mirror of
https://github.com/github/codeql.git
synced 2025-12-18 09:43:15 +01:00
21 lines
1.2 KiB
Markdown
21 lines
1.2 KiB
Markdown
## 0.6.0
|
|
|
|
### Deprecated APIs
|
|
|
|
* The recently introduced new data flow and taint tracking APIs have had a
|
|
number of module and predicate renamings. The old APIs remain in place for
|
|
now.
|
|
|
|
### Minor Analysis Improvements
|
|
|
|
* Control flow graph: the evaluation order of scope expressions and receivers in multiple assignments has been adjusted to match the changes made in Ruby
|
|
3.1 and 3.2.
|
|
* The clear-text storage (`rb/clear-text-storage-sensitive-data`) and logging (`rb/clear-text-logging-sensitive-data`) queries now use built-in flow through hashes, for improved precision. This may result in both new true positives and less false positives.
|
|
* Accesses of `params` in Sinatra applications are now recognized as HTTP input accesses.
|
|
* Data flow is tracked from Sinatra route handlers to ERB files.
|
|
* Data flow is tracked between basic Sinatra filters (those without URL patterns) and their corresponding route handlers.
|
|
|
|
### Bug Fixes
|
|
|
|
* Fixed some accidental predicate visibility in the backwards-compatible wrapper for data flow configurations. In particular `DataFlow::hasFlowPath`, `DataFlow::hasFlow`, `DataFlow::hasFlowTo`, and `DataFlow::hasFlowToExpr` were accidentally exposed in a single version.
|