hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp

Browse Source 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
This commit is contained in:
Sim4n6
2023-05-20 10:13:23 +01:00
committed by GitHub
parent 8462b14b54
commit 16ce024429
1 changed files with 2 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp
View File

@@ -3,11 +3,8 @@
<overview>
<p>Security checks bypass due to a Unicode transformation</p>
<p>
If ever a unicode tranformation is performed after some security checks or logical
validation, the
latter could be bypassed due to a potential Unicode characters collision.
The validation of concern are any character escaping, any regex validation or any string
verification.
If security checks or logical validation is performed before unicode normalization, the security checks or logical validation could be bypassed due to a potential Unicode character collision.
The validation we consider are: any character escaping, any regex validation, or any string manipulation (such as <code>str.split</code>).
</p>
<img src="./vulnerability-flow.png" alt="Security checks bypassed" />
</overview>