Ruby: Add change note for rb/insecure-download

2026-05-01 03:35:13 +02:00 · 2022-04-14 15:30:36 +12:00
parent a85811ad69
commit f35379bf8c
2 changed files with 5 additions and 1 deletions
--- a/ruby/ql/src/change-notes/2022-04-14-rb-insecure-download.md
+++ b/ruby/ql/src/change-notes/2022-04-14-rb-insecure-download.md
@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* Added a new query, `rb/insecure-download`. The query finds cases where executables and other sensitive files are downloaded over an insecure connection, which may allow for man-in-the-middle attacks.
--- a/ruby/ql/src/queries/security/cwe-829/InsecureDownload.ql
+++ b/ruby/ql/src/queries/security/cwe-829/InsecureDownload.ql
@@ -1,7 +1,7 @@
 /**
 * @name Download of sensitive file through insecure connection
 * @description Downloading executables and other sensitive files over an insecure connection
- *              opens up for potential man-in-the-middle attacks.
+ *              may allow man-in-the-middle attacks.
 * @kind path-problem
 * @problem.severity error
 * @security-severity 8.1