tag update for 12.3.5 / 5.3.8

OWASP · Jan 10, 2025 · 30b0fb9 · 30b0fb9
1 parent 5b15041
commit 30b0fb9
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/5.0/en/0x13-V5-Validation-Sanitization-Encoding.md b/5.0/en/0x13-V5-Validation-Sanitization-Encoding.md
@@ -79,7 +79,7 @@ In many cases, software libraries will include safe or safer functions which wil
 | **5.3.5** | [DELETED, COVERED BY 5.3.4] | | | | |
 | **5.3.6** | [DELETED, COVERED BY 5.3.3] | | | | |
 | **5.3.7** | Verify that the application protects against LDAP injection vulnerabilities, or that specific security controls to prevent LDAP injection have been implemented. | ✓ | ✓ | ✓ | 90 |
-| **5.3.8** | Verify that the application protects against OS command injection and that operating system calls use parameterized OS queries or use contextual command line output encoding. | ✓ | ✓ | ✓ | 78 |
+| **5.3.8** | [COVERS 12.3.5] Verify that the application protects against OS command injection and that operating system calls use parameterized OS queries or use contextual command line output encoding. | ✓ | ✓ | ✓ | 78 |
 | **5.3.9** | [DELETED, MERGED TO 12.3.1] | | | | |
 | **5.3.10** | [MODIFIED] Verify that the application is protected against XPath injection attacks by using query parameterization or precompiled queries. | ✓ | ✓ | ✓ | 643 |
 | **5.3.11** | [ADDED] Verify that the application is protected against CSV and Formula Injection. The application should follow the escaping rules defined in RFC4180 2.6 and 2.7 when exporting CSV files. The application should escape special characters including '=', '+', '-', '@' '\t' (tab) and '\00' (null character) using a single quote, if they are the first character in a field, when exporting CSV files and other spreadsheet formats such as xls, xlsx, odf. | ✓ | ✓ | ✓ | 1236 |

diff --git a/5.0/en/0x20-V12-Files-Resources.md b/5.0/en/0x20-V12-Files-Resources.md
@@ -42,7 +42,7 @@ File operations should not rely on user-submitted filenames or metadata to avoid
 | **12.3.2** | [DELETED, MERGED TO 12.3.1] | | | | |
 | **12.3.3** | [DELETED, MERGED TO 12.3.1] | | | | |
 | **12.3.4** | [MOVED TO 12.5.3] | | | | |
-| **12.3.5** | [DELETED, DUPLICATE OF 5.3.8] | | | | |
+| **12.3.5** | [DELETED, COVERED BY 5.3.8] | | | | |
 | **12.3.6** | [DELETED, DUPLICATE OF 14.2.4] | | | | |
 | **12.3.7** | [ADDED] Verify that server-side file processing such as file decompression ignores user-provided path information to prevent vulnerabilities such as zip slip. | ✓ | ✓ | ✓ | 23 |