hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

update qhelp with suggestions

Browse Source 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
This commit is contained in:
Erik Krogh Kristensen
2022-01-26 11:03:05 +01:00
committed by GitHub
parent debebb2b8c
commit abd87615ff
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
javascript/ql/src/Security/CWE-300/InsecureDependencyResolution.qhelp
View File

@@ -16,13 +16,13 @@ infect the build artifacts and execute arbitrary code on the machine building th
</overview>
<recommendation>
<p>Always use HTTPS or SFTP when downloading artifacts from an URL.</p>
<p>Always use a secure protocol, such as HTTPS or SFTP, when downloading artifacts from an URL.</p>
</recommendation>
<example>
<p>
The below example shows a <code>package.json</code> file that downloads a dependency using unencrypted HTTP.
The below example shows a <code>package.json</code> file that downloads a dependency using the insecure HTTP protocol.
</p>
<sample src="examples/bad-package.json" />
<p>