hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix qhelp file

Browse Source
This commit is contained in:
Tony Torralba
2021-05-17 16:52:08 +02:00
parent 132a187586
commit ed13c17ea8
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-917/OgnlInjection.qhelp
View File

@@ -11,7 +11,7 @@ attacker to modify Java objects' properties or execute arbitrary code.</p>
<recommendation>
<p>The general recommendation is to not evaluate untrusted ONGL expressions. If user provided OGNL
expressions must be evaluated, do this in sandbox (add `-Dognl.security.manager` to JVM arguments)
expressions must be evaluated, do this in sandbox (add <code>-Dognl.security.manager</code> to JVM arguments)
and validate the expressions before evaluation.</p>
</recommendation>