17 Commits

Author	SHA1	Message	Date
Anders Schack-Mulligen	90f84bb516	Ruby: Update expected output.	2023-04-26 13:08:16 +02:00
Tom Hvitved	b816c79248	Ruby: Include all assignments in data flow paths	2023-03-24 10:09:30 +01:00
Alex Ford	bea110b598	Ruby: remove blank line in test file	2023-01-20 13:40:19 +00:00
Alex Ford	e5fbc92856	Ruby: generalize rails flow step for accessing render locals hash in view	2023-01-20 13:40:19 +00:00
erik-krogh	5a98f66bef	simplify the modeling of html_safe. Any call to html_safe is now considered an XSS sink	2022-10-18 10:43:22 +02:00
Harry Maclean	0e6322d673	Ruby: Restrict XSS header sinks ... Not all header writes are relevant to XSS. Restrict these to just content-type and access-control-allow-origin.	2022-10-17 09:34:44 +13:00
Harry Maclean	8ae86cf443	Ruby: Consider header writes as XSS sinks	2022-10-17 08:17:37 +13:00
Harry Maclean	4686718630	Ruby: Add kind to Http::Server::RequestInputAccess ... Like in JS, this describes whether the input came from the request URL, body, parameters, headers or cookie. Only some of these are relevant for UrlRedirect and ReflectedXSS queries.	2022-10-13 13:24:16 +13:00
Harry Maclean	1d693d336f	Ruby: Model javascript_include_tag and friends	2022-09-26 20:56:09 +13:00
Harry Maclean	ed0c85e3af	Ruby: Model ActionView helper XSS sinks	2022-09-26 20:55:04 +13:00
erik-krogh	063c76b6d1	apply suggestions from review	2022-09-13 10:52:23 +02:00
erik-krogh	79a048968e	make the alert messages of taint-tracking queries more consistent	2022-09-07 12:22:50 +02:00
erik-krogh	7e0bd5bde4	update expected output of tests	2022-08-22 21:41:47 +02:00
Arthur Baars	68aeb2ba85	Update test output	2022-05-20 16:30:58 +02:00
Tom Hvitved	400802c5ce	Ruby: Add flow summaries for Array/Enumerable methods	2021-12-22 15:56:20 +01:00
Tom Hvitved	5735bb698d	Ruby: Hide desugared nodes in data-flow paths	2021-12-08 09:00:16 +01:00
Arthur Baars	976daddd36	Move files to ruby subfolder	2021-10-15 11:47:28 +02:00