Harry Maclean
Harry Maclean
Add two new predicates to `MethodBase`: `isPublic` and `isProtected`. As part of this I've refactored the code around method visibility. This is easiest to review commit-by-commit.
This PR adds a new query, `IncompleteMultiCharSanitization`, which is a port of a JS query of the same name. It finds cases where a regex is used to strip a...
There are a few soon-to-be deprecated features that we should drop in a 3.0 release: - The `duration` field in our statistics logging (#52) - The `session_id` field in our...
Recognise send_file as a FileSystemAccess This method is available in ActionController actions, and sends the file at the given path to the client.
Add flow summaries for methods on `ActionController::Parameters`, which mostly propagate taint from receiver to return value. [Evaluation](https://github.com/github/codeql-dca-main/issues/7317) shows that we catch a couple more TPs due to flow through parameters...