hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-01 05:13:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
57,730 Commits 1,697 Branches 161 Tags
386dedb9df875a1bf9cff6b73205ba863daa91ca
Commit Graph

5 Commits

Author SHA1 Message Date
erik-krogh
5a98f66bef simplify the modeling of html_safe. Any call to html_safe is now considered an XSS sink 2022-10-18 10:43:22 +02:00
Harry Maclean
0e6322d673 Ruby: Restrict XSS header sinks 
Not all header writes are relevant to XSS. Restrict these to just
content-type and access-control-allow-origin.
 2022-10-17 09:34:44 +13:00
Harry Maclean
8ae86cf443 Ruby: Consider header writes as XSS sinks 2022-10-17 08:17:37 +13:00
Harry Maclean
4686718630 Ruby: Add kind to Http::Server::RequestInputAccess 
Like in JS, this describes whether the input came from the request URL,
body, parameters, headers or cookie. Only some of these are relevant for
UrlRedirect and ReflectedXSS queries.
 2022-10-13 13:24:16 +13:00
Arthur Baars
976daddd36 Move files to ruby subfolder 2021-10-15 11:47:28 +02:00