hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

JavaScript: Fix inconsistency in MissingRegExpAnchor.qhelp.

Browse Source
This commit is contained in:
Max Schaefer
2019-08-12 10:29:21 +01:00
parent a6cae2bf3e
commit 80cfe070d4
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.qhelp
View File

@@ -47,9 +47,8 @@
<p>
The check with the regular expression match is, however, easy to bypass. For example
by embedding <code>example.com</code> in the path component:
<code>http://evil-example.net/example.com</code>, or in the query
string component: <code>http://evil-example.net/?x=example.com</code>.
by embedding <code>http://example.com/</code> in the query
string component: <code>http://evil-example.net/?x=http://example.com/</code>.
Address these shortcomings by using anchors in the regular expression instead: