hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Note issue in related query

Browse Source
This commit is contained in:
Chris Smowton
2025-09-29 18:43:59 +01:00
committed by GitHub
parent 18c5cb10d9
commit f1239352ce
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ruby/ql/src/queries/security/cwe-352/CSRFProtectionNotEnabled.qhelp
View File

@@ -42,6 +42,12 @@
vulnerability - for example if parts of the session are memoized. Calling vulnerability - for example if parts of the session are memoized. Calling
<code>protect_from_forgery with: :exception</code> can help to avoid this <code>protect_from_forgery with: :exception</code> can help to avoid this
by raising an exception on an invalid CSRF token instead. by raising an exception on an invalid CSRF token instead.
Note that Rails version 5 and later
automatically run <code>protect_from_forgery with: :exception</code>
by default, but manually calling <code>protect_from_forgery</code> with
no <code>with</code> argument will downgrade protection to null the
session rather than raise an exception.
</p> </p>
</recommendation> </recommendation>