hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-18 13:34:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
615beeec80ed9bd18647ccf8c0fed47456002611
codeql/ql/test/library-tests
History
Harry Maclean 56919eee0b delete/destroy_all -> delete/destroy_by 
The ActiveRecord `delete_all` and `destroy_all` methods do not take a
condition argument - they act on the scope of their receiver.

The `delete_by` and `destroy_by` methods do take an argument which can
be raw SQL, and are therefore vulnerable to SQL injection.

For more info:

https://api.rubyonrails.org/v6.1.4/classes/ActiveRecord/Relation.html#method-i-delete_all
https://api.rubyonrails.org/v6.1.4/classes/ActiveRecord/Relation.html#method-i-delete_by
2021-09-29 10:45:54 +01:00
..
ast
Include MethodCall.getAChild in {Unary,Binary}Operation.getAChild
2021-09-24 12:08:54 +02:00
controlflow/graph
More uses of instanceof in the external/internal AST layer
2021-09-24 15:55:15 +02:00
dataflow
Make {Unary,Binary}Operation a sub class of MethodCall
2021-09-23 19:13:55 +02:00
frameworks
delete/destroy_all -> delete/destroy_by
2021-09-29 10:45:54 +01:00
modules
Make {Unary,Binary}Operation a sub class of MethodCall
2021-09-23 19:13:55 +02:00
regexp
Don't parse \A and \Z as RegExpConstant
2021-09-14 16:49:35 +01:00
variables
Fix merge conflicts during rebase
2021-08-26 18:48:53 -04:00