Module InsecureDownload

Classes and predicates for reasoning about download of sensitive file through insecure connection vulnerabilities.

Import path

import codeql.ruby.security.InsecureDownloadCustomizations

clientRequestResponse	Gets a node for the response from `request`, type-tracked using `t`.
hasUnsafeExtension	Holds if `str` is a string that ends with an unsafe file extension.
unsafeExtension	Gets a file-extension that can potentially be dangerous.

FileWriteSink	A url that is downloaded through an insecure connection, where the result ends up being saved to a sensitive location.
InsecureFileUrl	A HTTP or FTP URL that refers to a file with a sensitive file extension, seen as a source for downloads of sensitive files through an insecure connection.
InsecureUrl	A HTTP or FTP URL.
Sanitizer	A sanitizer for download of sensitive file through insecure connection.
SensitiveFileName	A string containing a sensitive file extension, seen as a source for downloads of sensitive files through an insecure connection.
Sink	A data flow sink for download of sensitive file through insecure connection.
Source	A data flow source for download of sensitive file through insecure connection.

Flow-labels for reasoning about download of sensitive file through insecure connection.