hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 08:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve documentation

Browse Source
This commit is contained in:
jarlob
2023-04-05 10:26:02 +02:00
parent 9fba7d31f1
commit 40635e60d1
1 changed files with 1 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
javascript/ql/src/Security/CWE-094/ExpressionInjection.qhelp
View File

@@ -35,15 +35,9 @@
</p>
<sample src="examples/comment_issue_bad.yml" />
<p>
The following example uses shell syntax to read
the environment variable and will prevent the attack:
</p>
<sample src="examples/comment_issue_good.yml" />
<p>
The following example uses an environment variable, but
still allows injection because of the use of expression syntax:
<b>still allows the injection</b> because of the use of expression syntax:
</p>
<sample src="examples/comment_issue_bad_env.yml" />