call to params |
|
||||
| params_flow.rb:107:10:107:15 | call to params |
|
||||
| params_flow.rb:111:10:111:15 | call to params |
|
||||
| params_flow.rb:112:23:112:28 | call to params |
|
||||
| params_flow.rb:116:10:116:15 | call to params |
|
||||
| params_flow.rb:117:31:117:36 | call to params |
|
||||
| params_flow.rb:121:10:121:15 | call to params |
|
||||
| params_flow.rb:122:31:122:36 | call to params |
|
||||
| params_flow.rb:126:10:126:15 | call to params |
|
||||
| params_flow.rb:127:24:127:29 | call to params |
|
||||
| params_flow.rb:130:14:130:19 | call to params |
|
||||
| params_flow.rb:135:10:135:15 | call to params |
|
||||
| params_flow.rb:136:32:136:37 | call to params |
|
||||
| params_flow.rb:139:22:139:27 | call to params |
|
||||
| params_flow.rb:144:10:144:15 | call to params |
|
||||
| params_flow.rb:145:32:145:37 | call to params |
|
||||
| params_flow.rb:148:22:148:27 | call to params |
|
||||
| params_flow.rb:153:10:153:15 | call to params |
|
||||
| params_flow.rb:154:32:154:37 | call to params |
|
||||
| params_flow.rb:157:22:157:27 | call to params |
|
||||
| params_flow.rb:166:10:166:15 | call to params |
|
||||
| params_flow.rb:172:10:172:15 | call to params |
|
||||
| params_flow.rb:176:10:176:15 | call to params |
|
||||
httpInputAccesses
|
||||
| controllers/comments_controller.rb:3:5:3:18 | call to params | ActionDispatch::Request#params |
|
||||
| controllers/comments_controller.rb:4:5:4:22 | call to parameters | ActionDispatch::Request#parameters |
|
||||
| controllers/comments_controller.rb:5:5:5:15 | call to GET | ActionDispatch::Request#GET |
|
||||
| controllers/comments_controller.rb:6:5:6:16 | call to POST | ActionDispatch::Request#POST |
|
||||
| controllers/comments_controller.rb:7:5:7:28 | call to query_parameters | ActionDispatch::Request#query_parameters |
|
||||
| controllers/comments_controller.rb:8:5:8:30 | call to request_parameters | ActionDispatch::Request#request_parameters |
|
||||
| controllers/comments_controller.rb:9:5:9:31 | call to filtered_parameters | ActionDispatch::Request#filtered_parameters |
|
||||
| controllers/comments_controller.rb:51:12:51:30 | call to body_stream | ActionDispatch::Request#body_stream |
|
||||
| controllers/foo/bars_controller.rb:10:27:10:33 | call to cookies | ActionController::Metal#cookies |
|
||||
| controllers/foo/bars_controller.rb:13:21:13:26 | call to params | ActionController::Metal#params |
|
||||
| controllers/foo/bars_controller.rb:14:10:14:15 | call to params | ActionController::Metal#params |
|
||||
| controllers/foo/bars_controller.rb:21:21:21:26 | call to params | ActionController::Metal#params |
|
||||
| controllers/foo/bars_controller.rb:22:10:22:15 | call to params | ActionController::Metal#params |
|
||||
| input_access.rb:3:5:3:18 | call to params | ActionDispatch::Request#params |
|
||||
| input_access.rb:4:5:4:22 | call to parameters | ActionDispatch::Request#parameters |
|
||||
| input_access.rb:5:5:5:15 | call to GET | ActionDispatch::Request#GET |
|
||||
| input_access.rb:6:5:6:16 | call to POST | ActionDispatch::Request#POST |
|
||||
| input_access.rb:7:5:7:28 | call to query_parameters | ActionDispatch::Request#query_parameters |
|
||||
| input_access.rb:8:5:8:30 | call to request_parameters | ActionDispatch::Request#request_parameters |
|
||||
| input_access.rb:9:5:9:31 | call to filtered_parameters | ActionDispatch::Request#filtered_parameters |
|
||||
| input_access.rb:11:5:11:25 | call to authorization | ActionDispatch::Request#authorization |
|
||||
| input_access.rb:12:5:12:23 | call to script_name | ActionDispatch::Request#script_name |
|
||||
| input_access.rb:13:5:13:21 | call to path_info | ActionDispatch::Request#path_info |
|
||||
| input_access.rb:14:5:14:22 | call to user_agent | ActionDispatch::Request#user_agent |
