hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 10:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update links to OWASP cheat sheet

Browse Source
This commit is contained in:
Sauyon Lee
2019-11-06 05:42:59 -08:00
parent 2bcd418c23
commit 0040c9fb4c
36 changed files with 48 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-079/XSS.qhelp
View File

@@ -29,7 +29,7 @@ leaving the website vulnerable to cross-site scripting.</p>
<li>
OWASP:
<a href="https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet">XSS
<a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html">XSS
(Cross Site Scripting) Prevention Cheat Sheet</a>.
</li>
<li>

2
java/ql/src/Security/CWE/CWE-089/SqlTainted.qhelp
View File

@@ -67,7 +67,7 @@ in the environment variable or user-supplied value are not given any special tre
<li>
OWASP:
<a href="https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet">SQL
<a href="https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html">SQL
Injection Prevention Cheat Sheet</a>.
</li>
<li>The CERT Oracle Secure Coding Standard for Java:

2
java/ql/src/Security/CWE/CWE-089/SqlUnescaped.qhelp
View File

@@ -39,7 +39,7 @@ treatment.</p>
<li>
OWASP:
<a href="https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet">SQL
<a href="https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html">SQL
Injection Prevention Cheat Sheet</a>.
</li>
<li>The CERT Oracle Secure Coding Standard for Java:

2
java/ql/src/Security/CWE/CWE-319/HttpsUrls.qhelp
View File

@@ -37,7 +37,7 @@ connection is a secure SSL connection.</p>
Class HttpsURLConnection</a>.</li>
<li>
OWASP:
<a href="https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet">Transport Layer Protection Cheat Sheet</a>.
<a href="https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html">Transport Layer Protection Cheat Sheet</a>.
</li>

2
java/ql/src/Security/CWE/CWE-319/UseSSL.qhelp
View File

@@ -38,7 +38,7 @@ Class HttpsURLConnection</a>.</li>
Class SSLSocket</a>.</li>
<li>
OWASP:
<a href="https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet">Transport Layer Protection Cheat Sheet</a>.
<a href="https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html">Transport Layer Protection Cheat Sheet</a>.
</li>

2
java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.qhelp
View File

@@ -33,7 +33,7 @@ uses explicit SSL factories, which are preferable.</p>
Class SSLSocketFactory</a>.</li>
<li>
OWASP:
<a href="https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet">Transport Layer Protection Cheat Sheet</a>.
<a href="https://cheatsheetseries.owasp.org/cheatsheets/Transport_Layer_Protection_Cheat_Sheet.html">Transport Layer Protection Cheat Sheet</a>.
</li>

2
java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.qhelp
View File

@@ -58,7 +58,7 @@ OWASP vulnerability description:
</li>
<li>
OWASP guidance on deserializing objects:
<a href="https://www.owasp.org/index.php/Deserialization_Cheat_Sheet">Deserialization Cheat Sheet</a>.
<a href="https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html">Deserialization Cheat Sheet</a>.
</li>
<li>
Talks by Chris Frohoff &amp; Gabriel Lawrence:

2
java/ql/src/Security/CWE/CWE-611/XXE.qhelp
View File

@@ -52,7 +52,7 @@ OWASP vulnerability description:
</li>
<li>
OWASP guidance on parsing xml files:
<a href="https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#Java">XXE Prevention Cheat Sheet</a>.
<a href="https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#java">XXE Prevention Cheat Sheet</a>.
</li>
<li>
Paper by Timothy Morgen:

24
java/ql/src/semmle/code/java/security/XmlParsers.qll
View File

@@ -49,7 +49,7 @@ abstract class ParserConfig extends MethodAccess {
}
/*
* https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#DocumentBuilder
* https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxp-documentbuilderfactory-saxparserfactory-and-dom4j
*/
/** The class `javax.xml.parsers.DocumentBuilderFactory`. */
@@ -227,7 +227,7 @@ class SafeDocumentBuilder extends DocumentBuilderConstruction {
}
/*
* https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#XMLInputFactory_.28a_StAX_parser.29
* https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xmlinputfactory-a-stax-parser
*/
/** The class `javax.xml.stream.XMLInputFactory`. */
@@ -353,7 +353,7 @@ class SafeXmlInputFactory extends VarAccess {
}
/*
* https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#SAXBuilder
* https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#saxbuilder
*/
/**
@@ -429,7 +429,7 @@ class SafeSAXBuilder extends VarAccess {
/*
* The case in
* https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#Unmarshaller
* https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxb-unmarshaller
* will be split into two, one covers a SAXParser as a sink, the other the SAXSource as a sink.
*/
@@ -545,7 +545,7 @@ class SafeSAXParser extends MethodAccess {
}
}
/* SAXReader: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#SAXReader */
/* SAXReader: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#saxreader */
/**
* The class `org.dom4j.io.SAXReader`.
*/
@@ -621,7 +621,7 @@ class SafeSAXReader extends VarAccess {
}
}
/* https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#XMLReader */
/* https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xmlreader */
/** The class `org.xml.sax.XMLReader`. */
class XMLReader extends RefType {
XMLReader() { this.hasQualifiedName("org.xml.sax", "XMLReader") }
@@ -756,7 +756,7 @@ class CreatedSafeXMLReader extends Call {
/*
* SAXSource in
* https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#Unmarshaller
* https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxb-unmarshaller
*/
/** The class `javax.xml.transform.sax.SAXSource` */
@@ -811,7 +811,7 @@ class SafeSAXSource extends Expr {
}
}
/* Transformer: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#TransformerFactory */
/* Transformer: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#transformerfactory */
/** An access to a method use for configuring a transformer or schema. */
abstract class TransformerConfig extends MethodAccess {
/** Holds if the configuration is disabled */
@@ -975,7 +975,7 @@ class SafeTransformer extends MethodAccess {
}
/*
* SAXTransformer: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#SAXTransformerFactory
* SAXTransformer: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#saxtransformerfactory
* Has an extra method called newFilter.
*/
@@ -996,7 +996,7 @@ class SAXTransformerFactoryNewXMLFilter extends XmlParserCall {
}
}
/* Schema: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#SchemaFactory */
/* Schema: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#schemafactory */
/** The class `javax.xml.validation.SchemaFactory`. */
class SchemaFactory extends RefType {
SchemaFactory() { this.hasQualifiedName("javax.xml.validation", "SchemaFactory") }
@@ -1060,7 +1060,7 @@ class SafeSchemaFactory extends VarAccess {
}
}
/* Unmarshaller: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#Unmarshaller */
/* Unmarshaller: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxb-unmarshaller */
/** The class `javax.xml.bind.Unmarshaller`. */
class XmlUnmarshaller extends RefType {
XmlUnmarshaller() { this.hasQualifiedName("javax.xml.bind", "Unmarshaller") }
@@ -1081,7 +1081,7 @@ class XmlUnmarshal extends XmlParserCall {
override predicate isSafe() { none() }
}
/* XPathExpression: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#XPathExpression */
/* XPathExpression: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xpathexpression */
/** The class `javax.xml.xpath.XPathExpression`. */
class XPathExpression extends RefType {
XPathExpression() { this.hasQualifiedName("javax.xml.xpath", "XPathExpression") }