hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-26 11:53:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: minor qhelp updates

Browse Source
This commit is contained in:
Jami Cogswell
2025-02-05 10:20:57 -05:00
parent 0367846333
commit c6a71cd3fd
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.qhelp
View File

@@ -10,7 +10,7 @@
<p>
The attacker tricks an authenticated user into submitting a request to the
web application. Typically this request will result in a state change on
web application. Typically, this request will result in a state change on
the server, such as changing the user's password. The request can be
initiated when the user visits a site controlled by the attacker. If the
web application relies only on cookies for authentication, or on other
@@ -51,7 +51,7 @@ application state. Instead, use the <code>POST</code> method which Stapler defau
<references>
<li>
OWASP:
<a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)">Cross-Site Request Forgery (CSRF)</a>.
<a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)">Cross Site Request Forgery (CSRF)</a>.
</li>
<li>
Spring Security Reference: