Update Java documentation links to Java 11

Where possible update Java documentation links to Java 11. Additionally update some other links to use HTTPS.
2025-12-21 19:26:31 +01:00 · 2021-02-15 16:32:46 +01:00
parent 1bd12e6fdf
commit e21cbe82a9
217 changed files with 598 additions and 604 deletions
--- a/java/ql/src/Security/CWE/CWE-078/ExecTainted.qhelp
+++ b/java/ql/src/Security/CWE/CWE-078/ExecTainted.qhelp
@@ -35,8 +35,8 @@ without examining it first.</p>
 OWASP:
 <a href="https://www.owasp.org/index.php/Command_Injection">Command Injection</a>.
 </li>
-<li>The CERT Oracle Secure Coding Standard for Java:
-  <a href="https://www.securecoding.cert.org/confluence/display/java/IDS07-J.+Sanitize+untrusted+data+passed+to+the+Runtime.exec%28%29+method">IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method</a>.</li>
+<li>SEI CERT Oracle Coding Standard for Java:
+  <a href="https://wiki.sei.cmu.edu/confluence/display/java/IDS07-J.+Sanitize+untrusted+data+passed+to+the+Runtime.exec()+method">IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method</a>.</li>



--- a/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.qhelp
+++ b/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.qhelp
@@ -36,8 +36,8 @@ an argument.</p>
 OWASP:
 <a href="https://www.owasp.org/index.php/Command_Injection">Command Injection</a>.
 </li>
-<li>The CERT Oracle Secure Coding Standard for Java:
-  <a href="https://www.securecoding.cert.org/confluence/display/java/IDS07-J.+Sanitize+untrusted+data+passed+to+the+Runtime.exec%28%29+method">IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method</a>.</li>
+<li>SEI CERT Oracle Coding Standard for Java:
+  <a href="https://wiki.sei.cmu.edu/confluence/display/java/IDS07-J.+Sanitize+untrusted+data+passed+to+the+Runtime.exec()+method">IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method</a>.</li>



--- a/java/ql/src/Security/CWE/CWE-089/SqlTainted.qhelp
+++ b/java/ql/src/Security/CWE/CWE-089/SqlTainted.qhelp
@@ -70,9 +70,9 @@ OWASP:
 <a href="https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html">SQL
 Injection Prevention Cheat Sheet</a>.
 </li>
-<li>The CERT Oracle Secure Coding Standard for Java:
-  <a href="https://www.securecoding.cert.org/confluence/display/java/IDS00-J.+Prevent+SQL+injection">IDS00-J. Prevent SQL injection</a>.</li>
-<li>The Java Tutorials: <a href="http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html">Using Prepared Statements</a>.</li>
+<li>SEI CERT Oracle Coding Standard for Java:
+  <a href="https://wiki.sei.cmu.edu/confluence/display/java/IDS00-J.+Prevent+SQL+injection">IDS00-J. Prevent SQL injection</a>.</li>
+<li>The Java Tutorials: <a href="https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html">Using Prepared Statements</a>.</li>
 <li>The Java EE Tutorial: <a href="https://docs.oracle.com/javaee/7/tutorial/persistence-querylanguage.htm">The Java Persistence Query Language</a>.</li>


--- a/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.qhelp
+++ b/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.qhelp
@@ -42,9 +42,9 @@ OWASP:
 <a href="https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html">SQL
 Injection Prevention Cheat Sheet</a>.
 </li>
-<li>The CERT Oracle Secure Coding Standard for Java:
-  <a href="https://www.securecoding.cert.org/confluence/display/java/IDS00-J.+Prevent+SQL+injection">IDS00-J. Prevent SQL injection</a>.</li>
-<li>The Java Tutorials: <a href="http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html">Using Prepared Statements</a>.</li>
+<li>SEI CERT Oracle Coding Standard for Java:
+  <a href="https://wiki.sei.cmu.edu/confluence/display/java/IDS00-J.+Prevent+SQL+injection">IDS00-J. Prevent SQL injection</a>.</li>
+<li>The Java Tutorials: <a href="https://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html">Using Prepared Statements</a>.</li>



--- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.qhelp
+++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.qhelp
@@ -32,7 +32,7 @@ access will not throw an <code>ArrayIndexOutOfBoundsException</code>.</p>

