hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-17 04:56:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make qhelp for 'Incomplete URL substring sanitization' consistent across languages.

Browse Source
This commit is contained in:
Mark Shannon
2019-01-25 16:47:23 +00:00
parent 6ddbed7d95
commit 3850f87879
2 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qhelp
View File

@@ -14,10 +14,9 @@
</p>
<p>
However, it is notoriously error-prone to treat the URL as
a string and check if one of the allowed hosts is a substring of the
URL. Malicious URLs can bypass such security checks by embedding one
However, treating the URL as a string and checking if one of the
allowed hosts is a substring of the URL is very prone to errors.
Malicious URLs can bypass such security checks by embedding one
of the allowed hosts in an unexpected location.
</p>