search

apache / security-vulnogram

Vulnogram is a tool for creating and editing CVE information in CVE JSON format
https://vulnogram.github.io/
MIT License
5 stars 4 forks source link

Validate the document ID before using it in a query #91

Closed raboof closed 1 year ago

raboof commented 1 year ago

This is likely not strictly necessary, but good to err on the safe side.

iamamoose commented 1 year ago

did this change come about because of an issue?

raboof commented 1 year ago

No - there was a CodeQL warning that we were using user-submitted input in a query, and while I would be highly surprised if this led to trouble, it seemed like good practice to validate it anyway.

iamamoose commented 1 year ago

would prefer if you send that upstream then to avoid too many ASF specific changes

raboof commented 1 year ago

Makes sense, https://github.com/Vulnogram/Vulnogram/pull/125