fix an accident :)

javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.qhelp

@@ -0,0 +1,40 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<overview>
+<p>
+GUIDs (often called UUIDs) are widely used in modern web applications.
+ One common use for UUIDs is the generation of one-time-use tokens.
+ These can used for password reset, and e-mail confirmation routines, for example.
+</p>
+<p>
+There are five versions of UUIDs defined in RFC 4122.
+ Out of the five, four are generated in a predictable manner.
+ This means it is possible for someone to predict future UUIDs based on a sample
+ generated by the target application.
+</p>
+<p>
+Version four is the only UUID version expected to be randomly generated.
+ Therefore, for situations where predictable tokens are not desired (e.g. password reset tokens),
+ all other versions should be avoided.
+</p>
+</overview>
+
+<recommendation>
+<p>When using GUIDs/UUIDs for generating tokens that should not be predictable, use version four.</p>
+</recommendation>
+
+<example>
+<p>This example shows a UUID v1 being used for a password reset routine.
+</p>
+
+<sample src="TokenBuiltFromUUID.js" />
+</example>
+
+<references>
+<li>UUID <a href="https://datatracker.ietf.org/doc/html/rfc4122">RFC</a>.</li>
+<li>Daniel Thatcher <i>In GUID We Trust</i> <a href="https://www.intruder.io/research/in-guid-we-trust">article</a>.</li>
+<li>UUID exploitation <a href="https://github.com/intruder-io/guidtool">tool</a>.</li>
+</references>
+</qhelp>

javascript/ql/test/experimental/Security/CWE-094/UntrustedCheckout.qlref

@@ -0,0 +1 @@
+experimental/Security/CWE-094/UntrustedCheckout.ql