hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Reword

Browse Source
This commit is contained in:
Chris Smowton
2025-09-30 13:08:03 +01:00
committed by GitHub
parent f1239352ce
commit ff4b97bf2d
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ruby/ql/src/queries/security/cwe-352/CSRFProtectionDisabled.qhelp
View File

@@ -61,8 +61,8 @@
Note this remains true even in Rails version 5 and later: these versions
automatically run <code>protect_from_forgery with: :exception</code>
by default, but manually calling <code>protect_from_forgery</code> with
no <code>with</code> argument will still downgrade protection to null the
session rather than raise an exception.
no <code>with</code> argument will still downgrade protection to provide an
empty session rather than raise an exception.
</p>
</example>

4
ruby/ql/src/queries/security/cwe-352/CSRFProtectionNotEnabled.qhelp
View File

@@ -43,10 +43,10 @@
<code>protect_from_forgery with: :exception</code> can help to avoid this
by raising an exception on an invalid CSRF token instead.
Note that Rails version 5 and later
Note that Rails versions 5 and later
automatically run <code>protect_from_forgery with: :exception</code>
by default, but manually calling <code>protect_from_forgery</code> with
no <code>with</code> argument will downgrade protection to null the
no <code>with</code> argument will downgrade protection to provide an empty
session rather than raise an exception.
</p>
</recommendation>