hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Ruby: reduce duplicate alerts for csrf query

Browse Source 
Only generate an alert on the top-most vulnerable Rails controller in
the controller tree.
This commit is contained in:
Harry Maclean
2023-10-10 15:37:32 +01:00
parent 1fbf177b54
commit 32b775fdc3
2 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ruby/ql/test/query-tests/security/cwe-352/CSRFProtectionNotEnabled.expected
View File

@@ -1,2 +1 @@
| railsapp/app/controllers/alternative_root_controller.rb:1:1:3:3 | AlternativeRootController | Potential CSRF vulnerability due to forgery protection not being enabled. |
| railsapp/app/controllers/tags_controller.rb:1:1:2:3 | TagsController | Potential CSRF vulnerability due to forgery protection not being enabled. |