hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix qhelp examples extension

Browse Source
This commit is contained in:
jorgectf
2021-04-09 00:52:50 +02:00
parent 82f47f8571
commit cd75433e39
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
python/ql/src/experimental/Security/CWE-090/LDAPInjection.qhelp
View File

@@ -27,14 +27,14 @@ in the search filter and DN for the LDAP query.
A malicious user could provide special characters to change the meaning of these
components, and search for a completely different set of values.</p>
<sample src="examples/example_bad1.js" />
<sample src="examples/example_bad2.js" />
<sample src="examples/example_bad1.py" />
<sample src="examples/example_bad2.py" />
<p>In the third and four example, the input provided by the user is sanitized before it is included in the search filter or DN.
This ensures the meaning of the query cannot be changed by a malicious user.</p>
<sample src="examples/example_good1.js" />
<sample src="examples/example_good2.js" />
<sample src="examples/example_good1.py" />
<sample src="examples/example_good2.py" />
</example>
<references>