hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: fix typo in JndiInjection.qhelp

Browse Source
This commit is contained in:
Erik Krogh Kristensen
2024-02-06 15:17:30 +01:00
committed by GitHub
parent 8361efca4d
commit 879d882fa4
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-074/JndiInjection.qhelp
View File

@@ -13,7 +13,7 @@ code execution.</p>
<recommendation>
<p>The general recommendation is to avoid passing untrusted data to the <code>InitialContext.lookup
</code> method. If the name being used to look up the object must be provided by the user, make
sure that it's not in the form of an absolute URL or that it's the URL pointing to a trused server.
sure that it's not in the form of an absolute URL or that it's the URL pointing to a trusted server.
</p>
</recommendation>