 <references>

-<li>Java API: <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/ArrayIndexOutOfBoundsException.html">ArrayIndexOutOfBoundsException</a>.</li>
+<li>Java API Specification: <a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/ArrayIndexOutOfBoundsException.html">ArrayIndexOutOfBoundsException</a>.</li>

 </references>
 </qhelp>
--- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.qhelp
+++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.qhelp
@@ -30,7 +30,7 @@ access will not throw an <code>ArrayIndexOutOfBoundsException</code>.</p>

 <references>

-<li>Java API: <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/ArrayIndexOutOfBoundsException.html">ArrayIndexOutOfBoundsException</a>.</li>
+<li>Java API Specification: <a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/ArrayIndexOutOfBoundsException.html">ArrayIndexOutOfBoundsException</a>.</li>

 </references>
 </qhelp>
--- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.qhelp
+++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.qhelp
@@ -30,7 +30,7 @@ The index used in the array access should be checked against the bounds of the a

 <references>

-<li>Java API: <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/ArrayIndexOutOfBoundsException.html">ArrayIndexOutOfBoundsException</a>.</li>
+<li>Java API Specification: <a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/ArrayIndexOutOfBoundsException.html">ArrayIndexOutOfBoundsException</a>.</li>

 </references>
 </qhelp>
--- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.qhelp
+++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.qhelp
@@ -42,7 +42,7 @@ In the second case, the array access is protected by a conditional that verifies

 <references>

-<li>Java API: <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/ArrayIndexOutOfBoundsException.html">ArrayIndexOutOfBoundsException</a>.</li>
+<li>Java API Specification: <a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/ArrayIndexOutOfBoundsException.html">ArrayIndexOutOfBoundsException</a>.</li>

 </references>
 </qhelp>
--- a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.qhelp
+++ b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.qhelp
@@ -41,9 +41,9 @@ being evaluated.</p>

 <references>

-<li>CERT Java Coding Standard: <a href="https://www.securecoding.cert.org/confluence/display/java/IDS06-J.+Exclude+unsanitized+user+input+from+format+strings">IDS06-J. Exclude unsanitized user input from format strings</a>.</li>
-<li>Java SE Documentation: <a href="https://docs.oracle.com/javase/tutorial/java/data/numberformat.html">Formatting Numeric Print Output</a>.</li>
-<li>Java API: <a href="https://docs.oracle.com/javase/8/docs/api/java/util/Formatter.html">Formatter</a>.</li>
+<li>SEI CERT Oracle Coding Standard for Java: <a href="https://wiki.sei.cmu.edu/confluence/display/java/IDS06-J.+Exclude+unsanitized+user+input+from+format+strings">IDS06-J. Exclude unsanitized user input from format strings</a>.</li>
+<li>The Java Tutorials: <a href="https://docs.oracle.com/javase/tutorial/java/data/numberformat.html">Formatting Numeric Print Output</a>.</li>
+<li>Java API Specification: <a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/Formatter.html">Formatter</a>.</li>

 </references>
 </qhelp>
--- a/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.qhelp
+++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.qhelp
@@ -35,8 +35,8 @@ a check before performing a multiplication.</p>
 </example>
 <references>

-<li>The CERT Oracle Secure Coding Standard for Java:
-  <a href="https://www.securecoding.cert.org/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow">NUM00-J. Detect or prevent integer overflow</a>.</li>
+<li>SEI CERT Oracle Coding Standard for Java:
+  <a href="https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow">NUM00-J. Detect or prevent integer overflow</a>.</li>



--- a/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.qhelp
+++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.qhelp
@@ -35,8 +35,8 @@ a check before performing a multiplication.</p>
 </example>
 <references>

-<li>The CERT Oracle Secure Coding Standard for Java:
-  <a href="https://www.securecoding.cert.org/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow">NUM00-J. Detect or prevent integer overflow</a>.</li>
+<li>SEI CERT Oracle Coding Standard for Java:
+  <a href="https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow">NUM00-J. Detect or prevent integer overflow</a>.</li>



--- a/java/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.qhelp
+++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.qhelp
@@ -24,8 +24,8 @@ is done in the wider type, and so does not overflow.</p>
 </example>
 <references>