|
||||
| input_access.rb:15:5:15:19 | call to referer | ActionDispatch::Request#referer |
|
||||
| input_access.rb:16:5:16:20 | call to referrer | ActionDispatch::Request#referrer |
|
||||
| input_access.rb:17:5:17:26 | call to host_authority | ActionDispatch::Request#host_authority |
|
||||
| input_access.rb:18:5:18:24 | call to content_type | ActionDispatch::Request#content_type |
|
||||
| input_access.rb:19:5:19:16 | call to host | ActionDispatch::Request#host |
|
||||
| input_access.rb:20:5:20:20 | call to hostname | ActionDispatch::Request#hostname |
|
||||
| input_access.rb:21:5:21:27 | call to accept_encoding | ActionDispatch::Request#accept_encoding |
|
||||
| input_access.rb:22:5:22:27 | call to accept_language | ActionDispatch::Request#accept_language |
|
||||
| input_access.rb:23:5:23:25 | call to if_none_match | ActionDispatch::Request#if_none_match |
|
||||
| input_access.rb:24:5:24:31 | call to if_none_match_etags | ActionDispatch::Request#if_none_match_etags |
|
||||
| input_access.rb:25:5:25:29 | call to content_mime_type | ActionDispatch::Request#content_mime_type |
|
||||
| input_access.rb:27:5:27:21 | call to authority | ActionDispatch::Request#authority |
|
||||
| input_access.rb:28:5:28:16 | call to host | ActionDispatch::Request#host |
|
||||
| input_access.rb:29:5:29:26 | call to host_authority | ActionDispatch::Request#host_authority |
|
||||
| input_access.rb:30:5:30:26 | call to host_with_port | ActionDispatch::Request#host_with_port |
|
||||
| input_access.rb:31:5:31:20 | call to hostname | ActionDispatch::Request#hostname |
|
||||
| input_access.rb:32:5:32:25 | call to forwarded_for | ActionDispatch::Request#forwarded_for |
|
||||
| input_access.rb:33:5:33:26 | call to forwarded_host | ActionDispatch::Request#forwarded_host |
|
||||
| input_access.rb:34:5:34:16 | call to port | ActionDispatch::Request#port |
|
||||
| input_access.rb:35:5:35:26 | call to forwarded_port | ActionDispatch::Request#forwarded_port |
|
||||
| input_access.rb:37:5:37:22 | call to media_type | ActionDispatch::Request#media_type |
|
||||
| input_access.rb:38:5:38:29 | call to media_type_params | ActionDispatch::Request#media_type_params |
|
||||
| input_access.rb:39:5:39:27 | call to content_charset | ActionDispatch::Request#content_charset |
|
||||
| input_access.rb:40:5:40:20 | call to base_url | ActionDispatch::Request#base_url |
|
||||
| input_access.rb:42:5:42:16 | call to body | ActionDispatch::Request#body |
|
||||
| input_access.rb:43:5:43:20 | call to raw_post | ActionDispatch::Request#raw_post |
|
||||
| input_access.rb:45:5:45:30 | ...[...] | ActionDispatch::Request#env[] |
|
||||
| input_access.rb:47:5:47:39 | ...[...] | ActionDispatch::Request#env[] |
|
||||
| logging.rb:5:22:5:35 | call to params | ActionDispatch::Request#params |
|
||||
| params_flow.rb:3:10:3:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:7:10:7:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:11:10:11:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:15:10:15:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:19:10:19:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:23:10:23:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:27:10:27:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:31:10:31:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:35:10:35:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:39:10:39:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:43:10:43:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:47:10:47:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:51:10:51:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:55:10:55:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:59:10:59:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:63:10:63:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:67:10:67:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:71:10:71:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:75:10:75:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:79:10:79:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:83:10:83:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:87:10:87:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:91:10:91:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:95:10:95:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:99:10:99:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:103:10:103:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:107:10:107:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:111:10:111:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:112:23:112:28 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:116:10:116:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:117:31:117:36 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:121:10:121:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:122:31:122:36 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:126:10:126:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:127:24:127:29 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:130:14:130:19 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:135:10:135:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:136:32:136:37 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:139:22:139:27 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:144:10:144:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:145:32:145:37 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:148:22:148:27 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:153:10:153:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:154:32:154:37 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:157:22:157:27 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:166:10:166:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:172:10:172:15 | call to params | ActionController::Metal#params |
|
||||
| params_flow.rb:176:10:176:15 | call to params | ActionController::Metal#params |
|
||||
cookiesCalls
|
||||
| controllers/foo/bars_controller.rb:10:27:10:33 | call to cookies |
|
||||
cookiesSources
|
||||
| controllers/foo/bars_controller.rb:10:27:10:33 | call to cookies |
|
||||
redirectToCalls
|
||||
| controllers/comments_controller.rb:40:21:40:49 | call to redirect_to |
|
||||
| controllers/foo/bars_controller.rb:17:5:17:30 | call to redirect_to |
|
||||
| controllers/foo/bars_controller.rb:27:5:27:39 | call to redirect_back_or_to |
|
||||
| controllers/foo/bars_controller.rb:31:5:31:56 | call to redirect_back |
|
||||
renderCalls
|
||||
| controllers/comments_controller.rb:42:21:42:64 | call to render |
|
||||
| controllers/foo/bars_controller.rb:6:5:6:37 | call to render |
|
||||
| controllers/foo/bars_controller.rb:23:5:23:76 | call to render |
|
||||
| controllers/foo/bars_controller.rb:35:5:35:33 | call to render |
|
||||
| controllers/foo/bars_controller.rb:38:5:38:50 | call to render |
|
||||
| controllers/foo/bars_controller.rb:44:5:44:17 | call to render |
|
||||
httpResponses
|
||||
| controllers/comments_controller.rb:11:5:11:17 | call to body= | controllers/comments_controller.rb:11:21:11:34 | ... = ... |
|
||||
| controllers/comments_controller.rb:21:5:21:37 | call to send_file | controllers/comments_controller.rb:21:24:21:36 | "my-file.ext" |
|
||||
| controllers/comments_controller.rb:47:5:47:20 | call to send_data | controllers/comments_controller.rb:47:15:47:20 | @photo |
|
||||
| controllers/foo/bars_controller.rb:15:16:15:97 | call to render_to_string | controllers/foo/bars_controller.rb:15:33:15:47 | "foo/bars/show" |
|
||||
| controllers/foo/bars_controller.rb:23:5:23:76 | call to render | controllers/foo/bars_controller.rb:23:12:23:26 | "foo/bars/show" |
