hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-22 23:35:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
This commit is contained in:
Max Schaefer
2023-11-16 11:42:35 +00:00
committed by GitHub
parent 947b094387
commit 143e1680bd
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/Security/CWE/CWE-022/TaintedPath.qhelp
View File

@@ -41,12 +41,12 @@ such as "/etc/passwd".</p>
<sample src="TaintedPath.java" />
<p>Simply checking that the path is under a trusted location (such as a known public folder) is not enough,
however, since the path could contain relative components such as "..". To fix this, we check that the it does
however, since the path could contain relative components such as "..". To fix this, check that it does
not contain ".." and starts with the public folder.</p>
<sample src="TaintedPathGood.java" />
<p>Alternatively, if we only want to allow simple filenames without a path component, we can remove all path
<p>Alternatively, if you only want to allow simple filenames without a path component, you can remove all path
separators ("/" or "\") and all ".." sequences from the input before using it to construct a file path.</p>
<sample src="TaintedPathGood2.java" />