hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ginsbach/OverlayLocalJava
codeql/ruby/ql/lib/change-notes/released/0.4.2.md
Arthur Baars 45c9a0d0b1 Apply suggestions from code review 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
2022-10-20 15:22:29 +02:00

11 lines
663 B
Markdown
Raw Permalink Blame History

## 0.4.2
### Minor Analysis Improvements
* The hashing algorithms from `Digest` and `OpenSSL::Digest` are now recognized and can be flagged by the `rb/weak-cryptographic-algorithm` query.
* More sources of remote input arising from methods on `ActionDispatch::Request` are now recognized.
* The response value returned by the `Faraday#run_request` method is now also considered a source of remote input.
* `ActiveJob::Serializers.deserialize` is considered to be a code execution sink.
* Calls to `params` in `ActionMailer` classes are now treated as sources of remote user input.
* Taint flow through `ActionController::Parameters` is tracked more accurately.
Reference in New Issue View Git Blame Copy Permalink