|
||||
| controllers/foo/bars_controller.rb:35:5:35:33 | call to render | controllers/foo/bars_controller.rb:35:18:35:33 | call to [] |
|
||||
| controllers/foo/bars_controller.rb:36:12:36:67 | call to render_to_string | controllers/foo/bars_controller.rb:36:29:36:33 | @user |
|
||||
| controllers/foo/bars_controller.rb:38:5:38:50 | call to render | controllers/foo/bars_controller.rb:38:12:38:22 | call to backtrace |
|
||||
| controllers/foo/bars_controller.rb:44:5:44:17 | call to render | controllers/foo/bars_controller.rb:44:12:44:17 | "show" |
|
||||
actionControllerHelperMethods
|
||||
getAssociatedControllerClasses
|
||||
controllerTemplateFiles
|
||||
headerWriteAccesses
|
||||
| controllers/comments_controller.rb:15:5:15:35 | call to []= | content-type | controllers/comments_controller.rb:15:39:15:49 | ... = ... |
|
||||
| controllers/comments_controller.rb:16:5:16:46 | call to set_header | content-length | controllers/comments_controller.rb:16:43:16:45 | 100 |
|
||||
| controllers/comments_controller.rb:17:5:17:39 | call to []= | x-custom-header | controllers/comments_controller.rb:17:43:17:46 | ... = ... |
|
||||
| controllers/comments_controller.rb:18:5:18:39 | call to []= | x-another-custom-header | controllers/comments_controller.rb:18:43:18:47 | ... = ... |
|
||||
| controllers/comments_controller.rb:19:5:19:49 | call to add_header | x-yet-another | controllers/comments_controller.rb:19:42:19:49 | "indeed" |
|
||||
| controllers/comments_controller.rb:25:5:25:21 | call to location= | location | controllers/comments_controller.rb:25:25:25:36 | ... = ... |
|
||||
| controllers/comments_controller.rb:26:5:26:26 | call to cache_control= | cache-control | controllers/comments_controller.rb:26:30:26:36 | ... = ... |
|
||||
| controllers/comments_controller.rb:27:5:27:27 | call to _cache_control= | cache-control | controllers/comments_controller.rb:27:31:27:37 | ... = ... |
|
||||
| controllers/comments_controller.rb:28:5:28:17 | call to etag= | etag | controllers/comments_controller.rb:28:21:28:27 | ... = ... |
|
||||
| controllers/comments_controller.rb:29:5:29:20 | call to charset= | content-type | controllers/comments_controller.rb:29:24:29:30 | ... = ... |
|
||||
| controllers/comments_controller.rb:30:5:30:25 | call to content_type= | content-type | controllers/comments_controller.rb:30:29:30:35 | ... = ... |
|
||||
| controllers/comments_controller.rb:32:5:32:17 | call to date= | date | controllers/comments_controller.rb:32:21:32:30 | ... = ... |
|
||||
| controllers/comments_controller.rb:33:5:33:26 | call to last_modified= | last-modified | controllers/comments_controller.rb:33:30:33:43 | ... = ... |
|
||||
| controllers/comments_controller.rb:34:5:34:22 | call to weak_etag= | etag | controllers/comments_controller.rb:34:26:34:32 | ... = ... |
|
||||
| controllers/comments_controller.rb:35:5:35:24 | call to strong_etag= | etag | controllers/comments_controller.rb:35:28:35:34 | ... = ... |
|
||||
loggingCalls
|
||||
| logging.rb:3:9:3:31 | call to info | logging.rb:3:21:3:31 | "some info" |
|
||||
| logging.rb:4:9:4:31 | call to warn | logging.rb:4:21:4:31 | "a warning" |
|
||||
| logging.rb:5:9:5:35 | call to debug | logging.rb:5:22:5:35 | call to params |
|
||||
| logging.rb:7:9:7:26 | call to info | logging.rb:7:16:7:26 | "more info" |
|
|
@ -23,6 +23,12 @@ query predicate cookiesSources(CookiesSource src) { any() }
|
|||
|
||||
query predicate redirectToCalls(RedirectToCall c) { any() }
|
||||
|
||||
query predicate renderCalls(Rails::RenderCall c) { any() }
|
||||
|
||||
query predicate httpResponses(Http::Server::HttpResponse r, DataFlow::Node body) {
|
||||
body = r.getBody()
|
||||
}
|
||||
|
||||
query predicate actionControllerHelperMethods(ActionControllerHelperMethod m) { any() }
|
||||
