hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql

Browse Source 
Co-authored-by: Chris Smowton <smowton@github.com>
This commit is contained in:
haby0
2021-04-20 19:35:52 +08:00
committed by GitHub
parent 9e87f4ec4e
commit b1ee864ad9
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql
View File

@@ -1,7 +1,6 @@
/**
* @name IP address spoofing
* @description The software obtains the client ip from the remote endpoint identifier specified (`X-Forwarded-For`,
* `X-Real-IP`, `Proxy-Client-IP`, etc.) in the header and uses it. Attackers can modify these The value
* @description A remote endpoint identifier is read from an HTTP header. Attackers can modify the value
* of the identifier to forge the client ip.
* @kind path-problem
* @problem.severity error