From 223d0dbf0b4fd3042d657d4d671f3a21453e845f Mon Sep 17 00:00:00 2001 From: Max Schaefer Date: Fri, 22 May 2020 11:18:27 +0100 Subject: [PATCH] Fix missing `

` in qhelp. --- .../CWE-807/SensitiveConditionBypass.qhelp | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/ql/src/experimental/CWE-807/SensitiveConditionBypass.qhelp b/ql/src/experimental/CWE-807/SensitiveConditionBypass.qhelp index c75a1b71c0c..ee844ade258 100644 --- a/ql/src/experimental/CWE-807/SensitiveConditionBypass.qhelp +++ b/ql/src/experimental/CWE-807/SensitiveConditionBypass.qhelp @@ -6,25 +6,26 @@ Testing untrusted user input against a fixed constant results in a bypass of the conditional check as the attacker may alter the input to match the constant. When an incorrect check of this type is used to guard a potentially sensitive block, it results an attacker gaining access to the sensitive block. -

+

Never decide whether to authenticate a user based on data that may be controlled by that user. If necessary, ensure that the data is validated extensively when it is input before any authentication checks are performed. -

-

+

+

It is still possible to have a system that "remembers" users, thus not requiring the user to login on every interaction. For example, personalization settings can be applied without authentication because this is not sensitive information. However, users -should be allowed to take sensitive actions only when they have been fully authenticated. +should be allowed to take sensitive actions only when they have been fully authenticated. +

The following example shows a comparison where an user controlled expression is used to guard a sensitive method. This should be avoided.: -

+