Clean up how we map between Rails actions and default associated template files

alexrford · alexrford · commit 4a4b2445dc78 · 2021-08-26T04:57:15.000+01:00
diff --git a/ql/src/codeql_ruby/frameworks/ActionController.qll b/ql/src/codeql_ruby/frameworks/ActionController.qll
@@ -64,20 +64,14 @@ class ActionControllerActionMethod extends Method, HTTP::Server::RequestHandler:
 
   /**
    * Establishes a mapping between a method within the file
-   * `<source_prefix>/app/controllers/<subpath>_controller.rb` and the
+   * `<sourcePrefix>app/controllers/<subpath>_controller.rb` and the
    * corresponding template file at
-   * `<source_prefix>/app/views/<subpath>/<method_name>.html.erb`.
+   * `<sourcePrefix>app/views/<subpath>/<method_name>.html.erb`.
    */
   // TODO: result should be `ErbFile`
   File getDefaultTemplateFile() {
-    exists(string templatePath, string sourcePrefix, string subPath, string controllerPath |
-      controllerPath = this.getLocation().getFile().getAbsolutePath() and
-      sourcePrefix = controllerPath.regexpCapture("^(.*)/app/controllers/.*$", 1) and
-      controllerPath = sourcePrefix + "/app/controllers/" + subPath + "_controller.rb" and
-      templatePath = sourcePrefix + "/app/views/" + subPath + "/" + this.getName() + ".html.erb"
-    |
-      result.getAbsolutePath() = templatePath
-    )
+    controllerTemplatesFolder(this.getControllerClass(), result.getParentContainer()) and
+    result.getBaseName() = this.getName() + ".html.erb"
   }
 
   // params come from `params` method rather than a method parameter
@@ -183,13 +177,31 @@ class ActionControllerHelperMethod extends Method {
 /**
  * Gets an `ActionControllerControllerClass` associated with the given `ErbFile`
  * according to Rails path conventions.
+ * For instance, a template file at `app/views/foo/bar/baz.html.erb` will be
+ * mapped to a controller class in `app/controllers/foo/bar/baz_controller.rb`,
+ * if such a controller class exists.
  */
 // TODO: parameter should be `ErbFile`
 ActionControllerControllerClass getAssociatedControllerClass(File f) {
-  exists(string localPrefix, string sourcePrefix, string controllerPath |
-    controllerPath = result.getLocation().getFile().getAbsolutePath() and
-    sourcePrefix = f.getAbsolutePath().regexpCapture("^(.*)/app/views/(?:.*?)/(?:[^/]*)$", 1) and
-    localPrefix = f.getAbsolutePath().regexpCapture(".*/app/views/(.*?)/(?:[^/]*)$", 1) and
-    controllerPath = sourcePrefix + "/app/controllers/" + localPrefix + "_controller.rb"
+  controllerTemplatesFolder(result, f.getParentContainer())
+}
+
+/**
+ * Holds if `templatesFolder` is in the correct location to contain template
+ * files "belonging" to the given `ActionControllerControllerClass`, according
+ * to Rails conventions.
+ *
+ * In particular, this means that an action method in `cls` will by default
+ * render a correspondingly named template file within `templatesFolder`.
+ */
+predicate controllerTemplatesFolder(ActionControllerControllerClass cls, Folder templatesFolder) {
+  exists(string templatesPath, string sourcePrefix, string subPath, string controllerPath |
+    controllerPath = cls.getLocation().getFile().getRelativePath() and
+    templatesPath = templatesFolder.getRelativePath() and
+    // `sourcePrefix` is either a prefix path ending in a slash, or empty if
+    // the rails app is at the source root
+    sourcePrefix = [controllerPath.regexpCapture("^(.*/)app/controllers/(?:.*?)/(?:[^/]*)$", 1), ""] and
+    controllerPath = sourcePrefix + "app/controllers/" + subPath + "_controller.rb" and
+    templatesPath = sourcePrefix + "app/views/" + subPath
   )
 }
diff --git a/ql/test/library-tests/frameworks/ActionController.expected b/ql/test/library-tests/frameworks/ActionController.expected
@@ -55,3 +55,5 @@ actionControllerHelperMethods
 getAssociatedControllerClasses
 | app/controllers/foo/bars_controller.rb:1:1:20:3 | BarsController | app/views/foo/bars/_widget.html.erb:0:0:0:0 | app/views/foo/bars/_widget.html.erb |
 | app/controllers/foo/bars_controller.rb:1:1:20:3 | BarsController | app/views/foo/bars/show.html.erb:0:0:0:0 | app/views/foo/bars/show.html.erb |
+controllerTemplatesFolders
+| app/controllers/foo/bars_controller.rb:1:1:20:3 | BarsController | folder://app/views/foo/bars | app/views/foo/bars |
diff --git a/ql/test/library-tests/frameworks/ActionController.ql b/ql/test/library-tests/frameworks/ActionController.ql
@@ -18,3 +18,7 @@ query predicate actionControllerHelperMethods(ActionControllerHelperMethod m) {
 query predicate getAssociatedControllerClasses(ActionControllerControllerClass cls, File f) {
   cls = getAssociatedControllerClass(f)
 }
+
+query predicate controllerTemplatesFolders(ActionControllerControllerClass cls, Folder f) {
+  controllerTemplatesFolder(cls, f)
+}

Original file line number	Diff line number	Diff line change
`@@ -18,3 +18,7 @@ query predicate actionControllerHelperMethods(ActionControllerHelperMethod m) {`
`18`	`18`	`query predicate getAssociatedControllerClasses(ActionControllerControllerClass cls, File f) {`
`19`	`19`	`cls = getAssociatedControllerClass(f)`
`20`	`20`	`}`
	`21`	`+`
	`22`	`+query predicate controllerTemplatesFolders(ActionControllerControllerClass cls, Folder f) {`
	`23`	`+ controllerTemplatesFolder(cls, f)`
	`24`	`+}`