hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ginsbach/OverlayLocalJava
codeql/ruby/ql/lib/change-notes/released/0.8.13.md
github-actions[bot] ec97d9a304 Release preparation for version 2.17.0
2024-04-01 13:46:57 +00:00

781 B
Raw Permalink Blame History

0.8.13

Minor Analysis Improvements

  • Data flow is now tracked through ActiveRecord scopes.
  • Modeled instances of ActionDispatch::Http::UploadedFile that can be obtained from element reads of ActionController::Parameters, with calls to original_filename, content_type, and read now propagating taint from their receiver.
  • The second argument, subquery_name, of the ActiveRecord::QueryMethods::from method, is now recognized as an sql injection sink.
  • Calls to Typhoeus::Request.new are now considered as instances of the Http::Client::Request concept, with the response body being treated as a remote flow source.
  • New command injection sinks have been added, including Process.spawn, Process.exec, Terrapin::CommandLine and the open4 gem.