CodeQL library for Ruby
codeql/ruby-all 3.0.1-dev (changelog, source)
Search

Module Concepts

Provides abstract classes representing generic concepts such as file system access or system command execution, for which individual framework libraries provide concrete subclasses.

Import path

import codeql.ruby.Concepts

Classes

CodeExecution

A data-flow node that dynamically executes Ruby code.

CookieSecurityConfigurationSetting

A data-flow node that may configure behavior relating to cookie security.

CsrfProtectionSetting

A data-flow node that may set or unset Cross-site request forgery protection.

Escaping

A data-flow node that escapes meta-characters, which could be used to prevent injection attacks.

FileNameSource

A data flow node that contains a file name or an array of file names from the local file system.

FileSystemAccess

A data flow node that performs a file system access, including reading and writing data, creating and deleting files and folders, checking and updating permissions, and so on.

FileSystemPermissionModification

A data flow node that sets the permissions for one or more files.

FileSystemReadAccess

A data flow node that reads data from the file system.

FileSystemWriteAccess

A data flow node that writes data to the file system.

HtmlEscaping

An escape of a string so it can be safely included in the body of an HTML element, for example, replacing {} in <p>{}</p>.

JwtDecoding

A data-flow node that decodes a Jwt token.

JwtEncoding

A data-flow node that encodes a Jwt token.

LdapBind

A data-flow node that collects methods binding a LDAP connection.

LdapConstruction

A data-flow node that constructs a LDAP query.

LdapExecution

A data-flow node that executes LDAP queries.

Logging

A data-flow node that logs data.

OrmInstantiation

A data-flow node that may represent a database object in an ORM system.

PersistentWriteAccess

A data flow node that writes persistent data.

RegexExecution

A data-flow node that executes a regular expression.

SqlConstruction

A data-flow node that constructs a SQL statement.

SqlExecution

A data-flow node that executes SQL statements.

SqlSanitization

A data-flow node that performs SQL sanitization.

SystemCommandExecution

A data flow node that executes an operating system command, for instance by spawning a new process.

TemplateConstruction

A data-flow node that constructs a template.

TemplateRendering

A data-flow node that renders templates.

XPathConstruction

A data-flow node that constructs an XPath expression.

XPathExecution

A data-flow node that executes an XPath expression.

XmlParserCall

A data-flow node that parses XML content.

Modules

CodeExecution

Provides a class for modeling new dynamic code execution APIs.

CookieSecurityConfigurationSetting

Provides a class for modeling new cookie security setting APIs.

Cryptography

Provides models for cryptographic concepts.

CsrfProtectionSetting

Provides a class for modeling new CSRF protection setting APIs.

Escaping

Provides a class for modeling new escaping APIs.

FileSystemAccess

Provides a class for modeling new file system access APIs.

FileSystemPermissionModification

Provides a class for modeling new file system permission modifications.

FileSystemReadAccess

Provides a class for modeling new file system reads.

FileSystemWriteAccess

Provides a class for modeling new file system writes.

Http

Provides classes for modeling HTTP-related APIs.

JwtDecoding

Provides a class for modeling new Jwt token encoding APIs.

JwtEncoding

Provides a class for modeling new Jwt token encoding APIs.

LdapBind

Provides classes for modeling LDAP bind-related APIs.

LdapConstruction

Provides a class for modeling new LDAP query construction APIs.

LdapExecution

Provides a class for modeling new LDAP query execution APIs.

Logging

Provides a class for modeling new logging mechanisms.

OrmInstantiation

Provides a class for modeling new ORM object instantiation APIs.

Path

Provides classes for modeling path-related APIs.

PersistentWriteAccess

Provides a class for modeling new persistent write access APIs.

RegexExecution

Provides classes for modeling new regular-expression execution APIs.

SqlConstruction

Provides a class for modeling new SQL execution APIs.

SqlExecution

Provides a class for modeling new SQL execution APIs.

SqlSanitization

Provides a class for modeling new SQL sanitization APIs.

SystemCommandExecution

Provides a class for modeling new operating system command APIs.

TemplateConstruction

Provides a class for modeling new template rendering APIs.

TemplateRendering

Provides a class for modeling new template rendering APIs.

XPathConstruction

Provides a class for modeling new XPath construction APIs.

XPathExecution

Provides a class for modeling new XPath execution APIs.

XmlParserCall

Provides a class for modeling new XML parsing APIs.