codeql/2023-03-13-sinatra.md at 4ba1740c459059992c04effaeacfd42aecd00a80 - codeql - Gitea: Git with a cup of tea

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00

Files

Harry Maclean 3734a544bc Ruby: Add change note

2023-03-13 21:38:45 +13:00

310 B

Raw Blame History

category

category
minorAnalysis

Accesses of params in Sinatra applications are now recognised as HTTP input accesses.
Data flow is tracked from Sinatra route handlers to ERB files.
Data flow is tracked between basic Sinatra filters (those without URL patterns) and their corresponding route handlers.