Update the description message of template rule (#803)

This commit is contained in:
Cosmin Cojocar 2022-04-05 07:41:36 +02:00 committed by GitHub
parent 0791d31471
commit 89dfdc0c97
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -54,7 +54,7 @@ func NewTemplateCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
ID: id, ID: id,
Severity: gosec.Medium, Severity: gosec.Medium,
Confidence: gosec.Low, Confidence: gosec.Low,
What: "this method will not auto-escape HTML. Verify data is well formed.", What: "The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input.",
}, },
}, []ast.Node{(*ast.CallExpr)(nil)} }, []ast.Node{(*ast.CallExpr)(nil)}
} }