hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

convert tabs to spaces in qhelp

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2022-07-12 15:58:47 +02:00
parent 712805f3bf
commit 220ff3cb2e
4 changed files with 80 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.qhelp
View File

@@ -3,13 +3,13 @@
"qhelp.dtd">
<qhelp>
<overview>
<p>
A regexp range can by accident match more than was intended.
<overview>
<p>
A regexp range can by accident match more than was intended.
For example, the regular expression <code>/[a-zA-z]/</code> will
match every lowercase and uppercase letters, but the same regular
expression will also match the chars: <code>[\]^_`</code>.
</p>
</p>
<p>
On other occasions it can happen that the dash in a regular
expression is not escaped, which will cause it to be interpreted
@@ -18,22 +18,22 @@
<code>,</code> and <code>_</code> (both included), which overlaps with the
range <code>[0-9]</code> and is thus clearly not intended.
</p>
</overview>
</overview>
<recommendation>
<p>
<recommendation>
<p>
Don't write character ranges were there might be confusion as to
Don't write character ranges were there might be confusion as to
which characters are included in the range.
</p>
</recommendation>
</p>
</recommendation>
<example>
<example>
<p>
<p>
The following example code checks whether a string is a valid 6 digit hex color.
</p>
</p>
<sample language="java">
import java.util.regex.Pattern
@@ -44,7 +44,7 @@ public class Tester {
}
</sample>
<p>
<p>
However, the <code>A-f</code> range matches every uppercase character, and
thus a "color" like <code>#XYZ</code> is considered valid.
</p>
@@ -62,11 +62,11 @@ public class Tester {
}
</sample>
</example>
</example>
<references>
<li>Mitre.org: <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-020</a></li>
<li>github.com: <a href="https://github.com/advisories/GHSA-g4rg-993r-mgx7">CVE-2021-42740</a></li>
<li>wh0.github.io: <a href="https://wh0.github.io/2021/10/28/shell-quote-rce-exploiting.html">Exploiting CVE-2021-42740</a></li>
</references>
<references>
<li>Mitre.org: <a href="https://cwe.mitre.org/data/definitions/20.html">CWE-020</a></li>
<li>github.com: <a href="https://github.com/advisories/GHSA-g4rg-993r-mgx7">CVE-2021-42740</a></li>
<li>wh0.github.io: <a href="https://wh0.github.io/2021/10/28/shell-quote-rce-exploiting.html">Exploiting CVE-2021-42740</a></li>
</references>
</qhelp>