hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ginsbach/NewOverlayLocalJavaRebase
codeql/ruby/ql/lib/change-notes/released/0.6.0.md
Jeroen Ketema 0c7346707b Fix minor issues with change notes
2023-04-14 15:37:04 +02:00

1.2 KiB
Raw Permalink Blame History

0.6.0

Deprecated APIs

  • The recently introduced new data flow and taint tracking APIs have had a number of module and predicate renamings. The old APIs remain in place for now.

Minor Analysis Improvements

  • Control flow graph: the evaluation order of scope expressions and receivers in multiple assignments has been adjusted to match the changes made in Ruby 3.1 and 3.2.
  • The clear-text storage (rb/clear-text-storage-sensitive-data) and logging (rb/clear-text-logging-sensitive-data) queries now use built-in flow through hashes, for improved precision. This may result in both new true positives and less false positives.
  • Accesses of params in Sinatra applications are now recognized as HTTP input accesses.
  • Data flow is tracked from Sinatra route handlers to ERB files.
  • Data flow is tracked between basic Sinatra filters (those without URL patterns) and their corresponding route handlers.

Bug Fixes

  • Fixed some accidental predicate visibility in the backwards-compatible wrapper for data flow configurations. In particular DataFlow::hasFlowPath, DataFlow::hasFlow, DataFlow::hasFlowTo, and DataFlow::hasFlowToExpr were accidentally exposed in a single version.