Skip to content

Commit 2530641

Browse files
nickrolfenickrolfe
committed
Tweak alert wording.
This reflects the fact that the query finds results where validation is only disabled under certain conditions.
1 parent ffda527 commit 2530641

File tree

2 files changed

+26
-26
lines changed

2 files changed

+26
-26
lines changed

ql/src/queries/security/cwe-295/RequestWithoutValidation.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,4 +17,4 @@ import codeql.ruby.DataFlow
1717

1818
from HTTP::Client::Request request, DataFlow::Node disablingNode
1919
where request.disablesCertificateValidation(disablingNode)
20-
select request, "This request $@.", disablingNode, "does not validate certificates"
20+
select request, "This request may run with $@.", disablingNode, "certificate validation disabled"

ql/test/query-tests/security/cwe-295/RequestWithoutValidation.expected

Lines changed: 25 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1,25 +1,25 @@
1-
| Excon.rb:6:3:6:34 | call to get | This request $@. | Excon.rb:5:3:5:34 | call to []= | does not validate certificates |
2-
| Excon.rb:12:3:12:34 | call to get | This request $@. | Excon.rb:11:3:11:23 | call to ssl_verify_peer= | does not validate certificates |
3-
| Excon.rb:18:3:18:34 | call to get | This request $@. | Excon.rb:17:3:17:34 | call to []= | does not validate certificates |
4-
| Excon.rb:24:3:24:10 | call to get | This request $@. | Excon.rb:23:55:23:76 | Pair | does not validate certificates |
5-
| Excon.rb:30:3:30:62 | call to get | This request $@. | Excon.rb:30:36:30:57 | Pair | does not validate certificates |
6-
| Faraday.rb:5:12:5:30 | call to get | This request $@. | Faraday.rb:4:48:4:69 | Pair | does not validate certificates |
7-
| Faraday.rb:9:12:9:30 | call to get | This request $@. | Faraday.rb:8:48:8:94 | Pair | does not validate certificates |
8-
| HttpClient.rb:6:1:6:33 | call to get | This request $@. | HttpClient.rb:5:1:5:29 | call to verify_mode= | does not validate certificates |
9-
| Httparty.rb:4:1:4:50 | call to get | This request $@. | Httparty.rb:4:37:4:49 | Pair | does not validate certificates |
10-
| Httparty.rb:7:1:7:55 | call to get | This request $@. | Httparty.rb:7:37:7:54 | Pair | does not validate certificates |
11-
| Httparty.rb:10:1:10:59 | call to get | This request $@. | Httparty.rb:10:39:10:56 | Pair | does not validate certificates |
12-
| Httparty.rb:13:1:13:70 | call to post | This request $@. | Httparty.rb:13:57:13:69 | Pair | does not validate certificates |
13-
| Httparty.rb:16:1:16:74 | call to post | This request $@. | Httparty.rb:16:59:16:71 | Pair | does not validate certificates |
14-
| NetHttp.rb:9:12:9:31 | call to request | This request $@. | NetHttp.rb:7:1:7:16 | ... = ... | does not validate certificates |
15-
| OpenURI.rb:4:1:4:78 | call to open | This request $@. | OpenURI.rb:4:36:4:77 | Pair | does not validate certificates |
16-
| OpenURI.rb:7:1:7:82 | call to open | This request $@. | OpenURI.rb:7:38:7:79 | Pair | does not validate certificates |
17-
| OpenURI.rb:11:1:11:43 | call to open | This request $@. | OpenURI.rb:10:13:10:54 | Pair | does not validate certificates |
18-
| OpenURI.rb:14:1:14:81 | call to open | This request $@. | OpenURI.rb:14:39:14:80 | Pair | does not validate certificates |
19-
| OpenURI.rb:17:1:17:85 | call to open | This request $@. | OpenURI.rb:17:41:17:82 | Pair | does not validate certificates |
20-
| OpenURI.rb:21:1:21:46 | call to open | This request $@. | OpenURI.rb:20:13:20:54 | Pair | does not validate certificates |
21-
| RestClient.rb:5:12:5:23 | call to get | This request $@. | RestClient.rb:4:60:4:96 | Pair | does not validate certificates |
22-
| RestClient.rb:9:12:9:23 | call to get | This request $@. | RestClient.rb:8:62:8:98 | Pair | does not validate certificates |
23-
| RestClient.rb:14:12:14:23 | call to get | This request $@. | RestClient.rb:12:13:12:49 | Pair | does not validate certificates |
