@@ -28,13 +28,13 @@ module KindValidation<KindValidationConfigSig Config> {
2828 // shared
2929 "code-injection" , "command-injection" , "environment-injection" , "file-content-store" ,
3030 "html-injection" , "js-injection" , "ldap-injection" , "log-injection" , "path-injection" ,
31- "request-forgery" , "sql-injection" , "url-redirection" ,
31+ "request-forgery" , "sql-injection" , "url-redirection" , "xpath-injection" ,
3232 // Java-only currently, but may be shared in the future
3333 "bean-validation" , "fragment-injection" , "groovy-injection" , "hostname-verification" ,
3434 "information-leak" , "intent-redirection" , "jexl-injection" , "jndi-injection" ,
3535 "mvel-injection" , "notification" , "ognl-injection" , "pending-intents" ,
3636 "response-splitting" , "trust-boundary-violation" , "template-injection" , "url-forward" ,
37- "xpath-injection" , " xslt-injection",
37+ "xslt-injection" ,
3838 // JavaScript-only currently, but may be shared in the future
3939 "mongodb.sink" , "nosql-injection" , "unsafe-deserialization" ,
4040 // Swift-only currently, but may be shared in the future
@@ -48,13 +48,11 @@ module KindValidation<KindValidationConfigSig Config> {
4848 or
4949 this .matches ( [
5050 // shared
51- "credentials-%" , "encryption-%" , "qltest%" , "test-%" ,
52- // Java-only currently, but may be shared in the future
53- "regex-use%" ,
51+ "credentials-%" , "encryption-%" , "qltest%" , "test-%" , "regex-use%" ,
5452 // Swift-only currently, but may be shared in the future
5553 "%string-%length" , "weak-hash-input-%" ,
5654 // Go-only currently, but may be shared in the future
57- "request-forgery% "
55+ "request-forgery[%]" , "url-redirection[%] "
5856 ] )
5957 }
6058 }
0 commit comments