Add OWASP and CERT references

2026-04-26 09:15:12 +02:00 · 2024-01-04 18:19:41 -05:00
parent 9f974415c0
commit 16bb19e176
1 changed files with 8 additions and 1 deletions
--- a/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.qhelp
+++ b/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.qhelp
@@ -40,6 +40,13 @@ safe before using it.</p>
  <li>
    The Java Tutorials: <a href="https://docs.oracle.com/javase/tutorial/essential/environment/env.html">, Environment Variables</a>.
  </li>
-
+  <li>
+    OWASP: <a href="https://owasp.org/www-community/attacks/Command_Injection">Command injection</a>.
+  </li>
+  <li>
+    CERT Coding Standard: <a href="https://wiki.sei.cmu.edu/confluence/display/java/ENV02-J.+Do+not+trust+the+values+of+environment+variables">
+ENV02-J. Do not trust the values of environment variables
+    </a>.
+  </li>
 </references>
 </qhelp>