add CWE-80 to queries that detect bad HTML sanitizers

erik-krogh · erik-krogh · commit ab1bc685bb8d · 2022-01-24T11:01:17.000+01:00
diff --git a/javascript/ql/src/Security/CWE-116/BadTagFilter.ql b/javascript/ql/src/Security/CWE-116/BadTagFilter.ql
@@ -8,8 +8,9 @@
  * @id js/bad-tag-filter
  * @tags correctness
  *       security
- *       external/cwe/cwe-116
  *       external/cwe/cwe-020
+ *       external/cwe/cwe-080
+ *       external/cwe/cwe-116
  *       external/cwe/cwe-185
  *       external/cwe/cwe-186
  */
diff --git a/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql b/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql
@@ -8,8 +8,9 @@
  * @id js/incomplete-multi-character-sanitization
  * @tags correctness
  *       security
- *       external/cwe/cwe-116
  *       external/cwe/cwe-020
+ *       external/cwe/cwe-080
+ *       external/cwe/cwe-116
  */
 
 import javascript
diff --git a/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql b/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql
@@ -9,8 +9,9 @@
  * @id js/incomplete-sanitization
  * @tags correctness
  *       security
- *       external/cwe/cwe-116
  *       external/cwe/cwe-020
+ *       external/cwe/cwe-080
+ *       external/cwe/cwe-116
  */
 
 import javascript