-<li>The CERT Oracle Secure Coding Standard for Java:
-  <a href="https://www.securecoding.cert.org/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow">NUM00-J. Detect or prevent integer overflow</a>.</li>
+<li>SEI CERT Oracle Coding Standard for Java:
+  <a href="https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow">NUM00-J. Detect or prevent integer overflow</a>.</li>



--- a/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.qhelp
+++ b/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.qhelp
@@ -30,8 +30,8 @@ terminates.</p>
 </example>
 <references>

-<li>The CERT Oracle Secure Coding Standard for Java:
-  <a href="https://www.securecoding.cert.org/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow">NUM00-J. Detect or prevent integer overflow</a>.</li>
+<li>SEI CERT Oracle Coding Standard for Java:
+  <a href="https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow">NUM00-J. Detect or prevent integer overflow</a>.</li>



--- a/java/ql/src/Security/CWE/CWE-312/CleartextStorage.qhelp
+++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorage.qhelp
@@ -29,8 +29,8 @@ storing them.</p>
 </example>
 <references>

-<li>The CERT Oracle Secure Coding Standard for Java:
-  <a href="https://www.securecoding.cert.org/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data">SER03-J. Do not serialize unencrypted, sensitive data</a>.</li>
+<li>SEI CERT Oracle Coding Standard for Java:
+  <a href="https://wiki.sei.cmu.edu/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data">SER03-J. Do not serialize unencrypted, sensitive data</a>.</li>
 <li>M. Dowd, J. McDonald and J. Schuhm, <i>The Art of Software Security Assessment</i>, 1st Edition, Chapter 2 - 'Common Vulnerabilities of Encryption', p. 43. Addison Wesley, 2006.</li> 
 <li>M. Howard and D. LeBlanc, <i>Writing Secure Code</i>, 2nd Edition, Chapter 9 - 'Protecting Secret Data', p. 299. Microsoft, 2002.</li>

--- a/java/ql/src/Security/CWE/CWE-319/HttpsUrls.qhelp
+++ b/java/ql/src/Security/CWE/CWE-319/HttpsUrls.qhelp
@@ -30,10 +30,10 @@ connection is a secure SSL connection.</p>
 </example>
 <references>

-<li>The CERT Oracle Secure Coding Standard for Java:
-  <a href="https://www.securecoding.cert.org/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data">SER03-J. Do not serialize unencrypted, sensitive data</a>.</li>
-<li>Java Platform, Standard Edition 7, API Specification: 
-<a href="http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/HttpsURLConnection.html">
+<li>SEI CERT Oracle Coding Standard for Java:
+  <a href="https://wiki.sei.cmu.edu/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data">SER03-J. Do not serialize unencrypted, sensitive data</a>.</li>
+<li>Java API Specification: 
+<a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/javax/net/ssl/HttpsURLConnection.html">
 Class HttpsURLConnection</a>.</li>
 <li>
 OWASP:
--- a/java/ql/src/Security/CWE/CWE-319/UseSSL.qhelp
+++ b/java/ql/src/Security/CWE/CWE-319/UseSSL.qhelp
@@ -28,13 +28,13 @@ the connection is a secured SSL connection.</p>
 </example>
 <references>

-<li>The CERT Oracle Secure Coding Standard for Java:
-  <a href="https://www.securecoding.cert.org/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data">SER03-J. Do not serialize unencrypted, sensitive data</a>.</li>
-<li>Java Platform, Standard Edition 7, API Specification: 
-<a href="http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/HttpsURLConnection.html">
+<li>SEI CERT Oracle Coding Standard for Java:
+  <a href="https://wiki.sei.cmu.edu/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data">SER03-J. Do not serialize unencrypted, sensitive data</a>.</li>
+<li>Java API Specification: 
+<a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/javax/net/ssl/HttpsURLConnection.html">
 Class HttpsURLConnection</a>.</li>
-<li>Java Platform, Standard Edition 7, API Specification: 
-<a href="http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSocket.html">
+<li>Java API Specification: 
+<a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/javax/net/ssl/SSLSocket.html">
 Class SSLSocket</a>.</li>
 <li>
 OWASP:
--- a/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.qhelp
+++ b/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.qhelp
@@ -26,10 +26,10 @@ uses explicit SSL factories, which are preferable.</p>
 </example>
 <references>

