hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Remove experimental version + qhelp fixes

Browse Source
This commit is contained in:
Joe Farebrother
2024-11-21 17:06:25 +00:00
parent e4e02ec674
commit 4602c5c905
21 changed files with 2 additions and 660 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/src/Security/CWE-074/TemplateInjection.qhelp
View File

@@ -16,10 +16,10 @@
<sample src="examples/JinjaBad.py" />
<p>The following is an example of a string that could be used to cause remote code execution when interpreted as a template:</p>
<sample src="examples/template_exploit" />
<sample src="examples/template_exploit.txt" />
<p>In the following case, user input is not used to construct the template; rather is only used for as the parameters to render the template, which is safe.</p>
<sample scr="examples/JinjaGoodParam" />
<sample src="examples/JinjaGoodParam.py" />
<p>In the following case, a <code>SandboxedEnvironment</code> is used, preventing remote code execution.</p>
<sample src="examples/JinjaGoodSandbox.py" />