CodeQL documentation

CWE coverage for Ruby

An overview of CWE coverage for Ruby in the latest release of CodeQL.

Overview

CWE Language Query id Query name
CWE‑20 Default rb/incomplete-hostname-regexp Incomplete regular expression for hostnames
CWE‑20 Default rb/incomplete-url-substring-sanitization Incomplete URL substring sanitization
CWE‑20 Default rb/regex/missing-regexp-anchor Missing regular expression anchor
CWE‑20 Default rb/bad-tag-filter Bad HTML filtering regexp
CWE‑20 Default rb/incomplete-sanitization Incomplete string escaping or encoding
CWE‑22 Default rb/path-injection Uncontrolled data used in path expression
CWE‑23 Default rb/path-injection Uncontrolled data used in path expression
CWE‑36 Default rb/path-injection Uncontrolled data used in path expression
CWE‑73 Default rb/path-injection Uncontrolled data used in path expression
CWE‑73 Default rb/kernel-open Use of Kernel.open or IO.read
CWE‑74 Default rb/path-injection Uncontrolled data used in path expression
CWE‑74 Default rb/command-line-injection Uncontrolled command line
CWE‑74 Default rb/kernel-open Use of Kernel.open or IO.read
CWE‑74 Default rb/reflected-xss Reflected server-side cross-site scripting
CWE‑74 Default rb/stored-xss Stored cross-site scripting
CWE‑74 Default rb/sql-injection SQL query built from user-controlled sources
CWE‑74 Default rb/code-injection Code injection
CWE‑74 Default rb/incomplete-sanitization Incomplete string escaping or encoding
CWE‑74 Default rb/tainted-format-string Use of externally-controlled format string
CWE‑77 Default rb/command-line-injection Uncontrolled command line
CWE‑77 Default rb/kernel-open Use of Kernel.open or IO.read
CWE‑78 Default rb/command-line-injection Uncontrolled command line
CWE‑78 Default rb/kernel-open Use of Kernel.open or IO.read
CWE‑79 Default rb/reflected-xss Reflected server-side cross-site scripting
CWE‑79 Default rb/stored-xss Stored cross-site scripting
CWE‑79 Default rb/incomplete-sanitization Incomplete string escaping or encoding
CWE‑80 Default rb/incomplete-sanitization Incomplete string escaping or encoding
CWE‑88 Default rb/command-line-injection Uncontrolled command line
CWE‑88 Default rb/kernel-open Use of Kernel.open or IO.read
CWE‑89 Default rb/sql-injection SQL query built from user-controlled sources
CWE‑94 Default rb/code-injection Code injection
CWE‑95 Default rb/code-injection Code injection
CWE‑99 Default rb/path-injection Uncontrolled data used in path expression
CWE‑116 Default rb/reflected-xss Reflected server-side cross-site scripting
CWE‑116 Default rb/stored-xss Stored cross-site scripting
CWE‑116 Default rb/code-injection Code injection
CWE‑116 Default rb/bad-tag-filter Bad HTML filtering regexp
CWE‑116 Default rb/incomplete-sanitization Incomplete string escaping or encoding
CWE‑134 Default rb/tainted-format-string Use of externally-controlled format string
CWE‑185 Default rb/bad-tag-filter Bad HTML filtering regexp
CWE‑186 Default rb/bad-tag-filter Bad HTML filtering regexp
CWE‑200 Default rb/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑200 Default rb/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑259 Default rb/hardcoded-credentials Hard-coded credentials
CWE‑284 Default rb/user-controlled-bypass User-controlled bypass of security check
CWE‑284 Default rb/insecure-dependency Dependency download using unencrypted communication channel
CWE‑284 Default rb/weak-cookie-configuration Weak cookie configuration
CWE‑284 Default rb/overly-permissive-file Overly permissive file permissions
CWE‑284 Default rb/hardcoded-credentials Hard-coded credentials
CWE‑285 Default rb/weak-cookie-configuration Weak cookie configuration
CWE‑285 Default rb/overly-permissive-file Overly permissive file permissions
CWE‑287 Default rb/user-controlled-bypass User-controlled bypass of security check
CWE‑287 Default rb/hardcoded-credentials Hard-coded credentials
CWE‑290 Default rb/user-controlled-bypass User-controlled bypass of security check
CWE‑295 Default rb/request-without-cert-validation Request without certificate validation
CWE‑300 Default rb/insecure-dependency Dependency download using unencrypted communication channel
CWE‑311 Default rb/insecure-dependency Dependency download using unencrypted communication channel
CWE‑311 Default rb/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑311 Default rb/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑312 Default rb/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑312 Default rb/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑319 Default rb/insecure-dependency Dependency download using unencrypted communication channel
CWE‑321 Default rb/hardcoded-credentials Hard-coded credentials
CWE‑327 Default rb/weak-cryptographic-algorithm Use of a broken or weak cryptographic algorithm
CWE‑330 Default rb/hardcoded-credentials Hard-coded credentials
CWE‑344 Default rb/hardcoded-credentials Hard-coded credentials
CWE‑345 Default rb/csrf-protection-disabled CSRF protection weakened or disabled
CWE‑352 Default rb/csrf-protection-disabled CSRF protection weakened or disabled
CWE‑359 Default rb/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑359 Default rb/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑398 Default rb/useless-assignment-to-local Useless assignment to local variable
CWE‑398 Default rb/unused-parameter Unused parameter.
