Update links to OWASP cheat sheet

2026-04-25 08:45:14 +02:00 · 2019-11-06 05:42:59 -08:00
parent 2bcd418c23
commit 0040c9fb4c
36 changed files with 48 additions and 48 deletions
--- a/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.qhelp
+++ b/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.qhelp
@@ -68,6 +68,6 @@
 	<references>
 		<li>MDN: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions">Regular Expressions</a></li>
 		<li>OWASP: <a href="https://www.owasp.org/index.php/Server_Side_Request_Forgery">SSRF</a></li>
-		<li>OWASP: <a href="https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet">XSS Unvalidated Redirects and Forwards Cheat Sheet</a>.</li>
+		<li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html">XSS Unvalidated Redirects and Forwards Cheat Sheet</a>.</li>
 	</references>
 </qhelp>
--- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qhelp
+++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qhelp
@@ -83,6 +83,6 @@

 	<references>
 		<li>OWASP: <a href="https://www.owasp.org/index.php/Server_Side_Request_Forgery">SSRF</a></li>
-		<li>OWASP: <a href="https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet">XSS Unvalidated Redirects and Forwards Cheat Sheet</a>.</li>
+		<li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html">XSS Unvalidated Redirects and Forwards Cheat Sheet</a>.</li>
 	</references>
 </qhelp>
--- a/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.qhelp
+++ b/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.qhelp
@@ -71,6 +71,6 @@
 	<references>
 		<li>MDN: <a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions">Regular Expressions</a></li>
 		<li>OWASP: <a href="https://www.owasp.org/index.php/Server_Side_Request_Forgery">SSRF</a></li>
-		<li>OWASP: <a href="https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet">XSS Unvalidated Redirects and Forwards Cheat Sheet</a>.</li>
+		<li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html">XSS Unvalidated Redirects and Forwards Cheat Sheet</a>.</li>
 	</references>
 </qhelp>
--- a/javascript/ql/src/Security/CWE-079/ReflectedXss.qhelp
+++ b/javascript/ql/src/Security/CWE-079/ReflectedXss.qhelp
@@ -37,7 +37,7 @@ Sanitizing the user-controlled data prevents the vulnerability:
 <references>
 <li>
 OWASP:
-<a href="https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet">XSS
+<a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html">XSS
 (Cross Site Scripting) Prevention Cheat Sheet</a>.
 </li>
 <li>
--- a/javascript/ql/src/Security/CWE-079/StoredXss.qhelp
+++ b/javascript/ql/src/Security/CWE-079/StoredXss.qhelp
@@ -48,7 +48,7 @@
 <references>
 	<li>
 		OWASP:
-		<a href="https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet">XSS
+		<a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html">XSS
 		(Cross Site Scripting) Prevention Cheat Sheet</a>.
 	</li>
 	<li>
--- a/javascript/ql/src/Security/CWE-079/Xss.qhelp
+++ b/javascript/ql/src/Security/CWE-079/Xss.qhelp
@@ -33,12 +33,12 @@ leaving the website vulnerable to cross-site scripting.
 <references>
 <li>
 OWASP:
-<a href="https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet">DOM based
+<a href="https://cheatsheetseries.owasp.org/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.html">DOM based
 XSS Prevention Cheat Sheet</a>.
 </li>
 <li>
 OWASP:
-<a href="https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.md">XSS
+<a href="https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html">XSS
 (Cross Site Scripting) Prevention Cheat Sheet</a>.
 </li>
 <li>
--- a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.qhelp
+++ b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.qhelp
@@ -45,7 +45,7 @@
 		<li>NIST, FIPS 140 Annex a: <a href="http://csrc.nist.gov/publications/fips/fips140-2/fips1402annexa.pdf"> Approved Security Functions</a>.</li>
 		<li>NIST, SP 800-131A: <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdf"> Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths</a>.</li>
 		<li>OWASP: <a
-		href="https://www.owasp.org/index.php/Cryptographic_Storage_Cheat_Sheet#Rule_-_Use_strong_approved_cryptographic_algorithms">Rule
+		href="https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html#rule---use-strong-approved-authenticated-encryption">Rule
 		- Use strong approved cryptographic algorithms</a>.
 		</li>
 	</references>
--- a/javascript/ql/src/Security/CWE-451/MissingXFrameOptions.qhelp
+++ b/javascript/ql/src/Security/CWE-451/MissingXFrameOptions.qhelp
@@ -67,7 +67,7 @@

    <li>
      OWASP:
-      <a href="https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet">Clickjacking Defense Cheat Sheet</a>.
+      <a href="https://cheatsheetseries.owasp.org/cheatsheets/Clickjacking_Defense_Cheat_Sheet.html">Clickjacking Defense Cheat Sheet</a>.
    </li>
    <li>
      Mozilla:
--- a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.qhelp
+++ b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.qhelp
@@ -41,7 +41,7 @@ OWASP vulnerability description:
 </li>
 <li>
 OWASP guidance on deserializing objects:
-<a href="https://www.owasp.org/index.php/Deserialization_Cheat_Sheet">Deserialization Cheat Sheet</a>.
+<a href="https://cheatsheetseries.owasp.org/cheatsheets/Deserialization_Cheat_Sheet.html">Deserialization Cheat Sheet</a>.
 </li>
 <li>
 Neal Poole:
--- a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.qhelp
+++ b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.qhelp
@@ -31,7 +31,7 @@ website of their choosing, which facilitates phishing attacks:
 </example>

 <references>
-<li>OWASP: <a href="https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet">
+<li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html">
  XSS Unvalidated Redirects and Forwards Cheat Sheet</a>.</li>
 </references>

--- a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.qhelp
+++ b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.qhelp
@@ -35,7 +35,7 @@ before doing the redirection:
 </example>

 <references>
-<li>OWASP: <a href="https://www.owasp.org/index.php/Unvalidated_Redirects_and_Forwards_Cheat_Sheet">
+<li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html">
  XSS Unvalidated Redirects and Forwards Cheat Sheet</a>.</li>
 </references>

--- a/javascript/ql/src/Security/CWE-770/MissingRateLimiting.qhelp
+++ b/javascript/ql/src/Security/CWE-770/MissingRateLimiting.qhelp
@@ -36,7 +36,7 @@ can be used:
 <references>
 <li>
 OWASP:
-<a href="https://www.owasp.org/index.php/Denial_of_Service_Cheat_Sheet">Denial of Service Cheat Sheet</a>.
+<a href="https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html">Denial of Service Cheat Sheet</a>.
 </li>
 <li>
 Wikipedia: <a href="https://en.wikipedia.org/wiki/Denial-of-service_attack">Denial-of-service attack</a>.
--- a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.qhelp
+++ b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.qhelp
@@ -50,6 +50,6 @@
 </example>

 <references>
-	<li>OWASP: <a href="https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet">Password storage</a>.</li>
+	<li>OWASP: <a href="https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html">Password storage</a>.</li>
 </references>
 </qhelp>