hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll

Browse Source 
Co-authored-by: Asger F <asgerf@github.com>
This commit is contained in:
Erik Krogh Kristensen
2020-10-28 11:45:58 +01:00
committed by GitHub
parent 2e514c4d7b
commit c49d5081cc
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/semmle/javascript/frameworks/NoSQL.qll
View File

@@ -792,7 +792,7 @@ private module Redis {
* Thereby the method is vulnerable if parameter `argIndex` is unexpectedly an array instead of a string, as an attacker can control arguments to Redis that the attacker was not supposed to control.
*
* Only setters and similar methods are included.
* For getter like methods it is not generally possible to gain access "outside" of where you are supposed to have access,
* For getter-like methods it is not generally possible to gain access "outside" of where you are supposed to have access,
* it is at most possible to get a Redis call to return more results than expected (e.g. by adding more members to [`geohash`](https://redis.io/commands/geohash)).
*/
bindingset[argIndex]