CWE‑400 Default rb/polynomial-redos Polynomial regular expression used on uncontrolled data
CWE‑400 Default rb/redos Inefficient regular expression
CWE‑400 Default rb/regexp-injection Regular expression injection
CWE‑405 Default rb/xxe XML external entity expansion
CWE‑409 Default rb/xxe XML external entity expansion
CWE‑434 Default rb/http-to-file-access Network data written to file
CWE‑441 Default rb/request-forgery Server-side request forgery
CWE‑494 Default rb/insecure-dependency Dependency download using unencrypted communication channel
CWE‑502 Default rb/unsafe-deserialization Deserialization of user-controlled data
CWE‑532 Default rb/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑532 Default rb/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑538 Default rb/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑538 Default rb/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑552 Default rb/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑552 Default rb/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑563 Default rb/useless-assignment-to-local Useless assignment to local variable
CWE‑563 Default rb/unused-parameter Unused parameter.
CWE‑592 Default rb/user-controlled-bypass User-controlled bypass of security check
CWE‑601 Default rb/url-redirection URL redirection from remote source
CWE‑610 Default rb/path-injection Uncontrolled data used in path expression
CWE‑610 Default rb/kernel-open Use of Kernel.open or IO.read
CWE‑610 Default rb/url-redirection URL redirection from remote source
CWE‑610 Default rb/xxe XML external entity expansion
CWE‑610 Default rb/request-forgery Server-side request forgery
CWE‑611 Default rb/xxe XML external entity expansion
CWE‑642 Default rb/path-injection Uncontrolled data used in path expression
CWE‑642 Default rb/kernel-open Use of Kernel.open or IO.read
CWE‑657 Default rb/hardcoded-credentials Hard-coded credentials
CWE‑664 Default rb/user-controlled-bypass User-controlled bypass of security check
CWE‑664 Default rb/path-injection Uncontrolled data used in path expression
CWE‑664 Default rb/kernel-open Use of Kernel.open or IO.read
CWE‑664 Default rb/code-injection Code injection
CWE‑664 Default rb/polynomial-redos Polynomial regular expression used on uncontrolled data
CWE‑664 Default rb/redos Inefficient regular expression
CWE‑664 Default rb/regexp-injection Regular expression injection
CWE‑664 Default rb/insecure-dependency Dependency download using unencrypted communication channel
CWE‑664 Default rb/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑664 Default rb/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑664 Default rb/unsafe-deserialization Deserialization of user-controlled data
CWE‑664 Default rb/url-redirection URL redirection from remote source
CWE‑664 Default rb/xxe XML external entity expansion
CWE‑664 Default rb/weak-cookie-configuration Weak cookie configuration
CWE‑664 Default rb/overly-permissive-file Overly permissive file permissions
CWE‑664 Default rb/hardcoded-credentials Hard-coded credentials
CWE‑664 Default rb/insecure-download Download of sensitive file through insecure connection
CWE‑664 Default rb/http-to-file-access Network data written to file
CWE‑664 Default rb/request-forgery Server-side request forgery
CWE‑668 Default rb/path-injection Uncontrolled data used in path expression
CWE‑668 Default rb/kernel-open Use of Kernel.open or IO.read
CWE‑668 Default rb/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑668 Default rb/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑668 Default rb/weak-cookie-configuration Weak cookie configuration
CWE‑668 Default rb/overly-permissive-file Overly permissive file permissions
CWE‑669 Default rb/insecure-dependency Dependency download using unencrypted communication channel
CWE‑669 Default rb/xxe XML external entity expansion
CWE‑669 Default rb/insecure-download Download of sensitive file through insecure connection
CWE‑669 Default rb/http-to-file-access Network data written to file
CWE‑671 Default rb/hardcoded-credentials Hard-coded credentials
CWE‑674 Default rb/xxe XML external entity expansion
