actions/gosec
1
0
Fork 0
mirror of https://github.com/securego/gosec.git synced 2024-11-05 19:45:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update the description message of template rule (#803)

Browse source
This commit is contained in:
Cosmin Cojocar 2022-04-05 07:41:36 +02:00 committed by GitHub
parent 0791d31471
commit 89dfdc0c97
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
rules/templates.go
View file

@ -54,7 +54,7 @@ func NewTemplateCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
ID: id,
Severity: gosec.Medium,
Confidence: gosec.Low,
What: "this method will not auto-escape HTML. Verify data is well formed.",
What: "The used method does not auto-escape HTML. This can potentially lead to 'Cross-site Scripting' vulnerabilities, in case the attacker controls the input.",
},
}, []ast.Node{(*ast.CallExpr)(nil)}
}