codeql

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00

Author	SHA1	Message	Date
Harry Maclean	32b775fdc3	Ruby: reduce duplicate alerts for csrf query Only generate an alert on the top-most vulnerable Rails controller in the controller tree.	2024-02-23 11:13:17 +00:00
Harry Maclean	6d6f8ba512	Ruby: Make CSRF query more sensitive Generate an alert for every controller class that doesn't have or inherity a `protect_from_forgery` setting.	2024-02-23 11:13:15 +00:00
Harry Maclean	49d826f667	Ruby: Add a query for CSRF protection not enabled Specifically in Rails apps, we look for root ActionController classes without a call to `protect_from_forgery`.	2024-02-23 11:13:14 +00:00

Author

SHA1

Message

Date

Harry Maclean

32b775fdc3

Ruby: reduce duplicate alerts for csrf query

Only generate an alert on the top-most vulnerable Rails controller in
the controller tree.

2024-02-23 11:13:17 +00:00

Harry Maclean

6d6f8ba512

Ruby: Make CSRF query more sensitive

Generate an alert for every controller class that doesn't have or
inherity a `protect_from_forgery` setting.

2024-02-23 11:13:15 +00:00

Harry Maclean

49d826f667

Ruby: Add a query for CSRF protection not enabled

Specifically in Rails apps, we look for root ActionController classes
without a call to `protect_from_forgery`.

2024-02-23 11:13:14 +00:00