From f32198c77949ce3b68cd1fefdda17eb98f0e287b Mon Sep 17 00:00:00 2001
From: Joe Farebrother <joefarebrother@github.com>
Date: Mon, 21 Aug 2023 10:31:07 +0100
Subject: [PATCH] Add change note + update query ID

---
 .../CWE-639/InsecureDirectObjectReference.ql                  | 2 +-
 .../2023-08-21-insecure-direct-object-reference.md            | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 csharp/ql/src/change-notes/2023-08-21-insecure-direct-object-reference.md

diff --git a/csharp/ql/src/Security Features/CWE-639/InsecureDirectObjectReference.ql b/csharp/ql/src/Security Features/CWE-639/InsecureDirectObjectReference.ql
index 885e909f741a1..85b6b56f7bc95 100644
--- a/csharp/ql/src/Security Features/CWE-639/InsecureDirectObjectReference.ql	
+++ b/csharp/ql/src/Security Features/CWE-639/InsecureDirectObjectReference.ql	
@@ -6,7 +6,7 @@
  * @problem.severity error
  * @security-severity 7.5
  * @precision medium
- * @id cs/insecure-direct-object-reference
+ * @id cs/web/insecure-direct-object-reference
  * @tags security
  *       external/cwe-639
  */
diff --git a/csharp/ql/src/change-notes/2023-08-21-insecure-direct-object-reference.md b/csharp/ql/src/change-notes/2023-08-21-insecure-direct-object-reference.md
new file mode 100644
index 0000000000000..edbb113473901
--- /dev/null
+++ b/csharp/ql/src/change-notes/2023-08-21-insecure-direct-object-reference.md
@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* Added a new query, `cs/web/insecure-direct-object-reference`, to find instances of missing authorization checks for resources selected by an ID parameter.
\ No newline at end of file