File tree Expand file tree Collapse file tree 1 file changed +4
-4
lines changed
java/ql/src/Security/CWE/CWE-074 Expand file tree Collapse file tree 1 file changed +4
-4
lines changed Original file line number Diff line number Diff line change 44<qhelp >
55<overview >
66<p >XSLT (Extensible Stylesheet Language Transformations) is a language for transforming XML
7- documents into other XML documents or other formats. Processing of unvalidated XSLT stylesheet can
8- let attacker to read arbitrary files from the filesystem or to execute arbitrary code.</p >
7+ documents into other XML documents or other formats. Processing unvalidated XSLT stylesheets can
8+ allow attackers to read arbitrary files from the filesystem or to execute arbitrary code.</p >
99</overview >
1010
1111<recommendation >
12- <p >The general recommendation is to not process untrusted XSLT stylesheets. If user provided
12+ <p >The general recommendation is to not process untrusted XSLT stylesheets. If user- provided
1313stylesheets must be processed, enable the secure processing mode.</p >
1414</recommendation >
1515
1616<example >
1717<p >In the following examples, the code accepts an XSLT stylesheet from the user and processes it.
1818</p >
1919
20- <p >In the first example, the user provided XSLT stylesheet is parsed and processed.</p >
20+ <p >In the first example, the user- provided XSLT stylesheet is parsed and processed.</p >
2121
2222<p >In the second example, secure processing mode is enabled.</p >
2323
You can’t perform that action at this time.
0 commit comments