-<li>The CERT Oracle Secure Coding Standard for Java:
-  <a href="https://www.securecoding.cert.org/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data">SER03-J. Do not serialize unencrypted, sensitive data</a>.</li>
-<li>Java Platform, Standard Edition 7, API Specification: 
-<a href="http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSocketFactory.html">
+<li>SEI CERT Oracle Coding Standard for Java:
+  <a href="https://wiki.sei.cmu.edu/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data">SER03-J. Do not serialize unencrypted, sensitive data</a>.</li>
+<li>Java API Specification: 
+<a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/javax/net/ssl/SSLSocketFactory.html">
 Class SSLSocketFactory</a>.</li>
 <li>
 OWASP:
--- a/java/ql/src/Security/CWE/CWE-614/InsecureCookie.qhelp
+++ b/java/ql/src/Security/CWE/CWE-614/InsecureCookie.qhelp
@@ -23,10 +23,10 @@ way leaves out the setting of the 'secure' flag; the second way includes the set
 </example>
 <references>

-<li>The CERT Oracle Secure Coding Standard for Java:
-  <a href="https://www.securecoding.cert.org/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data">SER03-J. Do not serialize unencrypted, sensitive data</a>.</li>
-<li>Java 2 Platform Enterprise Edition, v5.0, API Specifications: 
-<a href="http://docs.oracle.com/javaee/5/api/javax/servlet/http/Cookie.html">Class Cookie</a>.</li>
+<li>SEI CERT Oracle Coding Standard for Java:
+  <a href="https://wiki.sei.cmu.edu/confluence/display/java/SER03-J.+Do+not+serialize+unencrypted+sensitive+data">SER03-J. Do not serialize unencrypted, sensitive data</a>.</li>
+<li>Java Platform, Enterprise Edition (Java EE) 7, API Specification: 
+<a href="https://docs.oracle.com/javaee/7/api/javax/servlet/http/Cookie.html">Class Cookie</a>.</li>



--- a/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.qhelp
+++ b/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.qhelp
@@ -42,15 +42,14 @@ exit by a particular kind of message being sent on the queue.</p>
 </recommendation>
 <references>

-<li>The CERT Oracle Secure Coding Standard for Java:
-<a href="https://www.securecoding.cert.org/confluence/display/java/THI05-J.+Do+not+use+Thread.stop%28%29+to+terminate+threads">THI05-J. Do
+<li>SEI CERT Oracle Coding Standard for Java:
+<a href="https://wiki.sei.cmu.edu/confluence/display/java/THI05-J.+Do+not+use+Thread.stop()+to+terminate+threads">THI05-J. Do
 not use Thread.stop() to terminate threads</a>.</li>
-<li>Java SE
-Documentation: <a href="http://docs.oracle.com/javase/7/docs/technotes/guides/concurrency/threadPrimitiveDeprecation.html">Java
+<li>Java API Specification: <a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/doc-files/threadPrimitiveDeprecation.html">Java
 Thread Primitive Deprecation</a>.</li>
-<li>Java API:
-<a href="http://docs.oracle.com/javase/7/docs/api/java/lang/Thread.html#interrupt()">Thread.interrupt</a>,
-<a href="http://docs.oracle.com/javase/7/docs/api/java/util/concurrent/BlockingQueue.html">BlockingQueue</a>.</li>
+<li>Java API Specification:
+<a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/lang/Thread.html#interrupt()">Thread.interrupt</a>,
+<a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/concurrent/BlockingQueue.html">BlockingQueue</a>.</li>


 </references>
--- a/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.qhelp
+++ b/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.qhelp
@@ -38,8 +38,8 @@ to cast to type <code>int</code> it is rejected as invalid.
 </example>
 <references>

-<li>The CERT Oracle Secure Coding Standard for Java:
-  <a href="https://www.securecoding.cert.org/confluence/display/java/NUM12-J.+Ensure+conversions+of+numeric+types+to+narrower+types+do+not+result+in+lost+or+misinterpreted+data">NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data</a>.</li>
+<li>SEI CERT Oracle Coding Standard for Java:
+  <a href="https://wiki.sei.cmu.edu/confluence/display/java/NUM12-J.+Ensure+conversions+of+numeric+types+to+narrower+types+do+not+result+in+lost+or+misinterpreted+data">NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data</a>.</li>



