From 771e686946c34946a6b961b71a5ccadf5d67afa5 Mon Sep 17 00:00:00 2001 From: Calum Grant Date: Tue, 15 Jun 2021 13:25:17 +0100 Subject: [PATCH] Update security-severity scores --- .../Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql | 2 +- cpp/ql/src/Critical/DescriptorMayNotBeClosed.ql | 2 +- cpp/ql/src/Critical/DescriptorNeverClosed.ql | 2 +- cpp/ql/src/Critical/FileMayNotBeClosed.ql | 2 +- cpp/ql/src/Critical/FileNeverClosed.ql | 2 +- cpp/ql/src/Critical/GlobalUseBeforeInit.ql | 2 +- cpp/ql/src/Critical/InconsistentNullnessTesting.ql | 2 +- cpp/ql/src/Critical/InitialisationNotRun.ql | 2 +- cpp/ql/src/Critical/LateNegativeTest.ql | 2 +- cpp/ql/src/Critical/MemoryMayNotBeFreed.ql | 2 +- cpp/ql/src/Critical/MemoryNeverFreed.ql | 2 +- cpp/ql/src/Critical/MissingNegativityTest.ql | 2 +- cpp/ql/src/Critical/MissingNullTest.ql | 2 +- cpp/ql/src/Critical/NewFreeMismatch.ql | 2 +- cpp/ql/src/Critical/OverflowCalculated.ql | 2 +- cpp/ql/src/Critical/OverflowDestination.ql | 2 +- cpp/ql/src/Critical/OverflowStatic.ql | 2 +- cpp/ql/src/Critical/ReturnStackAllocatedObject.ql | 2 +- cpp/ql/src/Critical/SizeCheck.ql | 2 +- cpp/ql/src/Critical/SizeCheck2.ql | 2 +- cpp/ql/src/Critical/UseAfterFree.ql | 2 +- cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql | 2 +- cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql | 2 +- cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql | 2 +- cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql | 2 +- cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql | 2 +- cpp/ql/src/Likely Bugs/Format/SnprintfOverflow.ql | 2 +- cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql | 2 +- cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql | 2 +- .../src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql | 2 +- cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql | 2 +- .../Likely Bugs/Memory Management/ImproperNullTermination.ql | 2 +- cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.ql | 2 +- cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql | 2 +- .../Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql | 2 +- cpp/ql/src/Likely Bugs/Memory Management/SuspiciousSizeof.ql | 2 +- cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql | 2 +- cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql | 2 +- cpp/ql/src/Likely Bugs/OO/SelfAssignmentCheck.ql | 2 +- cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql | 2 +- .../src/Likely Bugs/Underspecified Functions/TooFewArguments.ql | 2 +- cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql | 2 +- cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql | 2 +- cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql | 2 +- cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql | 2 +- cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql | 2 +- cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql | 2 +- cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql | 2 +- cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql | 2 +- cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql | 2 +- cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql | 2 +- cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql | 2 +- cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql | 2 +- cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql | 2 +- cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql | 2 +- cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql | 2 +- cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql | 2 +- cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql | 2 +- .../CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql | 2 +- cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql | 2 +- cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql | 2 +- cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql | 2 +- cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql | 2 +- cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql | 2 +- cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql | 2 +- .../CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql | 2 +- cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql | 2 +- cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql | 2 +- cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql | 2 +- cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql | 2 +- cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql | 2 +- cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql | 2 +- cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql | 2 +- cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql | 2 +- cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql | 2 +- .../Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql | 2 +- cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScaling.ql | 2 +- cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingChar.ql | 2 +- cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql | 2 +- cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql | 2 +- cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql | 2 +- cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql | 2 +- cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql | 2 +- cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql | 2 +- cpp/ql/src/Security/CWE/CWE-764/LockOrderCycle.ql | 2 +- cpp/ql/src/Security/CWE/CWE-764/TwiceLocked.ql | 2 +- cpp/ql/src/Security/CWE/CWE-764/UnreleasedLock.ql | 2 +- cpp/ql/src/Security/CWE/CWE-807/TaintedCondition.ql | 2 +- .../CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql | 2 +- csharp/ql/src/Bad Practices/UseOfHtmlInputHidden.ql | 2 +- csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql | 2 +- csharp/ql/src/Configuration/PasswordInConfigurationFile.ql | 2 +- csharp/ql/src/Input Validation/UseOfFileUpload.ql | 2 +- csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql | 2 +- csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql | 2 +- csharp/ql/src/Security Features/CWE-011/ASPNetDebug.ql | 2 +- .../ql/src/Security Features/CWE-016/ASPNetMaxRequestLength.ql | 2 +- .../src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql | 2 +- .../Security Features/CWE-016/ASPNetRequestValidationMode.ql | 2 +- csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql | 2 +- .../src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql | 2 +- csharp/ql/src/Security