codeql.yml

paths:
  - app
  - config
  - lib
  - components
  - project_gems
paths-ignore:
  - hugo
  - node_modules
  - "**/*.yml"
  - "**/*.yaml"
  - codeql
  - project_gems/effective_datatables-2.6.14/effective_datatables-2.6.14.gemspec
  - components/benefit_sponsors/spec/dummy
disable-default-queries: true
packs:
  ruby:
    - codeql/ruby-queries
  javascript:
    - codeql/javascript-queries
query-filters:
  - exclude:
     id: rb/csrf-protection-disabled
  - exclude:
     id: rb/csrf-protection-not-enabled
  - exclude:
     id: rb/incomplete-hostname-regexp
  - exclude:
     id: rb/redos
  - exclude:
     id: rb/reflected-xss
  - exclude:
     id: rb/regexp-injection
  - exclude:
     id: js/incomplete-sanitization
  - exclude:
     id: js/redos
  - exclude:
     id: js/cross-window-information-leak
  - exclude:
     id: js/unsafe-jquery-plugin
  - exclude:
     id: js/xss-through-dom