Merge pull request #546 from github/calumgrant/security-severities

Add security-severity scores

ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql

@@ -4,6 +4,7 @@
  *              dot as part of the hostname might match more hostnames than expected.
  * @kind path-problem
  * @problem.severity warning
+ * @security-severity 7.8
  * @precision high
  * @id go/incomplete-hostname-regexp
  * @tags correctness

ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql

@@ -4,6 +4,7 @@
  *              and "data:" suggests a logic error or even a security vulnerability.
  * @kind problem
  * @problem.severity warning
+ * @security-severity 7.8
  * @precision high
  * @id go/incomplete-url-scheme-check
  * @tags security

ql/src/Security/CWE-020/MissingRegexpAnchor.ql

@@ -3,6 +3,7 @@
  * @description Regular expressions without anchors can be vulnerable to bypassing.
  * @kind problem
  * @problem.severity warning
+ * @security-severity 7.8
  * @precision high
  * @id go/regex/missing-regexp-anchor
  * @tags correctness

ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql

@@ -3,6 +3,7 @@
  * @description If a literal bell character or backspace appears in a regular expression, the start of text or word boundary may have been intended.
  * @kind path-problem
  * @problem.severity warning
+ * @security-severity 7.8
  * @precision high
  * @id go/suspicious-character-in-regex
  * @tags correctness

ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql

@@ -5,6 +5,7 @@
  * @kind path-problem
  * @precision low
  * @problem.severity error
+ * @security-severity 7.8
  * @tags security external/cwe/cwe-20
  */
 

ql/src/Security/CWE-020/UntrustedDataToUnknownExternalAPI.ql

@@ -5,6 +5,7 @@
  * @kind path-problem
  * @precision low
  * @problem.severity error
+ * @security-severity 7.8
  * @tags security external/cwe/cwe-20
  */
 

ql/src/Security/CWE-022/TaintedPath.ql

@@ -4,6 +4,7 @@
  *              unexpected resources.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 7.5
  * @precision high
  * @id go/path-injection
  * @tags security

ql/src/Security/CWE-022/UnsafeUnzipSymlink.ql

@@ -8,6 +8,7 @@
  * @kind path-problem
  * @id go/unsafe-unzip-symlink
  * @problem.severity error
+ * @security-severity 7.5
  * @precision high
  * @tags security
  *       external/cwe/cwe-022

ql/src/Security/CWE-022/ZipSlip.ql

@@ -6,6 +6,7 @@
  * @kind path-problem
  * @id go/zipslip
  * @problem.severity error
+ * @security-severity 7.5
  * @precision high
  * @tags security
  *       external/cwe/cwe-022

ql/src/Security/CWE-078/CommandInjection.ql

@@ -4,6 +4,7 @@
  *              malicious code by the user.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 9.8
  * @precision high
  * @id go/command-injection
  * @tags security

ql/src/Security/CWE-078/StoredCommand.ql

@@ -4,6 +4,7 @@
  *              can lead to execution of malicious code by the user.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 9.8
  * @precision low
  * @id go/stored-command
  * @tags security

ql/src/Security/CWE-079/ReflectedXss.ql

@@ -4,6 +4,7 @@
  *              a cross-site scripting vulnerability.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 6.1
  * @precision high
  * @id go/reflected-xss
  * @tags security

ql/src/Security/CWE-079/StoredXss.ql

@@ -4,6 +4,7 @@
  *              a stored cross-site scripting vulnerability.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 6.1
  * @precision low
  * @id go/stored-xss
  * @tags security

ql/src/Security/CWE-089/SqlInjection.ql

@@ -4,6 +4,7 @@
  *              malicious code by the user.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 8.8
  * @precision high
  * @id go/sql-injection
  * @tags security

ql/src/Security/CWE-089/StringBreak.ql

@@ -5,6 +5,7 @@
  *              the overall string.
  * @kind path-problem
  * @problem.severity warning
+ * @security-severity 9.3
  * @precision high
  * @id go/unsafe-quoting
  * @tags correctness