24-
| Typhoeus.rb:4:1:4:62 | call to get | This request $@. | Typhoeus.rb:4:41:4:61 | Pair | does not validate certificates |
25-
| Typhoeus.rb:8:1:8:54 | call to post | This request $@. | Typhoeus.rb:7:37:7:57 | Pair | does not validate certificates |
1+
| Excon.rb:6:3:6:34 | call to get | This request may run with $@. | Excon.rb:5:3:5:34 | call to []= | certificate validation disabled |
2+
| Excon.rb:12:3:12:34 | call to get | This request may run with $@. | Excon.rb:11:3:11:23 | call to ssl_verify_peer= | certificate validation disabled |
3+
| Excon.rb:18:3:18:34 | call to get | This request may run with $@. | Excon.rb:17:3:17:34 | call to []= | certificate validation disabled |
4+
| Excon.rb:24:3:24:10 | call to get | This request may run with $@. | Excon.rb:23:55:23:76 | Pair | certificate validation disabled |
5+
| Excon.rb:30:3:30:62 | call to get | This request may run with $@. | Excon.rb:30:36:30:57 | Pair | certificate validation disabled |
6+
| Faraday.rb:5:12:5:30 | call to get | This request may run with $@. | Faraday.rb:4:48:4:69 | Pair | certificate validation disabled |
7+
| Faraday.rb:9:12:9:30 | call to get | This request may run with $@. | Faraday.rb:8:48:8:94 | Pair | certificate validation disabled |
8+
| HttpClient.rb:6:1:6:33 | call to get | This request may run with $@. | HttpClient.rb:5:1:5:29 | call to verify_mode= | certificate validation disabled |
9+
| Httparty.rb:4:1:4:50 | call to get | This request may run with $@. | Httparty.rb:4:37:4:49 | Pair | certificate validation disabled |
10+
| Httparty.rb:7:1:7:55 | call to get | This request may run with $@. | Httparty.rb:7:37:7:54 | Pair | certificate validation disabled |
11+
| Httparty.rb:10:1:10:59 | call to get | This request may run with $@. | Httparty.rb:10:39:10:56 | Pair | certificate validation disabled |
12+
| Httparty.rb:13:1:13:70 | call to post | This request may run with $@. | Httparty.rb:13:57:13:69 | Pair | certificate validation disabled |
13+
| Httparty.rb:16:1:16:74 | call to post | This request may run with $@. | Httparty.rb:16:59:16:71 | Pair | certificate validation disabled |
14+
| NetHttp.rb:9:12:9:31 | call to request | This request may run with $@. | NetHttp.rb:7:1:7:16 | ... = ... | certificate validation disabled |
15+
| OpenURI.rb:4:1:4:78 | call to open | This request may run with $@. | OpenURI.rb:4:36:4:77 | Pair | certificate validation disabled |
16+
| OpenURI.rb:7:1:7:82 | call to open | This request may run with $@. | OpenURI.rb:7:38:7:79 | Pair | certificate validation disabled |
17+
| OpenURI.rb:11:1:11:43 | call to open | This request may run with $@. | OpenURI.rb:10:13:10:54 | Pair | certificate validation disabled |
18+
| OpenURI.rb:14:1:14:81 | call to open | This request may run with $@. | OpenURI.rb:14:39:14:80 | Pair | certificate validation disabled |
19+
| OpenURI.rb:17:1:17:85 | call to open | This request may run with $@. | OpenURI.rb:17:41:17:82 | Pair | certificate validation disabled |
20+
| OpenURI.rb:21:1:21:46 | call to open | This request may run with $@. | OpenURI.rb:20:13:20:54 | Pair | certificate validation disabled |
21+
| RestClient.rb:5:12:5:23 | call to get | This request may run with $@. | RestClient.rb:4:60:4:96 | Pair | certificate validation disabled |
22+
| RestClient.rb:9:12:9:23 | call to get | This request may run with $@. | RestClient.rb:8:62:8:98 | Pair | certificate validation disabled |
23+
| RestClient.rb:14:12:14:23 | call to get | This request may run with $@. | RestClient.rb:12:13:12:49 | Pair | certificate validation disabled |
24+
| Typhoeus.rb:4:1:4:62 | call to get | This request may run with $@. | Typhoeus.rb:4:41:4:61 | Pair | certificate validation disabled |
25+
| Typhoeus.rb:8:1:8:54 | call to post | This request may run with $@. | Typhoeus.rb:7:37:7:57 | Pair | certificate validation disabled |

0 commit comments

Comments
 (0)