|
||||
query predicate getAssociatedControllerClasses(ActionControllerClass cls, ErbFile f) {
|
||||
|
@ -38,3 +44,5 @@ query predicate headerWriteAccesses(
|
|||
) {
|
||||
name = a.getName() and value = a.getValue()
|
||||
}
|
||||
|
||||
query predicate loggingCalls(Logging c, DataFlow::Node input) { input = c.getAnInput() }
|
|
@ -0,0 +1,53 @@
|
|||
class CommentsController < ApplicationController
|
||||
def index
|
||||
request.params
|
||||
request.parameters
|
||||
request.GET
|
||||
request.POST
|
||||
request.query_parameters
|
||||
request.request_parameters
|
||||
request.filtered_parameters
|
||||
|
||||
response.body = "some content"
|
||||
|
||||
response.status = 200
|
||||
|
||||
response.header["Content-Type"] = "text/html"
|
||||
response.set_header("Content-Length", 100)
|
||||
response.headers["X-Custom-Header"] = "hi"
|
||||
response["X-Another-Custom-Header"] = "yes"
|
||||
response.add_header "X-Yet-Another", "indeed"
|
||||
|
||||
response.send_file("my-file.ext")
|
||||
|
||||
response.request
|
||||
|
||||
response.location = "http://..." # relevant for url redirect query
|
||||
response.cache_control = "value"
|
||||
response._cache_control = "value"
|
||||
response.etag = "value"
|
||||
response.charset = "value" # sets the charset part of the content-type header
|
||||
response.content_type = "value" # sets the main part of the content-type header
|
||||
|
||||
response.date = Date.today
|
||||
response.last_modified = Date.yesterday
|
||||
response.weak_etag = "value"
|
||||
response.strong_etag = "value"
|
||||
end
|
||||
|
||||
def show
|
||||
respond_to do |format|
|
||||
format.html { redirect_to(comment_view_url) }
|
||||
format.json
|
||||
format.xml { render xml: @comment.to_xml(include: @photo) }
|
||||
end
|
||||
end
|
||||
|
||||
def photo
|
||||
send_data @photo
|
||||
end
|
||||
|
||||
def destroy
|
||||
body = request.body_stream
|
||||
end
|
||||
end
|
|
@ -0,0 +1,46 @@
|
|||
require 'json'
|
||||
|
||||
class BarsController < ApplicationController
|
||||
|
||||
def index
|
||||
render template: "foo/bars/index"
|
||||
end
|
||||
|
||||
def show_debug
|
||||
user_info = JSON.load cookies[:user_info]
|
||||
puts "User: #{user_info['name']}"
|
||||
|
||||
@user_website = params[:website]
|
||||
dt = params[:text]
|
||||
rendered = render_to_string "foo/bars/show", locals: { display_text: dt, safe_text: "hello" }
|
||||
puts rendered
|
||||
redirect_to action: "show"
|
||||
end
|
||||
|
||||
def show
|
||||
@user_website = params[:website]
|
||||
dt = params[:text]
|
||||
render "foo/bars/show", locals: { display_text: dt, safe_text: "hello" }
|
||||
end
|
||||
|
||||
def go_back
|
||||
redirect_back_or_to action: "index"
|
||||
end
|
||||
|
||||
def go_back_2
|
||||
redirect_back fallback_location: { action: "index" }
|
||||
end
|
||||
|
||||
def show_2
|
||||
render json: { some: "data" }
|
||||
body = render_to_string @user, content_type: "application/json"
|
||||
rescue => e
|
||||
render e.backtrace, content_type: "text/plain"
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def unreachable_action
|
||||
render "show"
|
||||
end
|
||||
end
|
|
@ -0,0 +1,4 @@
|
|||
class PhotosController < ApplicationController
|
||||
def show
|
||||
end
|
||||
end
|
|
@ -0,0 +1,10 @@
|
|||
class PostsController < ApplicationController
|
||||
def index
|
||||
end
|
||||
|
||||
def show
|
||||
end
|
||||
|
||||
def upvote
|
||||
end
|
||||
end
|
|
@ -0,0 +1,2 @@
|
|||
class TagsController < ActionController::Metal
|
||||
end
|
|
@ -0,0 +1,6 @@
|
|||
module Users
|
||||
class NotificationsController < ApplicationController
|
||||
def mark_as_read
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,9 @@
|
|||
class UsersController < ActionController::Base
|
||||
def index
|
||||
logger.info "some info"
|
||||
