hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update SpelInjection.qhelp

Browse Source
This commit is contained in:
mc
2021-07-27 14:44:46 +01:00
committed by Tony Torralba
parent d10dbbdd9d
commit 3520fed752
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/src/Security/CWE/CWE-094/SpelInjection.qhelp
View File

@@ -4,7 +4,7 @@
<overview>
<p>
The Spring Expression Language (SpEL) is a powerful expression language
provided by Spring Framework. The language offers many features
provided by the Spring Framework. The language offers many features
including invocation of methods available in the JVM.
If a SpEL expression is built using attacker-controlled data,
and then evaluated in a powerful context,
@@ -31,7 +31,7 @@ that doesn't allow arbitrary method invocation.
<example>
<p>
The following example uses untrusted data to build a SpEL expression
and then runs it in the default powerfull context.
and then runs it in the default powerful context.
</p>
<sample src="UnsafeSpelExpressionEvaluation.java" />
@@ -53,4 +53,4 @@ However, it's recommended to avoid using untrusted input in SpEL expressions.
<a href="https://owasp.org/www-community/vulnerabilities/Expression_Language_Injection">Expression Language Injection</a>.
</li>
</references>
</qhelp>
</qhelp>