hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

9 Commits

Author SHA1 Message Date
Harry Maclean
dd092fd18f Ruby: Fix CSRF test 2024-02-26 11:02:54 +00:00
Harry Maclean
32b775fdc3 Ruby: reduce duplicate alerts for csrf query 
Only generate an alert on the top-most vulnerable Rails controller in
the controller tree.
 2024-02-23 11:13:17 +00:00
Harry Maclean
6d6f8ba512 Ruby: Make CSRF query more sensitive 
Generate an alert for every controller class that doesn't have or
inherity a `protect_from_forgery` setting.
 2024-02-23 11:13:15 +00:00
Harry Maclean
49d826f667 Ruby: Add a query for CSRF protection not enabled 
Specifically in Rails apps, we look for root ActionController classes
without a call to `protect_from_forgery`.
 2024-02-23 11:13:14 +00:00
Alex Ford
0aab670b17 Ruby: add missing example rails action 2022-01-19 13:47:00 +00:00
Alex Ford
b27d315ff4 Ruby: add an example of protect_from_forgery with: :exception 2022-01-19 13:30:27 +00:00
Alex Ford
c1a51d94a2 Ruby: add test for protect_from_forgery without exception strategy 2022-01-17 17:44:52 +00:00
Alex Ford
68c3c16ab3 Ruby: enable forgery protection checks for development environments 2021-11-22 15:00:32 +00:00
Alex Ford
25da904314 test cases for rb/csrf-protection-disabled 2021-11-04 19:56:56 +00:00