Add "Correct Usage" and "Incorrect Usage" headings

owen-mc · owen-mc · commit 9f0f40d6ce80 · 2025-06-26T14:40:49.000+01:00
diff --git a/actions/ql/src/Security/CWE-275/MissingActionsPermissions.md b/actions/ql/src/Security/CWE-275/MissingActionsPermissions.md
@@ -4,7 +4,18 @@ If a GitHub Actions job or workflow has no explicit permissions set, then the re
 
 ## Recommendation
 
-Add the `permissions` key to the job or the root of workflow (in this case it is applied to all jobs in the workflow that do not have their own `permissions` key) and assign the least privileges required to complete the task:
+Add the `permissions` key to the job or the root of workflow (in this case it is applied to all jobs in the workflow that do not have their own `permissions` key) and assign the least privileges required to complete the task.
+
+## Example
+
+### Incorrect Usage
+
+```yaml
+name: "My workflow"
+# No permissions block
+```
+
+### Correct Usage
 
 ```yaml
 name: "My workflow"
diff --git a/actions/ql/src/Security/CWE-312/SecretsInArtifacts.md b/actions/ql/src/Security/CWE-312/SecretsInArtifacts.md
@@ -8,6 +8,8 @@ Only store information that is meant to be publicly available in a GitHub Action
 
 ## Example
 
+### Incorrect Usage
+
 The following example uses `actions/checkout` to checkout code which stores the GITHUB_TOKEN in the \`.git/config\` file and then stores the contents of the \`.git\` repository into the artifact:
 
 ```yaml
@@ -26,6 +28,8 @@ jobs:
           path: .
 ```
 
+### Correct Usage
+
 The issue has been fixed below, where the `actions/upload-artifact` uses a version (v4+) which does not include hidden files or directories into the artifact.
 
 ```yaml
diff --git a/java/ql/src/Violations of Best Practice/Undesirable Calls/DoNotCallFinalize.md b/java/ql/src/Violations of Best Practice/Undesirable Calls/DoNotCallFinalize.md
@@ -8,6 +8,8 @@ Avoid calling `finalize()` in application code. Allow the JVM to determine a gar
 
 ## Example
 
+### Incorrect Usage
+
 ```java
 class LocalCache {
     private Collection<File> cacheFiles = ...;
@@ -21,6 +23,8 @@ void main() {
 }
 ```
 
+### Correct Usage
+
 ```java
 import java.lang.AutoCloseable;
 import java.lang.Override;
diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.md b/ruby/ql/src/queries/variables/UninitializedLocal.md
@@ -11,6 +11,8 @@ Note: You do not need to explicitly initialize the variable, if you can make the
 
 ## Example
 
+### Incorrect Usage
+
 In the following code, the call to `create_file` may fail and then the call `f.close` will raise a `NoMethodError` since `f` will be `nil` at that point.
 
 ```ruby
@@ -22,6 +24,8 @@ ensure
 end
 ```
 
+### Correct Usage
+
 We can fix this by using safe navigation:
 ```ruby
 def dump(x)