Features/CWE-022/TaintedPath.ql | 2 +- csharp/ql/src/Security Features/CWE-022/ZipSlip.ql | 2 +- csharp/ql/src/Security Features/CWE-078/CommandInjection.ql | 2 +- .../ql/src/Security Features/CWE-078/StoredCommandInjection.ql | 2 +- csharp/ql/src/Security Features/CWE-079/StoredXSS.ql | 2 +- csharp/ql/src/Security Features/CWE-079/XSS.ql | 2 +- .../ql/src/Security Features/CWE-089/SecondOrderSqlInjection.ql | 2 +- csharp/ql/src/Security Features/CWE-089/SqlInjection.ql | 2 +- csharp/ql/src/Security Features/CWE-090/LDAPInjection.ql | 2 +- csharp/ql/src/Security Features/CWE-090/StoredLDAPInjection.ql | 2 +- csharp/ql/src/Security Features/CWE-091/XMLInjection.ql | 2 +- csharp/ql/src/Security Features/CWE-094/CodeInjection.ql | 2 +- csharp/ql/src/Security Features/CWE-099/ResourceInjection.ql | 2 +- csharp/ql/src/Security Features/CWE-112/MissingXMLValidation.ql | 2 +- .../ql/src/Security Features/CWE-114/AssemblyPathInjection.ql | 2 +- csharp/ql/src/Security Features/CWE-117/LogForging.ql | 2 +- .../src/Security Features/CWE-119/LocalUnvalidatedArithmetic.ql | 2 +- .../src/Security Features/CWE-134/UncontrolledFormatString.ql | 2 +- .../src/Security Features/CWE-201/ExposureInTransmittedData.ql | 2 +- .../Security Features/CWE-209/ExceptionInformationExposure.ql | 2 +- .../CWE-248/MissingASPNETGlobalErrorHandler.ql | 2 +- csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql | 2 +- .../ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql | 2 +- .../CWE-321/HardcodedSymmetricEncryptionKey.ql | 2 +- csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql | 2 +- .../ql/src/Security Features/CWE-327/InsecureSQLConnection.ql | 2 +- .../CWE-352/MissingAntiForgeryTokenValidation.ql | 2 +- .../Security Features/CWE-359/ExposureOfPrivateInformation.ql | 2 +- csharp/ql/src/Security Features/CWE-384/AbandonSession.ql | 2 +- csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.ql | 2 +- csharp/ql/src/Security Features/CWE-502/DeserializedDelegate.ql | 2 +- .../ql/src/Security Features/CWE-502/UnsafeDeserialization.ql | 2 +- .../CWE-502/UnsafeDeserializationUntrustedInput.ql | 2 +- .../ql/src/Security Features/CWE-548/ASPNetDirectoryListing.ql | 2 +- csharp/ql/src/Security Features/CWE-601/UrlRedirect.ql | 2 +- .../src/Security Features/CWE-611/UntrustedDataInsecureXml.ql | 2 +- csharp/ql/src/Security Features/CWE-611/UseXmlSecureResolver.ql | 2 +- csharp/ql/src/Security Features/CWE-614/RequireSSL.ql | 2 +- csharp/ql/src/Security Features/CWE-643/StoredXPathInjection.ql | 2 +- csharp/ql/src/Security Features/CWE-643/XPathInjection.ql | 2 +- csharp/ql/src/Security Features/CWE-730/ReDoS.ql | 2 +- csharp/ql/src/Security Features/CWE-730/RegexInjection.ql | 2 +- .../src/Security Features/CWE-798/HardcodedConnectionString.ql | 2 +- csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql | 2 +- csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql | 2 +- .../ql/src/Security Features/CWE-838/InappropriateEncoding.ql | 2 +- csharp/ql/src/Security Features/CookieWithOverlyBroadDomain.ql | 2 +- csharp/ql/src/Security Features/CookieWithOverlyBroadPath.ql | 2 +- csharp/ql/src/Security Features/Encryption using ECB.ql | 2 +- csharp/ql/src/Security Features/HeaderCheckingDisabled.ql | 2 +- csharp/ql/src/Security Features/InadequateRSAPadding.ql | 2 +- csharp/ql/src/Security Features/InsecureRandomness.ql | 2 +- csharp/ql/src/Security Features/InsufficientKeySize.ql | 2 +- csharp/ql/src/Security Features/PersistentCookie.ql | 2 +- csharp/ql/src/Security Features/WeakEncryption.ql | 2 +- java/ql/src/Frameworks/JavaEE/EJB/EjbContainerInterference.ql | 2 +- java/ql/src/Frameworks/JavaEE/EJB/EjbFileIO.ql | 2 +- java/ql/src/Frameworks/JavaEE/EJB/EjbNative.ql | 2 +- java/ql/src/Frameworks/JavaEE/EJB/EjbReflection.ql | 2 +- java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.ql | 2 +- java/ql/src/Frameworks/JavaEE/EJB/EjbSerialization.ql | 2 +- java/ql/src/Frameworks/JavaEE/EJB/EjbSetSocketOrUrlFactory.ql | 2 +- java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql | 2 +- java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql | 2 +- java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql | 2 +- java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql | 2 +- java/ql/src/Security/CWE/CWE-022/TaintedPath.ql | 2 +- java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql | 2 +- java/ql/src/Security/CWE/CWE-022/ZipSlip.ql | 2 +- java/ql/src/Security/CWE/CWE-078/ExecRelative.ql | 2 +- java/ql/src/Security/CWE/CWE-078/ExecTainted.ql | 2 +- java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql | 2 +- java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql | 2 +- java/ql/src/Security/CWE/CWE-079/XSS.ql | 2 +- java/ql/src/Security/CWE/CWE-079/XSSLocal.ql | 2 +- java/ql/src/Security/CWE/CWE-089/SqlTainted.ql | 2 +- java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql | 2 +- java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql | 2 +- java/ql/src/Security/CWE/CWE-090/LdapInjection.ql | 2 +- java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql | 2 +- java/ql/src/Security/CWE/CWE-094/JexlInjection.ql | 2 +- java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql | 2 +- java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql | 2 +- java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql | 2 +- .../CWE/CWE-129/ImproperValidationOfArrayConstruction.ql | 2 +- .../ImproperValidationOfArrayConstructionCodeSpecified.ql | 2 +- .../CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql | 2 +- .../src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql | 2 +- .../CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql | 2 +- .../Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql | 2 +- .../Security/CWE/CWE-134/ExternallyControlledFormatString.ql | 2 +- .../CWE/CWE-134/ExternallyControlledFormatStringLocal.ql | 2 +- java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql | 2 +- java/ql/src/Security/CWE/CWE-190/ArithmeticTaintedLocal.ql | 2 +- java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql | 2 +- java/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql | 2 +- java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql | 2 +- java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql | 2 +- java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql | 2 +- java/ql/src/Security/CWE/CWE-312/CleartextStorageClass.ql | 2 +- java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql | 2 +- java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql | 2 +- java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql | 2 +- java/ql/src/Security/CWE/CWE-319/UseSSL.ql | 2 +- java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql | 2 +- java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql | 2 +- java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql | 2 +- java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql | 2 +- java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql | 2 +- java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql | 2 +- java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql | 2 +- java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql | 2 +- java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql | 2 +- java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql | 2 +- java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql | 2 +- java/ql/src/Security/CWE/CWE-611/XXE.ql | 2 +- java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql | 2 +- java/ql/src/Security/CWE/CWE-643/XPathInjection.ql | 2 +- java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql | 2 +- java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql | 2 +- .../ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql | 2 +- java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql | 2 +- .../src/Security/CWE/CWE-798/HardcodedCredentialsComparison.ql | 2 +- .../src/Security/CWE/CWE-798/HardcodedCredentialsSourceCall.ql | 2 +- java/ql/src/Security/CWE/CWE-798/HardcodedPasswordField.ql | 2 +- java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql | 2 +- java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql | 2 +- .../ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql | 2 +- java/ql/src/Security/CWE/CWE-833/LockOrderInconsistency.ql | 2 +- java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql | 2 +- javascript/ql/src/AngularJS/DisablingSce.ql | 2 +- javascript/ql/src/AngularJS/DoubleCompilation.ql | 2 +- javascript/ql/src/AngularJS/InsecureUrlWhitelist.ql | 2 +- javascript/ql/src/DOM/TargetBlank.ql | 2 +- javascript/ql/src/Electron/AllowRunningInsecureContent.ql | 2 +- javascript/ql/src/Electron/DisablingWebSecurity.ql | 2 +- javascript/ql/src/Electron/EnablingNodeIntegration.ql | 2 +- javascript/ql/src/Performance/PolynomialReDoS.ql | 2 +- javascript/ql/src/Performance/ReDoS.ql | 2 +- javascript/ql/src/RegExp/IdentityReplacement.ql | 2 +- javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql | 2 +- javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql | 2 +- .../src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql | 2 +- javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql | 2 +- javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql | 2 +- .../ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql | 2 +- .../ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql | 2 +- javascript/ql/src/Security/CWE-022/TaintedPath.ql | 2 +- javascript/ql/src/Security/CWE-022/ZipSlip.ql | 2 +- javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql | 2 +- javascript/ql/src/Security/CWE-078/CommandInjection.ql | 2 +- javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql | 2 +- .../Security/CWE-078/ShellCommandInjectionFromEnvironment.ql | 2 +- .../ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql | 2 +- javascript/ql/src/Security/CWE-078/UselessUseOfCat.ql | 2 +- javascript/ql/src/Security/CWE-079/ExceptionXss.ql | 2 +- javascript/ql/src/Security/CWE-079/ReflectedXss.ql | 2 +- javascript/ql/src/Security/CWE-079/StoredXss.ql | 2 +- javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql | 2 +- javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql | 2 +- javascript/ql/src/Security/CWE-079/Xss.ql | 2 +- javascript/ql/src/Security/CWE-079/XssThroughDom.ql | 2 +- javascript/ql/src/Security/CWE-089/SqlInjection.ql | 2 +- javascript/ql/src/Security/CWE-094/CodeInjection.ql | 2 +- javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql | 2 +- javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql | 2 +- javascript/ql/src/Security/CWE-116/DoubleEscaping.ql | 2 +- .../src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql | 2 +- .../Security/CWE-116/IncompleteMultiCharacterSanitization.ql | 2 +- javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql | 2 +- javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql | 2 +- javascript/ql/src/Security/CWE-117/LogInjection.ql | 2 +- javascript/ql/src/Security/CWE-134/TaintedFormatString.ql | 2 +- javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql | 2 +- javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql | 2 +- javascript/ql/src/Security/CWE-201/PostMessageStar.ql | 2 +- javascript/ql/src/Security/CWE-209/StackTraceExposure.ql | 2 +- .../ql/src/Security/CWE-295/DisablingCertificateValidation.ql | 2 +- javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql | 2 +- javascript/ql/src/Security/CWE-312/CleartextLogging.ql | 2 +- javascript/ql/src/Security/CWE-312/CleartextStorage.ql | 2 +- .../ql/src/Security/CWE-313/PasswordInConfigurationFile.ql | 2 +- javascript/ql/src/Security/CWE-327/BadRandomness.ql | 2 +- javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql | 2 +- javascript/ql/src/Security/CWE-338/InsecureRandomness.ql | 2 +- .../src/Security/CWE-346/CorsMisconfigurationForCredentials.ql | 2 +- javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql | 2 +- .../ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql | 2 +- javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql | 2 +- javascript/ql/src/Security/CWE-451/MissingXFrameOptions.ql | 2 +- javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql | 2 +- .../ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql | 2 +- javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql | 2 +- javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql | 2 +- javascript/ql/src/Security/CWE-611/Xxe.ql | 2 +- .../Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql | 2 +- javascript/ql/src/Security/CWE-643/XpathInjection.ql | 2 +- javascript/ql/src/Security/CWE-730/RegExpInjection.ql | 2 +- javascript/ql/src/Security/CWE-730/ServerCrash.ql | 2 +- .../ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql | 2 +- javascript/ql/src/Security/CWE-770/MissingRateLimiting.ql | 2 +- javascript/ql/src/Security/CWE-776/XmlBomb.ql | 2 +- javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql | 2 +- javascript/ql/src/Security/CWE-807/ConditionalBypass.ql | 2 +- .../ql/src/Security/CWE-807/DifferentKindsComparisonBypass.ql | 2 +- javascript/ql/src/Security/CWE-829/InsecureDownload.ql | 2 +- javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql | 2 +- .../Security/CWE-843/TypeConfusionThroughParameterTampering.ql | 2 +- javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql | 2 +- .../ql/src/Security/CWE-915/PrototypePollutingAssignment.ql | 2 +- .../ql/src/Security/CWE-915/PrototypePollutingFunction.ql | 2 +- .../ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql | 2 +- javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql | 2 +- javascript/ql/src/Security/CWE-918/RequestForgery.ql | 2 +- python/ql/src/Expressions/UseofInput.ql | 2 +- python/ql/src/Security/CVE-2018-1281/BindToAllInterfaces.ql | 2 +- .../Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql | 2 +- python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql | 2 +- .../src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql | 2 +- python/ql/src/Security/CWE-022/PathInjection.ql | 2 +- python/ql/src/Security/CWE-022/TarSlip.ql | 2 +- python/ql/src/Security/CWE-078/CommandInjection.ql | 2 +- python/ql/src/Security/CWE-079/Jinja2WithoutEscaping.ql | 2 +- python/ql/src/Security/CWE-079/ReflectedXss.ql | 2 +- python/ql/src/Security/CWE-089/SqlInjection.ql | 2 +- python/ql/src/Security/CWE-094/CodeInjection.ql | 2 +- python/ql/src/Security/CWE-209/StackTraceExposure.ql | 2 +- python/ql/src/Security/CWE-215/FlaskDebug.ql | 2 +- python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql | 2 +- python/ql/src/Security/CWE-295/RequestWithoutValidation.ql | 2 +- python/ql/src/Security/CWE-312/CleartextLogging.ql | 2 +- python/ql/src/Security/CWE-312/CleartextStorage.ql | 2 +- python/ql/src/Security/CWE-326/WeakCryptoKey.ql | 2 +- python/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql | 2 +- python/ql/src/Security/CWE-327/InsecureDefaultProtocol.ql | 2 +- python/ql/src/Security/CWE-327/InsecureProtocol.ql | 2 +- python/ql/src/Security/CWE-327/WeakSensitiveDataHashing.ql | 2 +- python/ql/src/Security/CWE-377/InsecureTemporaryFile.ql | 2 +- python/ql/src/Security/CWE-502/UnsafeDeserialization.ql | 2 +- python/ql/src/Security/CWE-601/UrlRedirect.ql | 2 +- python/ql/src/Security/CWE-732/WeakFilePermissions.ql | 2 +- python/ql/src/Security/CWE-798/HardcodedCredentials.ql | 2 +- 343 files changed, 343 insertions(+), 343 deletions(-) diff --git a/cpp/ql/src/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql b/cpp/ql/src/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql index ecf739b91be..c8bf3842773 100644 --- a/cpp/ql/src/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql +++ b/cpp/ql/src/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql @@ -5,7 +5,7 @@ * @kind problem * @id cpp/offset-use-before-range-check * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.2 * @precision medium * @tags reliability * security diff --git a/cpp/ql/src/Critical/DescriptorMayNotBeClosed.ql b/cpp/ql/src/Critical/DescriptorMayNotBeClosed.ql index 24cd9dc16fd..3ef487fbec2 100644 --- a/cpp/ql/src/Critical/DescriptorMayNotBeClosed.ql +++ b/cpp/ql/src/Critical/DescriptorMayNotBeClosed.ql @@ -4,7 +4,7 @@ * @kind problem * @id cpp/descriptor-may-not-be-closed * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @tags efficiency * security * external/cwe/cwe-775 diff --git a/cpp/ql/src/Critical/DescriptorNeverClosed.ql b/cpp/ql/src/Critical/DescriptorNeverClosed.ql index 331d787be62..85e41ad1928 100644 --- a/cpp/ql/src/Critical/DescriptorNeverClosed.ql +++ b/cpp/ql/src/Critical/DescriptorNeverClosed.ql @@ -4,7 +4,7 @@ * @kind problem * @id cpp/descriptor-never-closed * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @tags efficiency * security * external/cwe/cwe-775 diff --git a/cpp/ql/src/Critical/FileMayNotBeClosed.ql b/cpp/ql/src/Critical/FileMayNotBeClosed.ql index 395bac61f0b..af38b437778 100644 --- a/cpp/ql/src/Critical/FileMayNotBeClosed.ql +++ b/cpp/ql/src/Critical/FileMayNotBeClosed.ql @@ -4,7 +4,7 @@ * @kind problem * @id cpp/file-may-not-be-closed * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @tags efficiency * security * external/cwe/cwe-775 diff --git a/cpp/ql/src/Critical/FileNeverClosed.ql b/cpp/ql/src/Critical/FileNeverClosed.ql index eeeed80af92..b9e71978359 100644 --- a/cpp/ql/src/Critical/FileNeverClosed.ql +++ b/cpp/ql/src/Critical/FileNeverClosed.ql @@ -4,7 +4,7 @@ * @kind problem * @id cpp/file-never-closed * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @tags efficiency * security * external/cwe/cwe-775 diff --git a/cpp/ql/src/Critical/GlobalUseBeforeInit.ql b/cpp/ql/src/Critical/GlobalUseBeforeInit.ql index 7abfaeb9ebe..6c3435eeba9 100644 --- a/cpp/ql/src/Critical/GlobalUseBeforeInit.ql +++ b/cpp/ql/src/Critical/GlobalUseBeforeInit.ql @@ -4,7 +4,7 @@ * @kind problem * @id cpp/global-use-before-init * @problem.severity warning - * @security-severity 6.9 + * @security-severity 7.8 * @tags reliability * security * external/cwe/cwe-457 diff --git a/cpp/ql/src/Critical/InconsistentNullnessTesting.ql b/cpp/ql/src/Critical/InconsistentNullnessTesting.ql index b356c64b3fc..da64be1fdb9 100644 --- a/cpp/ql/src/Critical/InconsistentNullnessTesting.ql +++ b/cpp/ql/src/Critical/InconsistentNullnessTesting.ql @@ -4,7 +4,7 @@ * @kind problem * @id cpp/inconsistent-nullness-testing * @problem.severity warning - * @security-severity 3.6 + * @security-severity 7.5 * @tags reliability * security * external/cwe/cwe-476 diff --git a/cpp/ql/src/Critical/InitialisationNotRun.ql b/cpp/ql/src/Critical/InitialisationNotRun.ql index d4bb90962f7..ba575c55921 100644 --- a/cpp/ql/src/Critical/InitialisationNotRun.ql +++ b/cpp/ql/src/Critical/InitialisationNotRun.ql @@ -4,7 +4,7 @@ * @kind problem * @id cpp/initialization-not-run * @problem.severity warning - * @security-severity 6.4 + * @security-severity 7.5 * @tags reliability * security * external/cwe/cwe-456 diff --git a/cpp/ql/src/Critical/LateNegativeTest.ql b/cpp/ql/src/Critical/LateNegativeTest.ql index 98d1d7cba2b..5de36fcc5a9 100644 --- a/cpp/ql/src/Critical/LateNegativeTest.ql +++ b/cpp/ql/src/Critical/LateNegativeTest.ql @@ -6,7 +6,7 @@ * @kind problem * @id