Add missing security-severity scores

2025-12-24 04:36:35 +01:00 · 2022-03-14 09:45:10 +01:00
parent 5c04516179
commit 1f4f4207b5
14 changed files with 17 additions and 0 deletions
--- a/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql
@@ -4,6 +4,7 @@
 *              object and to execution of arbitrary code.
 * @kind path-problem
 * @problem.severity error
 * @security-severity 9.8
 * @precision high
 * @id java/jndi-injection
 * @tags security
--- a/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql
@@ -4,6 +4,7 @@
 *              information disclosure or execution of arbitrary code.
 * @kind path-problem
 * @problem.severity error
 * @security-severity 9.8
 * @precision high
 * @id java/xslt-injection
 * @tags security
--- a/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
@@ -4,6 +4,7 @@
 *              may lead to arbitrary code execution.
 * @kind path-problem
 * @problem.severity error
 * @security-severity 9.3
 * @precision high
 * @id java/groovy-injection
 * @tags security
--- a/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql
@@ -4,6 +4,7 @@
 *              may lead to remote code execution.
 * @kind path-problem
 * @problem.severity error
 * @security-severity 9.3
 * @precision high
 * @id java/mvel-expression-injection
 * @tags security
--- a/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql
@@ -4,6 +4,7 @@
 *              may lead to remote code execution.
 * @kind path-problem
 * @problem.severity error
 * @security-severity 9.3
 * @precision high
 * @id java/spel-expression-injection
 * @tags security
--- a/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
+++ b/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
@@ -3,6 +3,7 @@
 * @description Writing information without explicit permissions to a shared temporary directory may disclose it to other users.
 * @kind path-problem
 * @problem.severity warning
 * @security-severity 6.5
 * @precision medium
 * @id java/local-temp-file-or-directory-information-disclosure
 * @tags security
--- a/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql
+++ b/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql
@@ -5,6 +5,7 @@
 *              the app vulnerable to man-in-the-middle attacks.
 * @kind problem
 * @problem.severity warning
 * @security-severity 9.8
 * @precision medium
 * @id java/unsafe-cert-trust
 * @tags security
--- a/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql
+++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql
@@ -5,6 +5,7 @@
 *              privileges or unexpected exposure from chained vulnerabilities.
 * @kind problem
 * @problem.severity warning
 * @security-severity 7.5
 * @precision medium
 * @id java/android/cleartext-storage-database
 * @tags security
--- a/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql
+++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql
@@ -5,6 +5,7 @@
 *              from chained vulnerabilities.
 * @kind problem
 * @problem.severity warning
 * @security-severity 7.5
 * @precision medium
 * @id java/android/cleartext-storage-filesystem
 * @tags security
--- a/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql
+++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql
@@ -5,6 +5,7 @@
 *              privileges or unexpected exposure from chained vulnerabilities.
 * @kind problem
 * @problem.severity warning
 * @security-severity 7.5
 * @precision medium
 * @id java/android/cleartext-storage-shared-prefs
 * @tags security
--- a/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql
+++ b/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql
@@ -6,6 +6,7 @@
 *              the data vulnerable to packet sniffing.
 * @kind path-problem
 * @problem.severity warning
 * @security-severity 8.8
 * @precision medium
 * @id java/insecure-basic-auth
 * @tags security
--- a/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
+++ b/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
@@ -4,6 +4,7 @@
 *              application files and web resources from any origin exposing them to attack.
 * @kind path-problem
 * @problem.severity warning
 * @security-severity 6.1
 * @precision medium
 * @id java/android/unsafe-android-webview-fetch
 * @tags security
--- a/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql
+++ b/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql
@@ -4,6 +4,7 @@
 *                lead to execution of arbitrary code.
 * @kind path-problem
 * @problem.severity error
 * @security-severity 9.8
 * @precision high
 * @id java/ognl-injection
 * @tags security
--- a/java/ql/src/change-notes/2022-03-14-missing-security-severities.md
+++ b/java/ql/src/change-notes/2022-03-14-missing-security-severities.md
@@ -0,0 +1,4 @@
 ---
 category: queryMetadata
 ---
 * Added the `security-severity` tag to several queries.