hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix typo in .qhelp

Browse Source
This commit is contained in:
Shyam Mehta
2022-06-29 18:03:57 -04:00
parent 7ab8f0262c
commit 16814071df
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp
View File

@@ -28,7 +28,7 @@ returns a <b>non</b>-slash-terminated path string, so a <code>"/"</code> must be
In this example, the <code>if</code> statement checks if <code>parent.getCanonicalPath()</code>
is a prefix of <code>dir.getCanonicalPath()</dir>. However, <code>parent.getCanonicalPath()</code> is
is a prefix of <code>dir.getCanonicalPath()</code>. However, <code>parent.getCanonicalPath()</code> is
not slash-terminated. So, the user that supplies <code>dir</code> may be allowed to access siblings of <code>parent</code>
and not just children of <code>parent</code>, which is a security issue.