hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-22 07:15:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
This commit is contained in:
Dave Bartolomeo
2022-11-04 18:46:32 -04:00
committed by GitHub
parent 508327235a
commit 013b7eff1c
4 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ruby/ql/lib/CHANGELOG.md
View File

@@ -2,8 +2,8 @@
### Minor Analysis Improvements
* There was a bug in `TaintTracking::localTaint` and `TaintTracking::localTaintStep` such that they only tracked non-value-preserving flow steps. They have been fixed and now also include value-preserving steps.
- Instantiations using `Faraday::Connection.new` are now recognized as part of `FaradayHttpRequest`s, meaning they will be considered as sinks for queries such as `rb/request-forgery`.
* There was a bug in `TaintTracking::localTaint` and `TaintTracking::localTaintStep` such that they only tracked non-value-preserving flow steps. They have been fixed and now also include value-preserving steps.
* Instantiations using `Faraday::Connection.new` are now recognized as part of `FaradayHttpRequest`s, meaning they will be considered as sinks for queries such as `rb/request-forgery`.
* Taint flow is now tracked through extension methods on `Hash`, `String` and
`Object` provided by `ActiveSupport`.

4
ruby/ql/lib/change-notes/released/0.4.3.md
View File

@@ -2,7 +2,7 @@
### Minor Analysis Improvements
* There was a bug in `TaintTracking::localTaint` and `TaintTracking::localTaintStep` such that they only tracked non-value-preserving flow steps. They have been fixed and now also include value-preserving steps.
- Instantiations using `Faraday::Connection.new` are now recognized as part of `FaradayHttpRequest`s, meaning they will be considered as sinks for queries such as `rb/request-forgery`.
* There was a bug in `TaintTracking::localTaint` and `TaintTracking::localTaintStep` such that they only tracked non-value-preserving flow steps. They have been fixed and now also include value-preserving steps.
* Instantiations using `Faraday::Connection.new` are now recognized as part of `FaradayHttpRequest`s, meaning they will be considered as sinks for queries such as `rb/request-forgery`.
* Taint flow is now tracked through extension methods on `Hash`, `String` and
`Object` provided by `ActiveSupport`.