hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
2daf50500ca8f7eb914c82e88dec36652bfbe8fd
codeql/ruby/ql/lib/change-notes/released/0.8.10.md
github-actions[bot] 2f058ffb4d Release preparation for version 2.16.4
2024-03-06 20:56:51 +00:00

792 B
Raw Blame History

0.8.10

Minor Analysis Improvements

  • Calls to I18n.translate as well as Rails helper translate methods now propagate taint from their keyword arguments. The Rails translate methods are also recognized as XSS sanitizers when using keys marked as html safe.
  • Calls to Arel::Nodes::SqlLiteral.new are now modeled as instances of the SqlConstruction concept, as well as propagating taint from their argument.
  • Additional arguments beyond the first of calls to the ActiveRecord methods select, reselect, order, reorder, joins, group, and pluck are now recognized as sql injection sinks.
  • Calls to several methods of ActiveRecord::Connection, such as ActiveRecord::Connection#exec_query, are now recognized as SQL executions, including those via subclasses.