jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity
Files
main
docs/data/reusables/code-scanning/codeql-query-tables/ruby.md
Copilot ec7bb4d9bb Move Copilot variables from product.yml to copilot.yml (#55832) 
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: hubwriter <54933897+hubwriter@users.noreply.github.com>
Co-authored-by: hubwriter <hubwriter@github.com>
Co-authored-by: felicitymay <1877141+felicitymay@users.noreply.github.com>
Co-authored-by: Felix Guntrip <stevecat@github.com>
Co-authored-by: Joe Clark <31087804+jc-clark@users.noreply.github.com>
Co-authored-by: Ebonsignori <17055832+Ebonsignori@users.noreply.github.com>
2025-06-02 11:35:54 +01:00

50 lines
12 KiB
Markdown
Raw Permalink Blame History

{% rowheaders %}
| Query name | Related CWEs | Default | Extended | {% data variables.copilot.copilot_autofix_short %} |
| --- | --- | --- | --- | --- |
| [Bad HTML filtering regexp](https://codeql.github.com/codeql-query-help/ruby/rb-bad-tag-filter/) | 116, 020, 185, 186 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Badly anchored regular expression](https://codeql.github.com/codeql-query-help/ruby/rb-regex-badly-anchored-regexp/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Clear-text logging of sensitive information](https://codeql.github.com/codeql-query-help/ruby/rb-clear-text-logging-sensitive-data/) | 312, 359, 532 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Clear-text storage of sensitive information](https://codeql.github.com/codeql-query-help/ruby/rb-clear-text-storage-sensitive-data/) | 312, 359, 532 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Code injection](https://codeql.github.com/codeql-query-help/ruby/rb-code-injection/) | 094, 095, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [CSRF protection not enabled](https://codeql.github.com/codeql-query-help/ruby/rb-csrf-protection-not-enabled/) | 352 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [CSRF protection weakened or disabled](https://codeql.github.com/codeql-query-help/ruby/rb-csrf-protection-disabled/) | 352 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Dependency download using unencrypted communication channel](https://codeql.github.com/codeql-query-help/ruby/rb-insecure-dependency/) | 300, 319, 494, 829 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Deserialization of user-controlled data](https://codeql.github.com/codeql-query-help/ruby/rb-unsafe-deserialization/) | 502 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Download of sensitive file through insecure connection](https://codeql.github.com/codeql-query-help/ruby/rb-insecure-download/) | 829 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete multi-character sanitization](https://codeql.github.com/codeql-query-help/ruby/rb-incomplete-multi-character-sanitization/) | 020, 080, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete regular expression for hostnames](https://codeql.github.com/codeql-query-help/ruby/rb-incomplete-hostname-regexp/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete string escaping or encoding](https://codeql.github.com/codeql-query-help/ruby/rb-incomplete-sanitization/) | 020, 080, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Incomplete URL substring sanitization](https://codeql.github.com/codeql-query-help/ruby/rb-incomplete-url-substring-sanitization/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Inefficient regular expression](https://codeql.github.com/codeql-query-help/ruby/rb-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Information exposure through an exception](https://codeql.github.com/codeql-query-help/ruby/rb-stack-trace-exposure/) | 209, 497 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Insecure Mass Assignment](https://codeql.github.com/codeql-query-help/ruby/rb-insecure-mass-assignment/) | 915 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Overly permissive regular expression range](https://codeql.github.com/codeql-query-help/ruby/rb-overly-large-range/) | 020 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Polynomial regular expression used on uncontrolled data](https://codeql.github.com/codeql-query-help/ruby/rb-polynomial-redos/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Reflected server-side cross-site scripting](https://codeql.github.com/codeql-query-help/ruby/rb-reflected-xss/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Regular expression injection](https://codeql.github.com/codeql-query-help/ruby/rb-regexp-injection/) | 1333, 730, 400 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Sensitive data read from GET request](https://codeql.github.com/codeql-query-help/ruby/rb-sensitive-get-query/) | 598 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
| [Server-side request forgery](https://codeql.github.com/codeql-query-help/ruby/rb-request-forgery/) | 918 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [SQL query built from user-controlled sources](https://codeql.github.com/codeql-query-help/ruby/rb-sql-injection/) | 089 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Stored cross-site scripting](https://codeql.github.com/codeql-query-help/ruby/rb-stored-xss/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled command line](https://codeql.github.com/codeql-query-help/ruby/rb-command-line-injection/) | 078, 088 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/ruby/rb-path-injection/) | 022, 023, 036, 073, 099 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe HTML constructed from library input](https://codeql.github.com/codeql-query-help/ruby/rb-html-constructed-from-input/) | 079, 116 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe shell command constructed from library input](https://codeql.github.com/codeql-query-help/ruby/rb-shell-command-constructed-from-input/) | 078, 088, 073 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [URL redirection from remote source](https://codeql.github.com/codeql-query-help/ruby/rb-url-redirection/) | 601 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of `Kernel.open` or `IO.read` or similar sinks with a non-constant value](https://codeql.github.com/codeql-query-help/ruby/rb-non-constant-kernel-open/) | 078, 088, 073 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of `Kernel.open`, `IO.read` or similar sinks with user-controlled input](https://codeql.github.com/codeql-query-help/ruby/rb-kernel-open/) | 078, 088, 073 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a broken or weak cryptographic algorithm](https://codeql.github.com/codeql-query-help/ruby/rb-weak-cryptographic-algorithm/) | 327 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of a broken or weak cryptographic hashing algorithm on sensitive data](https://codeql.github.com/codeql-query-help/ruby/rb-weak-sensitive-data-hashing/) | 327, 328, 916 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Use of externally-controlled format string](https://codeql.github.com/codeql-query-help/ruby/rb-tainted-format-string/) | 134 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Weak cookie configuration](https://codeql.github.com/codeql-query-help/ruby/rb-weak-cookie-configuration/) | 732, 1275 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [XML external entity expansion](https://codeql.github.com/codeql-query-help/ruby/rb-xxe/) | 611, 776, 827 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Hard-coded data interpreted as code](https://codeql.github.com/codeql-query-help/ruby/rb-hardcoded-data-interpreted-as-code/) | 506 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Log injection](https://codeql.github.com/codeql-query-help/ruby/rb-log-injection/) | 117 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Missing regular expression anchor](https://codeql.github.com/codeql-query-help/ruby/rb-regex-missing-regexp-anchor/) | 020 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Network data written to file](https://codeql.github.com/codeql-query-help/ruby/rb-http-to-file-access/) | 912, 434 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Request without certificate validation](https://codeql.github.com/codeql-query-help/ruby/rb-request-without-cert-validation/) | 295 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
| [Unsafe code constructed from library input](https://codeql.github.com/codeql-query-help/ruby/rb-unsafe-code-construction/) | 094, 079, 116 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
{% endrowheaders %}
Reference in New Issue View Git Blame Copy Permalink