hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
alexet/avoid-path-node-java
codeql/ruby/ql/lib/change-notes/released/0.8.13.md
github-actions[bot] ec97d9a304 Release preparation for version 2.17.0
2024-04-01 13:46:57 +00:00

10 lines
781 B
Markdown
Raw Permalink Blame History

## 0.8.13
### Minor Analysis Improvements
* Data flow is now tracked through `ActiveRecord` scopes.
* Modeled instances of `ActionDispatch::Http::UploadedFile` that can be obtained from element reads of `ActionController::Parameters`, with calls to `original_filename`, `content_type`, and `read` now propagating taint from their receiver.
* The second argument, `subquery_name`, of the `ActiveRecord::QueryMethods::from` method, is now recognized as an sql injection sink.
* Calls to `Typhoeus::Request.new` are now considered as instances of the `Http::Client::Request` concept, with the response body being treated as a remote flow source.
* New command injection sinks have been added, including `Process.spawn`, `Process.exec`, `Terrapin::CommandLine` and the `open4` gem.
Reference in New Issue View Git Blame Copy Permalink