cpp/late-negative-test * @problem.severity warning - * @security-severity 10.0 + * @security-severity 9.3 * @tags reliability * security * external/cwe/cwe-823 diff --git a/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql b/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql index 3726117615e..51467b52be8 100644 --- a/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql +++ b/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql @@ -4,7 +4,7 @@ * @kind problem * @id cpp/memory-may-not-be-freed * @problem.severity warning - * @security-severity 3.6 + * @security-severity 7.5 * @tags efficiency * security * external/cwe/cwe-401 diff --git a/cpp/ql/src/Critical/MemoryNeverFreed.ql b/cpp/ql/src/Critical/MemoryNeverFreed.ql index 89ca2245d7f..e9593e9d749 100644 --- a/cpp/ql/src/Critical/MemoryNeverFreed.ql +++ b/cpp/ql/src/Critical/MemoryNeverFreed.ql @@ -4,7 +4,7 @@ * @kind problem * @id cpp/memory-never-freed * @problem.severity warning - * @security-severity 3.6 + * @security-severity 7.5 * @tags efficiency * security * external/cwe/cwe-401 diff --git a/cpp/ql/src/Critical/MissingNegativityTest.ql b/cpp/ql/src/Critical/MissingNegativityTest.ql index 937510afec6..a4409f2dabf 100644 --- a/cpp/ql/src/Critical/MissingNegativityTest.ql +++ b/cpp/ql/src/Critical/MissingNegativityTest.ql @@ -5,7 +5,7 @@ * @kind problem * @id cpp/missing-negativity-test * @problem.severity warning - * @security-severity 10.0 + * @security-severity 9.3 * @tags reliability * security * external/cwe/cwe-823 diff --git a/cpp/ql/src/Critical/MissingNullTest.ql b/cpp/ql/src/Critical/MissingNullTest.ql index dcd45f2baf1..b50d06a8dd1 100644 --- a/cpp/ql/src/Critical/MissingNullTest.ql +++ b/cpp/ql/src/Critical/MissingNullTest.ql @@ -4,7 +4,7 @@ * @kind problem * @id cpp/missing-null-test * @problem.severity recommendation - * @security-severity 3.6 + * @security-severity 7.5 * @tags reliability * security * external/cwe/cwe-476 diff --git a/cpp/ql/src/Critical/NewFreeMismatch.ql b/cpp/ql/src/Critical/NewFreeMismatch.ql index 09356762e43..19b9b197214 100644 --- a/cpp/ql/src/Critical/NewFreeMismatch.ql +++ b/cpp/ql/src/Critical/NewFreeMismatch.ql @@ -3,7 +3,7 @@ * @description An object that was allocated with 'malloc' or 'new' is being freed using a mismatching 'free' or 'delete'. * @kind problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 7.5 * @precision high * @id cpp/new-free-mismatch * @tags reliability diff --git a/cpp/ql/src/Critical/OverflowCalculated.ql b/cpp/ql/src/Critical/OverflowCalculated.ql index 01cb7b3eaa3..d8a08cc6a69 100644 --- a/cpp/ql/src/Critical/OverflowCalculated.ql +++ b/cpp/ql/src/Critical/OverflowCalculated.ql @@ -4,7 +4,7 @@ * @kind problem * @id cpp/overflow-calculated * @problem.severity warning - * @security-severity 5.9 + * @security-severity 9.8 * @tags reliability * security * external/cwe/cwe-131 diff --git a/cpp/ql/src/Critical/OverflowDestination.ql b/cpp/ql/src/Critical/OverflowDestination.ql index c89ec46cb42..94d46001660 100644 --- a/cpp/ql/src/Critical/OverflowDestination.ql +++ b/cpp/ql/src/Critical/OverflowDestination.ql @@ -5,7 +5,7 @@ * @kind problem * @id cpp/overflow-destination * @problem.severity warning - * @security-severity 10.0 + * @security-severity 9.3 * @precision low * @tags reliability * security diff --git a/cpp/ql/src/Critical/OverflowStatic.ql b/cpp/ql/src/Critical/OverflowStatic.ql index d287f43b1c8..7c447c12323 100644 --- a/cpp/ql/src/Critical/OverflowStatic.ql +++ b/cpp/ql/src/Critical/OverflowStatic.ql @@ -4,7 +4,7 @@ * may result in a buffer overflow. * @kind problem * @problem.severity warning - * @security-severity 10.0 + * @security-severity 9.3 * @precision medium * @id cpp/static-buffer-overflow * @tags reliability diff --git a/cpp/ql/src/Critical/ReturnStackAllocatedObject.ql b/cpp/ql/src/Critical/ReturnStackAllocatedObject.ql index 72ff93e24ab..40082ad5d9c 100644 --- a/cpp/ql/src/Critical/ReturnStackAllocatedObject.ql +++ b/cpp/ql/src/Critical/ReturnStackAllocatedObject.ql @@ -4,7 +4,7 @@ * @kind problem * @id cpp/return-stack-allocated-object * @problem.severity warning - * @security-severity 2.9 + * @security-severity 2.1 * @tags reliability * security * external/cwe/cwe-562 diff --git a/cpp/ql/src/Critical/SizeCheck.ql b/cpp/ql/src/Critical/SizeCheck.ql index 7fff35cf717..e7a00ea3621 100644 --- a/cpp/ql/src/Critical/SizeCheck.ql +++ b/cpp/ql/src/Critical/SizeCheck.ql @@ -4,7 +4,7 @@ * an instance of the type of the pointer may result in a buffer overflow * @kind problem * @problem.severity warning - * @security-severity 6.4 + * @security-severity 8.1 * @precision medium * @id cpp/allocation-too-small * @tags reliability diff --git a/cpp/ql/src/Critical/SizeCheck2.ql b/cpp/ql/src/Critical/SizeCheck2.ql index f9a09b66352..eb3aec9a5fe 100644 --- a/cpp/ql/src/Critical/SizeCheck2.ql +++ b/cpp/ql/src/Critical/SizeCheck2.ql @@ -4,7 +4,7 @@ * multiple instances of the type of the pointer may result in a buffer overflow * @kind problem * @problem.severity warning - * @security-severity 6.4 + * @security-severity 8.1 * @precision medium * @id cpp/suspicious-allocation-size * @tags reliability diff --git a/cpp/ql/src/Critical/UseAfterFree.ql b/cpp/ql/src/Critical/UseAfterFree.ql index 1b714267ef1..d770a42b3c2 100644 --- a/cpp/ql/src/Critical/UseAfterFree.ql +++ b/cpp/ql/src/Critical/UseAfterFree.ql @@ -4,7 +4,7 @@ * @kind problem * @id cpp/use-after-free * @problem.severity warning - * @security-severity 5.9 + * @security-severity 9.3 * @tags reliability * security * external/cwe/cwe-416 diff --git a/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql b/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql index 1037e4d9063..5a7389205f9 100644 --- a/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql +++ b/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql @@ -6,7 +6,7 @@ * to a larger type. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 8.1 * @precision very-high * @id cpp/bad-addition-overflow-check * @tags reliability diff --git a/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql b/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql index 941fecc453d..03ad085b6d3 100644 --- a/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql +++ b/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql @@ -4,7 +4,7 @@ * be a sign that the result can overflow the type converted from. