mirror of
https://github.com/github/codeql.git
synced 2026-04-29 10:45:15 +02:00
4eed94a262
So it better matches what is in `py/code-injection`. I had my doubts about CWE-95, but after reading https://owasp.org/www-community/attacks/Direct_Dynamic_Code_Evaluation_Eval%20Injection I think it's fine to add CWE-95 as well 👍 Definitions are: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')