logger.warn "a warning"
|
||||
logger.debug request.params
|
||||
l = logger
|
||||
l.info "more info"
|
||||
end
|
||||
end
|
|
@ -11,6 +11,7 @@ edges
|
|||
| app/controllers/users_controller.rb:33:5:33:31 | ... = ... : | app/controllers/users_controller.rb:35:33:35:55 | ... + ... |
|
||||
| app/controllers/users_controller.rb:33:19:33:25 | call to cookies : | app/controllers/users_controller.rb:33:19:33:31 | ...[...] : |
|
||||
| app/controllers/users_controller.rb:33:19:33:31 | ...[...] : | app/controllers/users_controller.rb:33:5:33:31 | ... = ... : |
|
||||
| app/controllers/users_controller.rb:49:19:49:24 | call to params : | app/controllers/users_controller.rb:49:19:49:30 | ...[...] |
|
||||
nodes
|
||||
| app/controllers/users_controller.rb:15:19:15:24 | call to params : | semmle.label | call to params : |
|
||||
| app/controllers/users_controller.rb:15:19:15:30 | ...[...] : | semmle.label | ...[...] : |
|
||||
|
@ -26,6 +27,8 @@ nodes
|
|||
| app/controllers/users_controller.rb:33:19:33:31 | ...[...] : | semmle.label | ...[...] : |
|
||||
| app/controllers/users_controller.rb:34:33:34:43 | unsanitized | semmle.label | unsanitized |
|
||||
| app/controllers/users_controller.rb:35:33:35:55 | ... + ... | semmle.label | ... + ... |
|
||||
| app/controllers/users_controller.rb:49:19:49:24 | call to params : | semmle.label | call to params : |
|
||||
| app/controllers/users_controller.rb:49:19:49:30 | ...[...] | semmle.label | ...[...] |
|
||||
subpaths
|
||||
#select
|
||||
| app/controllers/users_controller.rb:16:19:16:29 | unsanitized | app/controllers/users_controller.rb:15:19:15:24 | call to params : | app/controllers/users_controller.rb:16:19:16:29 | unsanitized | Log entry depends on a $@. | app/controllers/users_controller.rb:15:19:15:24 | call to params | user-provided value |
|
||||
|
@ -34,3 +37,4 @@ subpaths
|
|||
| app/controllers/users_controller.rb:27:16:27:39 | ... + ... | app/controllers/users_controller.rb:15:19:15:24 | call to params : | app/controllers/users_controller.rb:27:16:27:39 | ... + ... | Log entry depends on a $@. | app/controllers/users_controller.rb:15:19:15:24 | call to params | user-provided value |
|
||||
| app/controllers/users_controller.rb:34:33:34:43 | unsanitized | app/controllers/users_controller.rb:33:19:33:25 | call to cookies : | app/controllers/users_controller.rb:34:33:34:43 | unsanitized | Log entry depends on a $@. | app/controllers/users_controller.rb:33:19:33:25 | call to cookies | user-provided value |
|
||||
| app/controllers/users_controller.rb:35:33:35:55 | ... + ... | app/controllers/users_controller.rb:33:19:33:25 | call to cookies : | app/controllers/users_controller.rb:35:33:35:55 | ... + ... | Log entry depends on a $@. | app/controllers/users_controller.rb:33:19:33:25 | call to cookies | user-provided value |
|
||||
| app/controllers/users_controller.rb:49:19:49:30 | ...[...] | app/controllers/users_controller.rb:49:19:49:24 | call to params : | app/controllers/users_controller.rb:49:19:49:30 | ...[...] | Log entry depends on a $@. | app/controllers/users_controller.rb:49:19:49:24 | call to params | user-provided value |
|
||||
|
|
|
@ -39,7 +39,14 @@ class UsersController < ApplicationController
|
|||
init_logger
|
||||
|
||||
sanitized = html_escape params[:baz]
|
||||
@logger.debug unsanitized # GOOD: sanitized user input
|
||||
@logger.debug "input: " + unsanitized # GOOD: sanitized user input
|
||||
@logger.debug sanitized # GOOD: sanitized user input
|
||||
@logger.debug "input: " + sanitized # GOOD: sanitized user input
|
||||
end
|
||||
|
||||
def inspect_sanitization
|
||||
init_logger
|
||||
|
||||
@logger.debug params[:foo] # BAD: unsanitized user input
|
||||
@logger.debug params[:foo].inspect # GOOD: sanitized user input
|
||||
end
|
||||
end
|
||||
|
|
Загрузка…
Ссылка в новой задаче