Merge pull request #13566 from alexrford/rb/rack-params

Ruby: add `Rack::Request` params and cookies as remote input sources
2026-05-03 04:39:29 +02:00 · 2023-07-17 14:07:20 +01:00
parent 11f2681904 2b0b2855e1
commit ab1f341aa6
8 changed files with 106 additions and 0 deletions
--- a/ruby/ql/lib/change-notes/2023-07-05-rack-response.md
+++ b/ruby/ql/lib/change-notes/2023-07-05-rack-response.md
@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* Query parameters and cookies from `Rack::Response` objects are recognized as potential sources of remote flow input.
+* Calls to `Rack::Utils.parse_query` now propagate taint.