hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 03:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix typo.

Browse Source
This commit is contained in:
Mark Shannon
2018-11-28 10:29:43 +00:00
parent 1080525d7d
commit dff36e22ff
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
change-notes/1.19/analysis-python.md
View File

@@ -58,7 +58,7 @@ A new predicate `Stmt.getAnEntryNode()` has been added to make it easier to writ
|-----------------------------|-----------|--------------------------------------------------------------------|
| Flask app is run in debug mode (`py/flask-debug`) | security, external/cwe/cwe-215, external/cwe/cwe-489 | Finds instances where a Flask application is run in debug mode. Enabled on LGTM by default. |
| Information exposure through an exception (`py/stack-trace-exposure`) | security, external/cwe/cwe-209, external/cwe/cwe-497 | Finds instances where information about an exception may be leaked to an external user. Enabled on LGTM by default. |
| Jinja2 templating with autoescape=False (`ppy/jinja2/autoescape-false`) | security, external/cwe/cwe-079 | Finds instantiations of jinja2.Environment with `autoescape=False` which may allow XSS attacks. Not enabled on LGTM by default. |
| Jinja2 templating with autoescape=False (`py/jinja2/autoescape-false`) | security, external/cwe/cwe-079 | Finds instantiations of jinja2.Environment with `autoescape=False` which may allow XSS attacks. Not enabled on LGTM by default. |
| Request without certificate validation (`py/request-without-cert-validation`) | security, external/cwe/cwe-295 | Finds requests where certificate verification has been explicitly turned off, possibly allowing man-in-the-middle attacks. Not enabled on LGTM by default. |
## Changes to existing queries