hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 09:15:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: update qhelp link

Browse Source
This commit is contained in:
Jami Cogswell
2024-10-17 16:38:53 -04:00
parent b07c788a08
commit 88b7a9fcb5
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.qhelp
View File

@@ -5,7 +5,7 @@
<p>When you set up a web server to receive a request from a client without any mechanism
for verifying that it was intentionally sent, then it is vulnerable to attack. An attacker can
trick a client into making an unintended request to the web server that will be treated as
an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can
an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can
result in exposure of data or unintended code execution.</p>
</overview>
@@ -30,9 +30,9 @@ OWASP:
</li>
<li>
Spring Security Reference:
<a href="https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-csrf">
<a href="https://docs.spring.io/spring-security/reference/servlet/exploits/csrf.html#servlet-csrf">
Cross Site Request Forgery (CSRF) for Servlet Environments
</a>.
</li>
</references>
</qhelp>
</qhelp>