codeql/0.4.3.md at ginsbach/OverlayLocalJava

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Files

Dave Bartolomeo 013b7eff1c Apply suggestions from code review

Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>

2022-11-04 18:46:32 -04:00

0.4.3

There was a bug in TaintTracking::localTaint and TaintTracking::localTaintStep such that they only tracked non-value-preserving flow steps. They have been fixed and now also include value-preserving steps.
Instantiations using Faraday::Connection.new are now recognized as part of FaradayHttpRequests, meaning they will be considered as sinks for queries such as rb/request-forgery.
Taint flow is now tracked through extension methods on Hash, String and Object provided by ActiveSupport.