hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update JndiInjection.qhelp

Browse Source 
Improve negation
This commit is contained in:
mc
2021-07-29 15:10:32 +01:00
committed by GitHub
parent 8f1ecf529f
commit 0a986ad0e8
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-074/JndiInjection.qhelp
View File

@@ -11,7 +11,7 @@ code execution.</p>
</overview>
<recommendation>
<p>The general recommendation is to not pass untrusted data to the <code>InitialContext.lookup
<p>The general recommendation is to avoid passing untrusted data to the <code>InitialContext.lookup
</code> method. If the name being used to look up the object must be provided by the user, make
sure that it's not in the form of an absolute URL or that it's the URL pointing to a trused server.
</p>