diff --git a/powershell/ql/src/experimental/UseOfReservedCmdletChar.qhelp b/powershell/ql/src/experimental/UseOfReservedCmdletChar.qhelp index 86cabe758176..a355d3c83434 100644 --- a/powershell/ql/src/experimental/UseOfReservedCmdletChar.qhelp +++ b/powershell/ql/src/experimental/UseOfReservedCmdletChar.qhelp @@ -6,7 +6,7 @@

You cannot use following reserved characters in a function or cmdlet name as these can cause parsing or runtime errors. -Reserved Characters include: #,(){}[]&/\\$^;:\"'<>|?@`*%+=~ +Reserved Characters include: #,(){}[]&/\\$^;:\"'<>|?@`*%+=~

diff --git a/powershell/ql/src/queries/security/cwe-078/CommandInjection.qhelp b/powershell/ql/src/queries/security/cwe-078/CommandInjection.qhelp index e89985142d97..bbdd6cf44bcc 100644 --- a/powershell/ql/src/queries/security/cwe-078/CommandInjection.qhelp +++ b/powershell/ql/src/queries/security/cwe-078/CommandInjection.qhelp @@ -4,7 +4,7 @@

Code that passes user input directly to -Invoke-Expression, &, or some other library +Invoke-Expression, &, or some other library routine that executes a command, allows the user to execute malicious code.

diff --git a/powershell/ql/src/queries/security/cwe-078/DoNotuseInvokeExpression.qhelp b/powershell/ql/src/queries/security/cwe-078/DoNotuseInvokeExpression.qhelp index cf7d1bbeb681..1209d21faa88 100644 --- a/powershell/ql/src/queries/security/cwe-078/DoNotuseInvokeExpression.qhelp +++ b/powershell/ql/src/queries/security/cwe-078/DoNotuseInvokeExpression.qhelp @@ -11,7 +11,7 @@

Avoid using Invoke-Expression in your powershell code.

-

If you’re running some command and the command path has spaces in it, then you need the command invocation operator &

+

If you’re running some command and the command path has spaces in it, then you need the command invocation operator &