tweak tests more

thiggy1342 · web-flow · commit 712900257342 · 2022-07-13T00:33:58.000Z
diff --git a/ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql b/ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql
@@ -18,7 +18,15 @@ import codeql.ruby.frameworks.ActionController
 class Request extends DataFlow::CallNode {
   Request() {
     this.getMethodName() = "request" and
-    this.asExpr().getExpr() instanceof ActionControllerActionMethod
+    this.asExpr().getExpr().getEnclosingMethod() instanceof ActionControllerActionMethod
+  }
+}
+
+// `request.env`
+class RequestEnvMethod extends DataFlow::CallNode {
+  RequestEnvMethod() {
+    this.getMethodName() = "env" and
+    any(Request r).flowsTo(this.getReceiver())
   }
 }
 
diff --git a/ruby/ql/test/query-tests/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.rb b/ruby/ql/test/query-tests/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.rb
@@ -8,35 +8,40 @@ def example_action
 
   # Should find
   def other_action
-    if request.env['REQUEST_METHOD'] == "GET"
+    method = request.env['REQUEST_METHOD']
+    if method == "GET"
       Resource.find(id: params[:id])
     end
   end
 
   # Should find
   def foo
-    if request.request_method == "GET"
+    method = request.request_method
+    if method == "GET"
       Resource.find(id: params[:id])
     end
   end
 
   # Should find
   def bar
-    if request.method == "GET"
+    method = request.method
+    if method == "GET"
       Resource.find(id: params[:id])
     end
   end
 
   # Should find
   def baz
-    if request.raw_request_method == "GET"
+    method = request.raw_request_method
+    if method == "GET"
       Resource.find(id: params[:id])
     end
   end
 
     # Should find
     def foobarbaz
-      if request.request_method_symbol == :GET
+      method = request.request_method_symbol
+      if method == :GET
         Resource.find(id: params[:id])
       end
     end
