hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ginsbach/OverlayLocalJava
codeql/ruby/ql/lib/change-notes/released/0.4.4.md
github-actions[bot] e105c13e77 Release preparation for version 2.11.4
2022-11-17 16:40:45 +00:00

14 lines
1.1 KiB
Markdown
Raw Permalink Blame History

## 0.4.4
### Minor Analysis Improvements
* Data flow through the `ActiveSupport` extension `Enumerable#index_by` is now modeled.
* The `codeql.ruby.Concepts` library now has a `SqlConstruction` class, in addition to the existing `SqlExecution` class.
* Calls to `Arel.sql` are now modeled as instances of the new `SqlConstruction` concept.
* Arguments to RPC endpoints (public methods) on subclasses of `ActionCable::Channel::Base` are now recognized as sources of remote user input.
* Taint flow through the `ActiveSupport` extensions `Hash#reverse_merge` and `Hash:reverse_merge!`, and their aliases, is now modeled more generally, where previously it was only modeled in the context of `ActionController` parameters.
* Calls to `logger` in `ActiveSupport` actions are now recognised as logger instances.
* Calls to `send_data` in `ActiveSupport` actions are recognised as HTTP responses.
* Calls to `body_stream` in `ActiveSupport` actions are recognised as HTTP request accesses.
* The `ActiveSupport` extensions `Object#try` and `Object#try!` are now recognised as code executions.
Reference in New Issue View Git Blame Copy Permalink