hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Better recommendation in UnsafeDeserializationRmi.qhelp

Browse Source 
Co-authored-by: Chris Smowton <smowton@github.com>
This commit is contained in:
Artem Smotrakov
2021-06-01 12:16:09 +03:00
committed by GitHub
parent b28d639166
commit 8dc1451d42
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.qhelp
View File

@@ -13,7 +13,7 @@ In the worst case, it results in remote code execution.
<recommendation>
<p>
Use only strings and primitive types in parameters of remote objects.
Use only strings and primitive types for parameters of remotely invokable methods.
</p>
<p>
Set a filter for incoming serialized data by wrapping remote objects using either <code>UnicastRemoteObject.exportObject(Remote, int, ObjectInputFilter)</code>