hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ginsbach/EnableJavaOverlayCompilation
codeql/ruby/ql/lib/change-notes/released/0.4.2.md
Arthur Baars 45c9a0d0b1 Apply suggestions from code review 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
2022-10-20 15:22:29 +02:00

663 B
Raw Permalink Blame History

0.4.2

Minor Analysis Improvements

  • The hashing algorithms from Digest and OpenSSL::Digest are now recognized and can be flagged by the rb/weak-cryptographic-algorithm query.
  • More sources of remote input arising from methods on ActionDispatch::Request are now recognized.
  • The response value returned by the Faraday#run_request method is now also considered a source of remote input.
  • ActiveJob::Serializers.deserialize is considered to be a code execution sink.
  • Calls to params in ActionMailer classes are now treated as sources of remote user input.
  • Taint flow through ActionController::Parameters is tracked more accurately.