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.1 * @precision high * @id cpp/integer-multiplication-cast-to-long * @tags reliability diff --git a/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql b/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql index 6da994e6729..7911049599a 100644 --- a/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql +++ b/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql @@ -5,7 +5,7 @@ * unsigned integer values. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.1 * @precision high * @id cpp/signed-overflow-check * @tags correctness diff --git a/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql b/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql index 19e50a3f368..9032919da44 100644 --- a/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql +++ b/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql @@ -6,7 +6,7 @@ * use the width of the base type, leading to misaligned reads. * @kind path-problem * @problem.severity warning - * @security-severity 10.0 + * @security-severity 9.3 * @precision high * @id cpp/upcast-array-pointer-arithmetic * @tags correctness diff --git a/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql b/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql index f480501f7ba..f00dfa2213b 100644 --- a/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql +++ b/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql @@ -6,7 +6,7 @@ * from an untrusted source, this can be used for exploits. * @kind problem * @problem.severity recommendation - * @security-severity 6.9 + * @security-severity 9.3 * @precision high * @id cpp/non-constant-format * @tags maintainability diff --git a/cpp/ql/src/Likely Bugs/Format/SnprintfOverflow.ql b/cpp/ql/src/Likely Bugs/Format/SnprintfOverflow.ql index 78427655c22..7da8db7f226 100644 --- a/cpp/ql/src/Likely Bugs/Format/SnprintfOverflow.ql +++ b/cpp/ql/src/Likely Bugs/Format/SnprintfOverflow.ql @@ -3,7 +3,7 @@ * @description Using the return value from snprintf without proper checks can cause overflow. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.1 * @precision high * @id cpp/overflowing-snprintf * @tags reliability diff --git a/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql b/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql index 1147c6c66a1..cc3510ee5eb 100644 --- a/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql +++ b/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql @@ -4,7 +4,7 @@ * a source of security issues. * @kind problem * @problem.severity error - * @security-severity 2.9 + * @security-severity 5.0 * @precision high * @id cpp/wrong-number-format-arguments * @tags reliability diff --git a/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql b/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql index d1624e484fe..a7306e401e4 100644 --- a/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql +++ b/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql @@ -4,7 +4,7 @@ * behavior. * @kind problem * @problem.severity error - * @security-severity 6.4 + * @security-severity 7.5 * @precision high * @id cpp/wrong-type-format-argument * @tags reliability diff --git a/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql b/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql index 1b20aa1b224..30664869adc 100644 --- a/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql +++ b/cpp/ql/src/Likely Bugs/Likely Typos/IncorrectNotOperatorUsage.ql @@ -6,7 +6,7 @@ * @kind problem * @id cpp/incorrect-not-operator-usage * @problem.severity warning - * @security-severity 3.6 + * @security-severity 7.5 * @precision medium * @tags security * external/cwe/cwe-480 diff --git a/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql b/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql index 1af4ba839b5..61d7a266d86 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql @@ -3,7 +3,7 @@ * @description Using alloca in a loop can lead to a stack overflow * @kind problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 7.5 * @precision high * @id cpp/alloca-in-loop * @tags reliability diff --git a/cpp/ql/src/Likely Bugs/Memory Management/ImproperNullTermination.ql b/cpp/ql/src/Likely Bugs/Memory Management/ImproperNullTermination.ql index c72086060fd..7f1541f7ea8 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/ImproperNullTermination.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/ImproperNullTermination.ql @@ -5,7 +5,7 @@ * @kind problem * @id cpp/improper-null-termination * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @tags security * external/cwe/cwe-170 * external/cwe/cwe-665 diff --git a/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.ql b/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.ql index 3035d3ba2ea..e11d114d1fb 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.ql @@ -4,7 +4,7 @@ * on undefined behavior and may lead to memory corruption. * @kind problem * @problem.severity error - * @security-severity 2.9 + * @security-severity 2.1 * @precision high * @id cpp/pointer-overflow-check * @tags reliability diff --git a/cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql b/cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql index 4a9fc949f89..8e7bc5bfcf4 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql @@ -4,7 +4,7 @@ * as the third argument may result in a buffer overflow. * @kind problem * @problem.severity warning - * @security-severity 10.0 + * @security-severity 9.3 * @precision medium * @id cpp/bad-strncpy-size * @tags reliability diff --git a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql index 28742629b37..644c48622a2 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql @@ -3,7 +3,7 @@ * @description Calling 'strncat' with an incorrect size argument may result in a buffer overflow. * @kind problem * @problem.severity warning - * @security-severity 10.0 + * @security-severity 9.3 * @precision medium * @id cpp/unsafe-strncat * @tags reliability diff --git a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousSizeof.ql b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousSizeof.ql index 9198cd0497e..a80af562bda 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousSizeof.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousSizeof.ql @@ -5,7 +5,7 @@ * the machine pointer size. