hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix the qhelp

Browse Source 
Co-authored-by: Asger F <asgerf@github.com>
This commit is contained in:
Erik Krogh Kristensen
2022-11-01 14:03:39 +01:00
committed by erik-krogh
parent 5e5160d4fc
commit 8fd6424db9
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.qhelp
View File

@@ -15,8 +15,8 @@ the server.
<recommendation>
<p>
Sanitize user input before passing it to the shell command by for example
ensuring that URLs are valid and do not contain malicious commands.
Sanitize user input before passing it to the shell command. For example,
ensure that URLs are valid and do not contain malicious commands.
</p>
</recommendation>
@@ -30,7 +30,7 @@ URL that can be controlled by a malicious user.
<sample src="examples/second-order-command-injection.js" />
<p>
The problem has been fixed in the below where the URL is validated before
The problem has been fixed in the snippet below, where the URL is validated before
being passed to the shell command.
</p>