You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi @guatedude2, following #7 and #8, CodeQL reported another finding (see screenshot below):
Title: Incomplete string escaping or encoding.
Location: lib/readfiles.js:13
Description: Sanitizing untrusted input is a common technique for preventing injection attacks such as SQL injection or cross-site scripting. Usually, this is done by escaping meta-characters such as quotes in a domain-specific way so that they are treated as normal characters.
Tool: CodeQL
Rule ID: js/incomplete-sanitization
You probably see the same on your CodeQL dashboard.
Is this a true positive or false positive?
Thanks
The text was updated successfully, but these errors were encountered:
ThibaudLopez
changed the title
Incomplete string escaping or encoding @ lib/readfiles.js:13
CodeQL: Incomplete string escaping or encoding @ lib/readfiles.js:13
May 19, 2022
Hi @guatedude2, following #7 and #8, CodeQL reported another finding (see screenshot below):
Incomplete string escaping or encoding
.lib/readfiles.js:13
Sanitizing untrusted input is a common technique for preventing injection attacks such as SQL injection or cross-site scripting. Usually, this is done by escaping meta-characters such as quotes in a domain-specific way so that they are treated as normal characters.
CodeQL
js/incomplete-sanitization
You probably see the same on your CodeQL dashboard.
Is this a true positive or false positive?
Thanks
The text was updated successfully, but these errors were encountered: