hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15526 from github/erik-krogh/fix-jndi-typo

Browse Source 
Java: fix typo in JndiInjection.qhelp
This commit is contained in:
Erik Krogh Kristensen
2024-02-06 17:39:25 +01:00
committed by GitHub
parent 8361efca4d 879d882fa4
commit 43f1189615
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-074/JndiInjection.qhelp
View File

@@ -13,7 +13,7 @@ code execution.</p>
<recommendation>
<p>The general recommendation is to avoid passing untrusted data to the <code>InitialContext.lookup
</code> method. If the name being used to look up the object must be provided by the user, make
sure that it's not in the form of an absolute URL or that it's the URL pointing to a trused server.
sure that it's not in the form of an absolute URL or that it's the URL pointing to a trusted server.
</p>
</recommendation>