hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 04:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use correct file names in SpringExporterUnsafeDeserialization.qhelp

Browse Source
This commit is contained in:
Artem Smotrakov
2021-03-06 22:07:43 +01:00
parent bda223771b
commit 891b975899
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/experimental/Security/CWE/CWE-502/SpringExporterUnsafeDeserialization.qhelp
View File

@@ -45,11 +45,11 @@ consider using global deserialization filters introduced in JEP 290.
The following example shows how a vulnerable HTTP endpoint can be defined
using <code>HttpInvokerServiceExporter</code> and Spring annotations:
</p>
<sample src="UnsafeHttpInvokerEndpoint.java" />
<sample src="SpringExporterUnsafeDeserialization.java" />
<p>
The next examples shows how the same vulnerable endpoint can be defined in a Spring XML config:
</p>
<sample src="UnsafeHttpInvokerEndpoint.xml" />
<sample src="SpringExporterUnsafeDeserialization.xml" />
</example>
<references>