- Fixed a bug causing every expression in the database to be considered a system-command execution sink when calls to any of the following methods exist:
- The
spawn,fspawn,popen4,pspawn,system,_pspawnmethods and the backtick operator from thePOSIX::spawngem. - The
execute_command,rake,rails_command, andgitmethods inRails::Generation::Actions.
- The
- Improved modeling of sensitive data sources, so common words like
certainandsecretaryare no longer considered a certificate and a secret (respectively).