Merge pull request #10749 from aibaars/run_request

Ruby: treat Faraday#run_request as remote source

ruby/ql/lib/change-notes/2022-10-13-faraday-run-request.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The response value returned by the `Faraday#run_request` method is now also considered a source of remote input.

ruby/ql/lib/codeql/ruby/frameworks/http_clients/Faraday.qll

@@ -37,7 +37,8 @@ class FaradayHttpRequest extends Http::Client::Request::Range, DataFlow::CallNod
         API::getTopLevelMember("Faraday").getInstance()
       ] and
     requestNode =
-      connectionNode.getReturn(["get", "head", "delete", "post", "put", "patch", "trace"]) and
+      connectionNode
+          .getReturn(["get", "head", "delete", "post", "put", "patch", "trace", "run_request"]) and
     this = requestNode.asSource() and
     connectionUse = connectionNode.asSource()
   }