Ruby queries for CodeQL analysis

Explore the queries that CodeQL uses to analyze code written in Ruby when you select the default or the security-extended query suite.

Who can use this feature?

CodeQL is available for the following repository types:

Public repositories on GitHub.com, see GitHub CodeQL Terms and Conditions
Organization-owned repositories on GitHub Team or GitHub Enterprise Cloud with GitHub Code Security enabled

CodeQL includes many queries for analyzing Ruby code. All queries in the default query suite are run by default. If you choose to use the security-extended query suite, additional queries are run. For more information, see CodeQL query suites.

Built-in queries for Ruby analysis

This table lists the queries available with the latest release of the CodeQL action and CodeQL CLI. For more information, see CodeQL change logs in the CodeQL documentation site.

Query name	Related CWEs	Default	Extended	Copilot Autofix
Bad HTML filtering regexp	116, 020, 185, 186
Badly anchored regular expression	020
Clear-text logging of sensitive information	312, 359, 532
Clear-text storage of sensitive information	312, 359, 532
Code injection	094, 095, 116
CSRF protection not enabled	352
CSRF protection weakened or disabled	352
Dependency download using unencrypted communication channel	300, 319, 494, 829
Deserialization of user-controlled data	502
Download of sensitive file through insecure connection	829
Incomplete multi-character sanitization	020, 080, 116
Incomplete regular expression for hostnames	020
Incomplete string escaping or encoding	020, 080, 116
Incomplete URL substring sanitization	020
Inefficient regular expression	1333, 730, 400
Information exposure through an exception	209, 497
Insecure Mass Assignment	915
Overly permissive regular expression range	020
Polynomial regular expression used on uncontrolled data	1333, 730, 400
Reflected server-side cross-site scripting	079, 116
Regular expression injection	1333, 730, 400
Sensitive data read from GET request	598
Server-side request forgery	918
SQL query built from user-controlled sources	089
Stored cross-site scripting	079, 116
Uncontrolled command line	078, 088
Uncontrolled data used in path expression	022, 023, 036, 073, 099
Unsafe HTML constructed from library input	079, 116
Unsafe shell command constructed from library input	078, 088, 073
URL redirection from remote source	601
Use of `Kernel.open` or `IO.read` or similar sinks with a non-constant value	078, 088, 073
Use of `Kernel.open`, `IO.read` or similar sinks with user-controlled input	078, 088, 073
Use of a broken or weak cryptographic algorithm	327
Use of a broken or weak cryptographic hashing algorithm on sensitive data	327, 328, 916
Use of externally-controlled format string	134
Weak cookie configuration	732, 1275
XML external entity expansion	611, 776, 827
Hard-coded data interpreted as code	506
Log injection	117
Missing regular expression anchor	020
Network data written to file	912, 434
Request without certificate validation	295
Unsafe code constructed from library input	094, 079, 116