ql/src/Security/CWE-190/AllocationSizeOverflow.ql

@@ -4,6 +4,7 @@
  *              the result may overflow and cause a runtime panic.
  * @kind path-problem
  * @problem.severity warning
+ * @security-severity 8.1
  * @precision high
  * @id go/allocation-size-overflow
  * @tags security

ql/src/Security/CWE-209/StackTraceExposure.ql

@@ -5,6 +5,7 @@
  *              that are useful to an attacker for developing a subsequent exploit.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 5.4
  * @precision high
  * @id go/stack-trace-exposure
  * @tags security

ql/src/Security/CWE-295/DisabledCertificateCheck.ql

@@ -4,6 +4,7 @@
  *              man-in-the-middle attacks.
  * @kind problem
  * @problem.severity warning
+ * @security-severity 7.5
  * @precision high
  * @id go/disabled-certificate-check
  * @tags security

ql/src/Security/CWE-312/CleartextLogging.ql

@@ -4,6 +4,7 @@
  *              expose it to an attacker.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 7.5
  * @precision high
  * @id go/clear-text-logging
  * @tags security

ql/src/Security/CWE-327/InsecureTLS.ql

@@ -4,6 +4,7 @@
  *              machine-in-the-middle and other attacks.
  * @kind path-problem
  * @problem.severity warning
+ * @security-severity 7.5
  * @precision very-high
  * @id go/insecure-tls
  * @tags security

ql/src/Security/CWE-338/InsecureRandomness.ql

@@ -3,6 +3,7 @@
  * @description Using insufficient randomness as the key of a cryptographic algorithm can allow an attacker to compromise security.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 7.8
  * @precision high
  * @id go/insecure-randomness
  * @tags security

ql/src/Security/CWE-352/ConstantOauth2State.ql

@@ -4,6 +4,7 @@
  *              susceptible to CSRF attacks.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 8.8
  * @precision high
  * @id go/constant-oauth2-state
  * @tags security

ql/src/Security/CWE-601/BadRedirectCheck.ql

@@ -5,6 +5,7 @@
  *              incomplete.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 6.1
  * @id go/bad-redirect-check
  * @tags security
  *       external/cwe/cwe-601

ql/src/Security/CWE-601/OpenUrlRedirect.ql

@@ -4,6 +4,7 @@
  *              may cause redirection to malicious web sites.
  * @kind path-problem
  * @problem.severity warning
+ * @security-severity 6.1
  * @id go/unvalidated-url-redirection
  * @tags security
  *       external/cwe/cwe-601

ql/src/Security/CWE-640/EmailInjection.ql

@@ -6,6 +6,7 @@
  * @id go/email-injection
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 9.8
  * @tags security
  *       external/cwe/cwe-640
  * @precision high

ql/src/Security/CWE-643/XPathInjection.ql

@@ -4,6 +4,7 @@
  *              malicious code by the user.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 9.8
  * @precision high
  * @id go/xml/xpath-injection
  * @tags security

ql/src/Security/CWE-681/IncorrectIntegerConversion.ql

@@ -5,6 +5,7 @@
  *              can produce unexpected values.
  * @kind path-problem
  * @problem.severity warning
+ * @security-severity 8.1
  * @id go/incorrect-integer-conversion
  * @tags security
  *       external/cwe/cwe-190

ql/src/Security/CWE-798/HardcodedCredentials.ql

@@ -4,6 +4,7 @@
  *              to gain unauthorized access.
  * @kind problem
  * @problem.severity warning
+ * @security-severity 9.8
  * @precision medium
  * @id go/hardcoded-credentials
  * @tags security

ql/src/Security/CWE-918/RequestForgery.ql

@@ -3,6 +3,7 @@
  * @description Sending network requests with user-controlled data allows for request forgery attacks.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 9.1
  * @precision high
  * @id go/request-forgery
  * @tags security