Ruby: recognise csrf_meta_tag

csrf_meta_tag is an alias for csrf_meta_tags, retained for backwards compatibility.
2026-04-23 07:45:17 +02:00 · 2023-10-10 12:13:59 +01:00
parent f19a5a9837
commit 0597b2ed1b
1 changed files with 1 additions and 1 deletions
--- a/ruby/ql/src/queries/security/cwe-352/CSRFProtectionNotEnabled.ql
+++ b/ruby/ql/src/queries/security/cwe-352/CSRFProtectionNotEnabled.ql
@@ -44,6 +44,6 @@ where
  (
    railsPreVersion3()
    or
-    not any(MethodCall m).getMethodName() = "csrf_meta_tags"
+    not any(MethodCall m).getMethodName() = ["csrf_meta_tags", "csrf_meta_tag"]
  )
 select c, "Potential CSRF vulnerability due to forgery protection not being enabled."