From 8a80a734d80aa0c104eda1ee5bb7d3010106c33f Mon Sep 17 00:00:00 2001
From: amammad <amg2027amg@gmail.com>
Date: Mon, 26 Jun 2023 20:20:00 +1000
Subject: [PATCH] fix an accident :)

---
 .../Security/CWE-340/TokenBuiltFromUUID.qhelp | 40 +++++++++++++++++++
 .../Security/CWE-094/UntrustedCheckout.qlref  |  1 +
 2 files changed, 41 insertions(+)
 create mode 100644 javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.qhelp
 create mode 100644 javascript/ql/test/experimental/Security/CWE-094/UntrustedCheckout.qlref

diff --git a/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.qhelp b/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.qhelp
new file mode 100644
index 00000000000..521f76bb24f
--- /dev/null
+++ b/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.qhelp
@@ -0,0 +1,40 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<overview>
+<p>
+GUIDs (often called UUIDs) are widely used in modern web applications.
+ One common use for UUIDs is the generation of one-time-use tokens.
+ These can used for password reset, and e-mail confirmation routines, for example.
+</p>
+<p>
+There are five versions of UUIDs defined in RFC 4122.
+ Out of the five, four are generated in a predictable manner.
+ This means it is possible for someone to predict future UUIDs based on a sample
+ generated by the target application.
+</p>
+<p>
+Version four is the only UUID version expected to be randomly generated.
+ Therefore, for situations where predictable tokens are not desired (e.g. password reset tokens),
+ all other versions should be avoided.
+</p>
+</overview>
+
+<recommendation>
+<p>When using GUIDs/UUIDs for generating tokens that should not be predictable, use version four.</p>
+</recommendation>
+
+<example>
+<p>This example shows a UUID v1 being used for a password reset routine.
+</p>
+
+<sample src="TokenBuiltFromUUID.js" />
+</example>
+
+<references>
+<li>UUID <a href="https://datatracker.ietf.org/doc/html/rfc4122">RFC</a>.</li>
+<li>Daniel Thatcher <i>In GUID We Trust</i> <a href="https://www.intruder.io/research/in-guid-we-trust">article</a>.</li>
+<li>UUID exploitation <a href="https://github.com/intruder-io/guidtool">tool</a>.</li>
+</references>
+</qhelp>
diff --git a/javascript/ql/test/experimental/Security/CWE-094/UntrustedCheckout.qlref b/javascript/ql/test/experimental/Security/CWE-094/UntrustedCheckout.qlref
new file mode 100644
index 00000000000..bdf753c1f4a
--- /dev/null
+++ b/javascript/ql/test/experimental/Security/CWE-094/UntrustedCheckout.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE-094/UntrustedCheckout.ql