hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Replace one more mention of escaping

Browse Source
This commit is contained in:
Chris Smowton
2022-12-19 16:36:57 +00:00
parent 45c732a6f9
commit ef27f9fe96
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/Security/CWE/CWE-089/SqlConcatenated.qhelp
View File

@@ -4,8 +4,8 @@
<qhelp>
<overview>
<p>Even when the components of a SQL query are not fully controlled by
a user, it is a vulnerability to concatenate those components into a
SQL query without neutralizing special characters. Perhaps a separate
a user, it is a vulnerability to build the query by directly
concatenating those components. Perhaps a separate
vulnerability will allow the user to gain control of the component. As
well, a user who cannot gain full control of an input might influence
it enough to cause the SQL query to fail to run.</p>