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.8 * @precision medium * @id cpp/suspicious-sizeof * @tags reliability diff --git a/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql b/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql index 94e230e8838..5861167659f 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql @@ -5,7 +5,7 @@ * @kind problem * @id cpp/uninitialized-local * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @precision medium * @tags security * external/cwe/cwe-665 diff --git a/cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql b/cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql index 2eb8d0b4060..d0b0f7f1e71 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql @@ -4,7 +4,7 @@ * may result in a buffer overflow * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 9.8 * @precision medium * @id cpp/unsafe-strcat * @tags reliability diff --git a/cpp/ql/src/Likely Bugs/OO/SelfAssignmentCheck.ql b/cpp/ql/src/Likely Bugs/OO/SelfAssignmentCheck.ql index 2702cbdcea7..9ddf445f4bf 100644 --- a/cpp/ql/src/Likely Bugs/OO/SelfAssignmentCheck.ql +++ b/cpp/ql/src/Likely Bugs/OO/SelfAssignmentCheck.ql @@ -6,7 +6,7 @@ * @kind problem * @id cpp/self-assignment-check * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.0 * @tags reliability * security * external/cwe/cwe-826 diff --git a/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql b/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql index 746a2761e49..04325e8497e 100644 --- a/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql +++ b/cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql @@ -6,7 +6,7 @@ * @kind path-problem * @id cpp/unsafe-use-of-this * @problem.severity error - * @security-severity 3.6 + * @security-severity 7.5 * @precision very-high * @tags correctness * language-features diff --git a/cpp/ql/src/Likely Bugs/Underspecified Functions/TooFewArguments.ql b/cpp/ql/src/Likely Bugs/Underspecified Functions/TooFewArguments.ql index 3196143c5d1..bc53015c905 100644 --- a/cpp/ql/src/Likely Bugs/Underspecified Functions/TooFewArguments.ql +++ b/cpp/ql/src/Likely Bugs/Underspecified Functions/TooFewArguments.ql @@ -7,7 +7,7 @@ * undefined data. * @kind problem * @problem.severity error - * @security-severity 2.9 + * @security-severity 5.0 * @precision very-high * @id cpp/too-few-arguments * @tags correctness diff --git a/cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql b/cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql index 77c4f149cac..33c31972295 100644 --- a/cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql +++ b/cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql @@ -5,7 +5,7 @@ * @kind problem * @id cpp/memset-may-be-deleted * @problem.severity warning - * @security-severity 6.4 + * @security-severity 7.8 * @precision high * @tags security * external/cwe/cwe-14 diff --git a/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql b/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql index 0396d5c7bb0..47a0bf14b7f 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql +++ b/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql @@ -5,7 +5,7 @@ * @kind path-problem * @precision low * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.8 * @tags security external/cwe/cwe-20 */ diff --git a/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql b/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql index 196fe57f74b..b85a5b26a7f 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql +++ b/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql @@ -5,7 +5,7 @@ * @kind path-problem * @precision low * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.8 * @tags security external/cwe/cwe-20 */ diff --git a/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql b/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql index c96b6f6dc5b..5e22506d03a 100644 --- a/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql +++ b/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql @@ -4,7 +4,7 @@ * attacker to access unexpected resources. * @kind path-problem * @problem.severity warning - * @security-severity 6.4 + * @security-severity 7.5 * @precision medium * @id cpp/path-injection * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql b/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql index d3020406f15..5f516eec83b 100644 --- a/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql +++ b/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql @@ -5,7 +5,7 @@ * to command injection. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision low * @id cpp/command-line-injection * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql b/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql index 0b56e972320..bb38609927e 100644 --- a/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql +++ b/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql @@ -4,7 +4,7 @@ * allows for a cross-site scripting vulnerability. * @kind path-problem * @problem.severity error - * @security-severity 2.9 + * @security-severity 6.1 * @precision high * @id cpp/cgi-xss * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql b/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql index 1e4536f0942..a3f935170d7 100644 --- a/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql +++ b/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql @@ -5,7 +5,7 @@ * to SQL Injection. * @kind path-problem * @problem.severity error - * @security-severity 6.4 + * @security-severity 8.8 * @precision high * @id cpp/sql-injection * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql b/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql index 3aba72ed741..e75f62b0eb7 100644 --- a/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql +++ b/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql @@ -5,7 +5,7 @@ * commands. * @kind path-problem * @problem.severity warning - * @security-severity 6.0 + * @security-severity 8.2 * @precision medium * @id cpp/uncontrolled-process-operation * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql b/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql index c61498ac2e0..1c903081baf 100644 --- a/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql +++ b/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql @@ -6,7 +6,7 @@ * @kind problem * @id cpp/overflow-buffer * @problem.severity recommendation - * @security-severity 10.0 + * @security-severity 9.3 * @tags security * external/cwe/cwe-119 * external/cwe/cwe-121 diff --git a/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql b/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql index 01d8d8db4e2..247606c683d 100644 --- a/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql +++ b/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql @@ -5,7 +5,7 @@ * overflow. