codeql/2023-03-13-rails-sinks.md at 8aa9207281bbbf26f2bdcca6ef8eeaf6ad6c8f6b - codeql - Gitea: Git with a cup of tea

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00

Files

Harry Maclean 9c3d141c9c Ruby: Add change note

2023-03-13 18:57:55 +13:00

334 B

Raw Blame History

category

category
minorAnalysis

The Active Record query methods reorder and count_by_sql are now recognised as SQL executions.
Calls to ActiveRecord::Connection#execute, including those via subclasses, are now recognised as SQL executions.
Data flow through ActionController::Parameters#require is now tracked properly.