CWE‑691 Default rb/code-injection Code injection
CWE‑691 Default rb/xxe XML external entity expansion
CWE‑693 Default rb/user-controlled-bypass User-controlled bypass of security check
CWE‑693 Default rb/incomplete-hostname-regexp Incomplete regular expression for hostnames
CWE‑693 Default rb/incomplete-url-substring-sanitization Incomplete URL substring sanitization
CWE‑693 Default rb/regex/missing-regexp-anchor Missing regular expression anchor
CWE‑693 Default rb/bad-tag-filter Bad HTML filtering regexp
CWE‑693 Default rb/incomplete-sanitization Incomplete string escaping or encoding
CWE‑693 Default rb/request-without-cert-validation Request without certificate validation
CWE‑693 Default rb/insecure-dependency Dependency download using unencrypted communication channel
CWE‑693 Default rb/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑693 Default rb/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑693 Default rb/weak-cryptographic-algorithm Use of a broken or weak cryptographic algorithm
CWE‑693 Default rb/csrf-protection-disabled CSRF protection weakened or disabled
CWE‑693 Default rb/weak-cookie-configuration Weak cookie configuration
CWE‑693 Default rb/overly-permissive-file Overly permissive file permissions
CWE‑693 Default rb/hardcoded-credentials Hard-coded credentials
CWE‑697 Default rb/bad-tag-filter Bad HTML filtering regexp
CWE‑706 Default rb/path-injection Uncontrolled data used in path expression
CWE‑706 Default rb/xxe XML external entity expansion
CWE‑707 Default rb/path-injection Uncontrolled data used in path expression
CWE‑707 Default rb/command-line-injection Uncontrolled command line
CWE‑707 Default rb/kernel-open Use of Kernel.open or IO.read
CWE‑707 Default rb/reflected-xss Reflected server-side cross-site scripting
CWE‑707 Default rb/stored-xss Stored cross-site scripting
CWE‑707 Default rb/sql-injection SQL query built from user-controlled sources
CWE‑707 Default rb/code-injection Code injection
CWE‑707 Default rb/bad-tag-filter Bad HTML filtering regexp
CWE‑707 Default rb/incomplete-sanitization Incomplete string escaping or encoding
CWE‑707 Default rb/tainted-format-string Use of externally-controlled format string
CWE‑710 Default rb/hardcoded-credentials Hard-coded credentials
CWE‑710 Default rb/http-to-file-access Network data written to file
CWE‑710 Default rb/useless-assignment-to-local Useless assignment to local variable
CWE‑710 Default rb/unused-parameter Unused parameter.
CWE‑732 Default rb/weak-cookie-configuration Weak cookie configuration
CWE‑732 Default rb/overly-permissive-file Overly permissive file permissions
CWE‑776 Default rb/xxe XML external entity expansion
CWE‑798 Default rb/hardcoded-credentials Hard-coded credentials
CWE‑807 Default rb/user-controlled-bypass User-controlled bypass of security check
CWE‑827 Default rb/xxe XML external entity expansion
CWE‑829 Default rb/insecure-dependency Dependency download using unencrypted communication channel
CWE‑829 Default rb/xxe XML external entity expansion
CWE‑829 Default rb/insecure-download Download of sensitive file through insecure connection
CWE‑834 Default rb/xxe XML external entity expansion
CWE‑912 Default rb/http-to-file-access Network data written to file
CWE‑913 Default rb/code-injection Code injection
CWE‑913 Default rb/unsafe-deserialization Deserialization of user-controlled data
CWE‑918 Default rb/request-forgery Server-side request forgery
CWE‑922 Default rb/clear-text-logging-sensitive-data Clear-text logging of sensitive information
CWE‑922 Default rb/clear-text-storage-sensitive-data Clear-text storage of sensitive information
CWE‑923 Default rb/insecure-dependency Dependency download using unencrypted communication channel
CWE‑943 Default rb/sql-injection SQL query built from user-controlled sources
CWE‑1275 Default rb/weak-cookie-configuration Weak cookie configuration
CWE‑1333 Default rb/polynomial-redos Polynomial regular expression used on uncontrolled data
CWE‑1333 Default rb/redos Inefficient regular expression
CWE‑1333 Default rb/regexp-injection Regular expression injection
  • © GitHub, Inc.
  • Terms
  • Privacy