Merge pull request #17795 from jcogs33/jcogs33/update-spring-csrf-qhe…

…lp-link Java: update qhelp link for `java/spring-disabled-csrf-protection`
github · Oct 18, 2024 · c8d420e · c8d420e
2 parents 41e8117 + 335c597
commit c8d420e
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.qhelp b/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.qhelp
@@ -5,7 +5,7 @@
 <p>When you set up a web server to receive a request from a client without any mechanism
 for verifying that it was intentionally sent, then it is vulnerable to attack. An attacker can
 trick a client into making an unintended request to the web server that will be treated as
-an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can 
+an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can
 result in exposure of data or unintended code execution.</p>
 </overview>
 
@@ -30,9 +30,9 @@ OWASP:
 </li>
 <li>
 Spring Security Reference:
-<a href="https://docs.spring.io/spring-security/site/docs/current/reference/html5/#servlet-csrf">
-  Cross Site Request Forgery (CSRF) for Servlet Environments
+<a href="https://docs.spring.io/spring-security/reference/servlet/exploits/csrf.html">
+  Cross Site Request Forgery (CSRF)
 </a>.
 </li>
 </references>
-</qhelp>
+</qhelp>