hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

adjust qhelp to focus on user-controlled data

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2020-05-18 12:27:20 +02:00
parent d18808698a
commit 2b1724291b
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.qhelp
View File

@@ -49,10 +49,10 @@
</p>
<p>
Even worse, although less likely, a malicious user could
provide the input <code>http://example.org; cat /etc/passwd</code>
Even worse, although less likely, a client might pass in user-controlled
data not knowing that the input is interpreted as a shell command.
This could allow a malicious user to provide the input <code>http://example.org; cat /etc/passwd</code>
in order to execute the command <code>cat /etc/passwd</code>.
</p>
<p>