hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
dd31be43e07d901bafb543c8f65be8e9b5abb364
codeql/ruby/ql/lib/change-notes/released/0.4.1.md
github-actions[bot] a02dcdc5e1 Release preparation for version 2.11.1
2022-10-07 02:20:28 +00:00

1.2 KiB
Raw Blame History

0.4.1

Minor Analysis Improvements

  • The following classes have been moved from codeql.ruby.frameworks.ActionController to codeql.ruby.frameworks.Rails:
    • ParamsCall, now accessed as Rails::ParamsCall.
    • CookieCall, now accessed as Rails::CookieCall.
  • The following classes have been moved from codeql.ruby.frameworks.ActionView to codeql.ruby.frameworks.Rails:
    • HtmlSafeCall, now accessed as Rails::HtmlSafeCall.
    • HtmlEscapeCall, now accessed as Rails::HtmlEscapeCall.
    • RenderCall, now accessed as Rails::RenderCall.
    • RenderToCall, now accessed as Rails::RenderToCall.
  • Subclasses of ActionController::Metal are now recognised as controllers.
  • ActionController::DataStreaming::send_file is now recognized as a FileSystemAccess.
  • Various XSS sinks in the ActionView library are now recognized.
  • Calls to ActiveRecord::Base.create are now recognized as model instantiations.
  • Various code executions, command executions and HTTP requests in the ActiveStorage library are now recognized.
  • MethodBase now has two new predicates related to visibility: isPublic and isProtected. These hold, respectively, if the method is public or protected.