hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update ruby/ql/src/queries/security/cwe-094/TemplateInjection.qhelp

Browse Source 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
This commit is contained in:
Maiky
2023-03-08 10:27:39 +01:00
committed by GitHub
parent 44997d6b5f
commit cbb031ee14
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ruby/ql/src/queries/security/cwe-094/TemplateInjection.qhelp
View File

@@ -17,7 +17,7 @@ use a sandboxed environment where access to unsafe attributes and methods is pro
<example>
<p>
<p>Consider the example given below, an untrusted HTTP parameter `name` is used to generate a template string. This can lead to remote code execution. </p>
<p>Consider the example given below, an untrusted HTTP parameter <code>name</code> is used to generate a template string. This can lead to remote code execution. </p>
<sample src="examples/SSTIBad.rb" />
<p>Here we have fixed the problem by including ERB/Slim syntax in the string, then the user input will be rendered but no evaluated.</p>