hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ginsbach/OverlayLocalJava
codeql/ruby/ql/lib/change-notes/released/0.4.4.md
github-actions[bot] e105c13e77 Release preparation for version 2.11.4
2022-11-17 16:40:45 +00:00

1.1 KiB
Raw Permalink Blame History

0.4.4

Minor Analysis Improvements

  • Data flow through the ActiveSupport extension Enumerable#index_by is now modeled.
  • The codeql.ruby.Concepts library now has a SqlConstruction class, in addition to the existing SqlExecution class.
  • Calls to Arel.sql are now modeled as instances of the new SqlConstruction concept.
  • Arguments to RPC endpoints (public methods) on subclasses of ActionCable::Channel::Base are now recognized as sources of remote user input.
  • Taint flow through the ActiveSupport extensions Hash#reverse_merge and Hash:reverse_merge!, and their aliases, is now modeled more generally, where previously it was only modeled in the context of ActionController parameters.
  • Calls to logger in ActiveSupport actions are now recognised as logger instances.
  • Calls to send_data in ActiveSupport actions are recognised as HTTP responses.
  • Calls to body_stream in ActiveSupport actions are recognised as HTTP request accesses.
  • The ActiveSupport extensions Object#try and Object#try! are now recognised as code executions.