hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python: Fix filenames in qhelp

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2020-07-23 17:32:01 +02:00
committed by GitHub
parent e283d289fd
commit 03d22fa8e3
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/src/experimental/CWE-074/TemplateInjection.qhelp
View File

@@ -13,10 +13,10 @@
</recommendation>
<example>
<p>Consider the example given below, an untrusted HTTP parameter `template` is used to generate a Jinja2 template string. This can lead to remote code execution. </p>
<sample src="jinjaBad.py" />
<sample src="JinjaBad.py" />
<p>Here we have fixed the problem by using the Jinja sandbox environment for evaluating untrusted code.</p>
<sample src="jinjaGood.py" />
<sample src="JinjaGood.py" />
</example>
<references>
<li>Portswigger : [Server Side Template Injection](https://portswigger.net/web-security/server-side-template-injection)</li>