mirror of
https://github.com/github/codeql.git
synced 2025-12-20 10:46:30 +01:00
23 lines
1.2 KiB
Markdown
23 lines
1.2 KiB
Markdown
## 0.4.1
|
|
|
|
### Minor Analysis Improvements
|
|
|
|
* The following classes have been moved from `codeql.ruby.frameworks.ActionController` to `codeql.ruby.frameworks.Rails`:
|
|
* `ParamsCall`, now accessed as `Rails::ParamsCall`.
|
|
* `CookieCall`, now accessed as `Rails::CookieCall`.
|
|
* The following classes have been moved from `codeql.ruby.frameworks.ActionView` to `codeql.ruby.frameworks.Rails`:
|
|
* `HtmlSafeCall`, now accessed as `Rails::HtmlSafeCall`.
|
|
* `HtmlEscapeCall`, now accessed as `Rails::HtmlEscapeCall`.
|
|
* `RenderCall`, now accessed as `Rails::RenderCall`.
|
|
* `RenderToCall`, now accessed as `Rails::RenderToCall`.
|
|
* Subclasses of `ActionController::Metal` are now recognised as controllers.
|
|
* `ActionController::DataStreaming::send_file` is now recognized as a
|
|
`FileSystemAccess`.
|
|
* Various XSS sinks in the ActionView library are now recognized.
|
|
* Calls to `ActiveRecord::Base.create` are now recognized as model
|
|
instantiations.
|
|
* Various code executions, command executions and HTTP requests in the
|
|
ActiveStorage library are now recognized.
|
|
* `MethodBase` now has two new predicates related to visibility: `isPublic` and
|
|
`isProtected`. These hold, respectively, if the method is public or protected.
|