--- a/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.qhelp
+++ b/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.qhelp
@@ -47,7 +47,7 @@ user. If there may be untrusted users on the system, this is potentially dangero
 </example>
 <references>

-<li>The CERT Oracle Secure Coding Standard for Java:
-  <a href="https://www.securecoding.cert.org/confluence/display/java/FIO01-J.+Create+files+with+appropriate+access+permissions">FIO01-J. Create files with appropriate access permissions</a>.</li>
+<li>SEI CERT Oracle Coding Standard for Java:
+  <a href="https://wiki.sei.cmu.edu/confluence/display/java/FIO01-J.+Create+files+with+appropriate+access+permissions">FIO01-J. Create files with appropriate access permissions</a>.</li>
 </references>
 </qhelp>
--- a/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.qhelp
+++ b/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.qhelp
@@ -35,8 +35,8 @@ secure way shows a decision that is based on looking up the user in a security d
 </example>
 <references>

-<li>The CERT Oracle Secure Coding Standard for Java:
-  <a href="https://www.securecoding.cert.org/confluence/display/java/SEC02-J.+Do+not+base+security+checks+on+untrusted+sources">SEC02-J. Do not base security checks on untrusted sources</a>.</li>
+<li>SEI CERT Oracle Coding Standard for Java:
+  <a href="https://wiki.sei.cmu.edu/confluence/display/java/SEC02-J.+Do+not+base+security+checks+on+untrusted+sources">SEC02-J. Do not base security checks on untrusted sources</a>.</li>



--- a/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.qhelp
+++ b/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.qhelp
@@ -37,8 +37,8 @@ not depend on data that is controlled by the user.</p>
 </example>
 <references>

-<li>The CERT Oracle Secure Coding Standard for Java:
-  <a href="https://www.securecoding.cert.org/confluence/display/java/SEC02-J.+Do+not+base+security+checks+on+untrusted+sources">SEC02-J. Do not base security checks on untrusted sources</a>.</li>
+<li>SEI CERT Oracle Coding Standard for Java:
+  <a href="https://wiki.sei.cmu.edu/confluence/display/java/SEC02-J.+Do+not+base+security+checks+on+untrusted+sources">SEC02-J. Do not base security checks on untrusted sources</a>.</li>



--- a/java/ql/src/Security/CWE/CWE-833/LockOrderInconsistency.qhelp
+++ b/java/ql/src/Security/CWE/CWE-833/LockOrderInconsistency.qhelp
@@ -42,14 +42,14 @@ to match the lock order in <code>transferToSecondary</code>.

 <references>

-<li>The CERT Oracle Secure Coding Standard for Java:
-  <a href="https://www.securecoding.cert.org/confluence/display/java/LCK07-J.+Avoid+deadlock+by+requesting+and+releasing+locks+in+the+same+order">LCK07-J. Avoid deadlock by requesting and releasing locks in the same order</a>.</li>
+<li>SEI CERT Oracle Coding Standard for Java:
+  <a href="https://wiki.sei.cmu.edu/confluence/display/java/LCK07-J.+Avoid+deadlock+by+requesting+and+releasing+locks+in+the+same+order">LCK07-J. Avoid deadlock by requesting and releasing locks in the same order</a>.</li>
 <li>
  Java Language Specification:
-  <a href="http://docs.oracle.com/javase/specs/jls/se8/html/jls-17.html#jls-17.1">Synchronization</a>.</li>
+  <a href="https://docs.oracle.com/javase/specs/jls/se11/html/jls-17.html#jls-17.1">Synchronization</a>.</li>
 <li>
-  Java API Documentation:
-  <a href="http://docs.oracle.com/javase/8/docs/api/java/util/concurrent/locks/ReentrantLock.html">ReentrantLock</a>.</li>
+  Java API Specification:
+  <a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/concurrent/locks/ReentrantLock.html">ReentrantLock</a>.</li>



--- a/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.qhelp
+++ b/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.qhelp
@@ -42,7 +42,7 @@ To fix the loop the condition is corrected to check the right variable.

 <li>
 Java Language Specification:
-<a href="http://docs.oracle.com/javase/specs/jls/se8/html/jls-14.html">Blocks and Statements</a>.
+<a href="https://docs.oracle.com/javase/specs/jls/se11/html/jls-14.html">Blocks and Statements</a>.
 </li>

 </references>