hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge from main to resolve conflicts

Browse Source
This commit is contained in:
Dave Bartolomeo
2024-03-19 10:41:31 -04:00
parent 769e3469a4 219cd4e415
commit 311ba8ea1b
1361 changed files with 222127 additions and 93308 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ruby/ql/lib/change-notes/2024-02-27-process-spawn.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* New command injection sinks have been added, including `Process.spawn`, `Process.exec`, `Terrapin::CommandLine` and the `open4` gem.

4
ruby/ql/lib/change-notes/2024-03-01-typhoeus-request.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Calls to `Typhoeus::Request.new` are now considered as instances of the `Http::Client::Request` concept, with the response body being treated as a remote flow source.

4
ruby/ql/lib/change-notes/2024-03-08-activerecord-from.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The second argument, `subquery_name`, of the `ActiveRecord::QueryMethods::from` method, is now recognized as an sql injection sink.

4
ruby/ql/lib/change-notes/2024-03-14-actiondispatch-uploadedfile.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Modeled instances of `ActionDispatch::Http::UploadedFile` that can be obtained from element reads of `ActionController::Parameters`, with calls to `original_filename`, `content_type`, and `read` now propagating taint from their receiver.

4
ruby/ql/lib/change-notes/2024-03-19-activerecord-scopes.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Data flow is now tracked through `ActiveRecord` scopes.