Model Argument[1] of ActiveRecord from

2026-04-30 19:26:02 +02:00 · 2024-03-08 14:04:01 +00:00
parent 2896bfbd9f
commit dbd33d1cf0
4 changed files with 86 additions and 68 deletions
--- a/ruby/ql/lib/change-notes/2024-03-08-activerecord-from.md
+++ b/ruby/ql/lib/change-notes/2024-03-08-activerecord-from.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The second argument, `subquery_name`, of the `ActiveRecord::QueryMethods::from` method, is now recognized as an sql injection sink.