Ruby: recognise csrf_meta_tag

hmac · hmac · commit 0597b2ed1b3b · 2024-02-23T11:13:16.000Z
csrf_meta_tag is an alias for csrf_meta_tags, retained for backwards
compatibility.
diff --git a/ruby/ql/src/queries/security/cwe-352/CSRFProtectionNotEnabled.ql b/ruby/ql/src/queries/security/cwe-352/CSRFProtectionNotEnabled.ql
@@ -44,6 +44,6 @@ where
   (
     railsPreVersion3()
     or
-    not any(MethodCall m).getMethodName() = "csrf_meta_tags"
+    not any(MethodCall m).getMethodName() = ["csrf_meta_tags", "csrf_meta_tag"]
   )
 select c, "Potential CSRF vulnerability due to forgery protection not being enabled."

Original file line number	Diff line number	Diff line change
`@@ -44,6 +44,6 @@ where`
`44`	`44`	`(`
`45`	`45`	`railsPreVersion3()`
`46`	`46`	`or`
`47`		`- not any(MethodCall m).getMethodName() = "csrf_meta_tags"`
	`47`	`+ not any(MethodCall m).getMethodName() = ["csrf_meta_tags", "csrf_meta_tag"]`
`48`	`48`	`)`
`49`	`49`	`select c, "Potential CSRF vulnerability due to forgery protection not being enabled."`