hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add CSRFProtectionSetting concept

Browse Source
This commit is contained in:
Alex Ford
2021-11-04 18:18:29 +00:00
parent 95f21b5308
commit 8a412dc5fd
1 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
ruby/ql/lib/codeql/ruby/Concepts.qll
View File

@@ -584,6 +584,31 @@ module OrmInstantiation {
}
}
/**
* A data-flow node that may set or unset Cross-site request forgery protection.
* `getVerificationSetting() = false` corresponds to disabling verification.
*
* Extend this class to refine existing API models. If you want to model new APIs,
* extend `CSRFProtectionSetting::Range` instead.
*/
class CSRFProtectionSetting extends DataFlow::Node instanceof CSRFProtectionSetting::Range {
boolean getVerificationSetting() { result = super.getVerificationSetting() }
}
/** Provides a class for modeling new CSRF protection setting APIs. */
module CSRFProtectionSetting {
/**
* A data-flow node that may set or unset Cross-site request forgery protection.
* `getVerificationSetting() = false` corresponds to disabling verification.
*
* Extend this class to model new APIs. If you want to refine existing API models,
* extend `CSRFProtectionSetting` instead.
*/
abstract class Range extends DataFlow::Node {
abstract boolean getVerificationSetting();
}
}
/** Provides classes for modeling path-related APIs. */
module Path {
/**