Fix typo

Threagile · May 23, 2024 · 6a76faf · 6a76faf
1 parent b666d29
commit 6a76faf
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 6 deletions.
diff --git a/pkg/security/risks/builtin/cross-site-request-forgery-rule.go b/pkg/security/risks/builtin/cross-site-request-forgery-rule.go
@@ -29,7 +29,7 @@ func (*CrossSiteRequestForgeryRule) Category() *types.RiskCategory {
 		STRIDE:         types.Spoofing,
 		DetectionLogic: "In-scope web applications accessed via typical web access protocols.",
 		RiskAssessment: "The risk rating depends on the integrity rating of the data sent across the communication link.",
-		FalsePositives: "Web applications passing the authentication sate via custom headers instead of cookies can " +
+		FalsePositives: "Web applications passing the authentication state via custom headers instead of cookies can " +
 			"eventually be false positives. Also when the web application " +
 			"is not accessed via a browser-like component (i.e not by a human user initiating the request that " +
 			"gets passed through all components until it reaches the web application) this can be considered a false positive.",

diff --git a/test/all.json b/test/all.json
@@ -1151,7 +1151,7 @@
       "check": "Are recommendations from the linked cheat sheet and referenced ASVS chapter applied?",
       "detection_logic": "In-scope web applications accessed via typical web access protocols.",
       "risk_assessment": "The risk rating depends on the integrity rating of the data sent across the communication link.",
-      "false_positives": "Web applications passing the authentication sate via custom headers instead of cookies can eventually be false positives. Also when the web application is not accessed via a browser-like component (i.e not by a human user initiating the request that gets passed through all components until it reaches the web application) this can be considered a false positive.",
+      "false_positives": "Web applications passing the authentication state via custom headers instead of cookies can eventually be false positives. Also when the web application is not accessed via a browser-like component (i.e not by a human user initiating the request that gets passed through all components until it reaches the web application) this can be considered a false positive.",
       "function": "development",
       "cwe": 352
     },
@@ -2805,4 +2805,4 @@
       }
     ]
   }
-}
+}
diff --git a/test/parsed-model.json b/test/parsed-model.json
@@ -1831,7 +1831,7 @@
       "function": "development",
       "detection_logic": "In-scope web applications accessed via typical web access protocols.",
       "risk_assessment": "The risk rating depends on the integrity rating of the data sent across the communication link.",
-      "false_positives": "Web applications passing the authentication sate via custom headers instead of cookies can eventually be false positives. Also when the web application is not accessed via a browser-like component (i.e not by a human user initiating the request that gets passed through all components until it reaches the web application) this can be considered a false positive.",
+      "false_positives": "Web applications passing the authentication state via custom headers instead of cookies can eventually be false positives. Also when the web application is not accessed via a browser-like component (i.e not by a human user initiating the request that gets passed through all components until it reaches the web application) this can be considered a false positive.",
       "cwe": 352
     },
     {
@@ -3055,4 +3055,4 @@
       }
     ]
   }
-}
+}
diff --git a/test/parsed-model.yaml b/test/parsed-model.yaml
@@ -1531,7 +1531,7 @@ built_in_risk_categories:
       function: development
       detection_logic: In-scope web applications accessed via typical web access protocols.
       risk_assessment: The risk rating depends on the integrity rating of the data sent across the communication link.
-      false_positives: Web applications passing the authentication sate via custom headers instead of cookies can eventually be false positives. Also when the web application is not accessed via a browser-like component (i.e not by a human user initiating the request that gets passed through all components until it reaches the web application) this can be considered a false positive.
+      false_positives: Web applications passing the authentication state via custom headers instead of cookies can eventually be false positives. Also when the web application is not accessed via a browser-like component (i.e not by a human user initiating the request that gets passed through all components until it reaches the web application) this can be considered a false positive.
       cwe: 352
     - id: missing-identity-provider-isolation
       title: Missing Identity Provider Isolation