Merge pull request #4344 from esbena/js/fixup-cwe-20-to-cwe-020

codeql-ci · web-flow · commit 339c0721c5e1 · 2020-10-05T12:30:53.000-07:00
Approved by erik-krogh
diff --git a/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql b/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql
@@ -7,7 +7,7 @@
  * @id js/incomplete-hostname-regexp
  * @tags correctness
  *       security
- *       external/cwe/cwe-20
+ *       external/cwe/cwe-020
  */
 
 import javascript
diff --git a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql
@@ -7,7 +7,7 @@
  * @id js/incomplete-url-substring-sanitization
  * @tags correctness
  *       security
- *       external/cwe/cwe-20
+ *       external/cwe/cwe-020
  */
 
 import javascript
diff --git a/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql b/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql
@@ -7,7 +7,7 @@
  * @id js/regex/missing-regexp-anchor
  * @tags correctness
  *       security
- *       external/cwe/cwe-20
+ *       external/cwe/cwe-020
  */
 
 import javascript
diff --git a/javascript/ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql b/javascript/ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql
@@ -9,7 +9,7 @@
  * @id js/useless-regexp-character-escape
  * @tags correctness
  *       security
- *       external/cwe/cwe-20
+ *       external/cwe/cwe-020
  */
 
 import javascript
diff --git a/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql b/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql
@@ -10,7 +10,7 @@
  * @tags correctness
  *       security
  *       external/cwe/cwe-116
- *       external/cwe/cwe-20
+ *       external/cwe/cwe-020
  */
 
 import javascript
diff --git a/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql b/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql
@@ -10,7 +10,7 @@
  * @tags security
  *       external/cwe/cwe-079
  *       external/cwe/cwe-116
- *       external/cwe/cwe-20
+ *       external/cwe/cwe-020
  */
 
 import javascript
diff --git a/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql b/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql
@@ -8,7 +8,7 @@
  * @tags correctness
  *       security
  *       external/cwe/cwe-116
- *       external/cwe/cwe-20
+ *       external/cwe/cwe-020
  */
 
 import javascript
diff --git a/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql b/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql
@@ -9,7 +9,7 @@
  * @tags correctness
  *       security
  *       external/cwe/cwe-116
- *       external/cwe/cwe-20
+ *       external/cwe/cwe-020
  */
 
 import javascript
diff --git a/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp b/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp
@@ -31,7 +31,7 @@ Always verify the sender's identity of incoming messages.
 
 <references>
 
-<li><a href="https://cwe.mitre.org/data/definitions/20.html">CWE-20: Improper Input Validation</a></li>
+<li><a href="https://cwe.mitre.org/data/definitions/20.html">CWE-020: Improper Input Validation</a></li>
 <li><a href="https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage">Window.postMessage()</a></li>
 <li><a href="https://portswigger.net/web-security/dom-based/web-message-manipulation">Web-message manipulation</a></li>
 <li><a href="https://labs.detectify.com/2016/12/08/the-pitfalls-of-postmessage/">The pitfalls of postMessage</a></li>
diff --git a/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql b/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql
@@ -8,7 +8,7 @@
  * @id js/missing-postmessageorigin-verification
  * @tags correctness
  *       security
- *       external/cwe/cwe-20
+ *       external/cwe/cwe-020
  */
 
 import javascript