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.3 * @precision high * @id cpp/badly-bounded-write * @tags reliability diff --git a/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql b/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql index 6832561e10c..ac4144d1c6f 100644 --- a/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql +++ b/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql @@ -4,7 +4,7 @@ * of data written may overflow. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.3 * @precision medium * @id cpp/overrunning-write * @tags reliability diff --git a/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql b/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql index 73ef5e62fb2..27adab9b06c 100644 --- a/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql +++ b/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql @@ -5,7 +5,7 @@ * take extreme values. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.3 * @precision medium * @id cpp/overrunning-write-with-float * @tags reliability diff --git a/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql b/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql index 656b52b03bf..b9922da9c75 100644 --- a/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql +++ b/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql @@ -4,7 +4,7 @@ * of data written may overflow. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.3 * @precision medium * @id cpp/unbounded-write * @tags reliability diff --git a/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql b/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql index 3dacc443a74..842798102bd 100644 --- a/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql +++ b/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql @@ -5,7 +5,7 @@ * a specific value to terminate the argument list. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.8 * @precision medium * @id cpp/unterminated-variadic-call * @tags reliability diff --git a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql index 59498017b1f..0621def4d98 100644 --- a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql +++ b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql @@ -6,7 +6,7 @@ * @kind problem * @id cpp/unclear-array-index-validation * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.8 * @tags security * external/cwe/cwe-129 */ diff --git a/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql b/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql index b31213b09f3..1780c2a0199 100644 --- a/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql +++ b/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql @@ -5,7 +5,7 @@ * terminator can cause a buffer overrun. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id cpp/no-space-for-terminator * @tags reliability diff --git a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql index 0593679c3f5..f24510bba05 100644 --- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql +++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql @@ -5,7 +5,7 @@ * or data representation problems. * @kind path-problem * @problem.severity warning - * @security-severity 6.9 + * @security-severity 9.3 * @precision high * @id cpp/tainted-format-string * @tags reliability diff --git a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql index 67853b9e361..d2f5243d4a4 100644 --- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql +++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql @@ -5,7 +5,7 @@ * or data representation problems. * @kind path-problem * @problem.severity warning - * @security-severity 6.9 + * @security-severity 9.3 * @precision high * @id cpp/tainted-format-string-through-global * @tags reliability diff --git a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql index ad4d0389f0c..e3634734b5e 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql +++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql @@ -4,7 +4,7 @@ * not validated can cause overflows. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.6 * @precision low * @id cpp/tainted-arithmetic * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql index 359ac7a0d1a..fd486efdab0 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql +++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql @@ -4,7 +4,7 @@ * validated can cause overflows. * @kind path-problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.6 * @precision medium * @id cpp/uncontrolled-arithmetic * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql index 9addbab5c1c..35668953acc 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql +++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql @@ -6,7 +6,7 @@ * @kind problem * @id cpp/arithmetic-with-extreme-values * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.6 * @precision low * @tags security * reliability diff --git a/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql b/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql index 1ec3c6554fe..6636d100746 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql +++ b/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql @@ -5,7 +5,7 @@ * @id cpp/comparison-with-wider-type * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @precision high * @tags reliability * security diff --git a/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql b/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql index 7e4880ffca6..bc0dff58244 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql +++ b/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql @@ -5,7 +5,7 @@ * @kind problem * @id cpp/integer-overflow-tainted * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.1 * @precision low * @tags security * external/cwe/cwe-190 diff --git a/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql b/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql index 765a2519a38..585875798cc 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql +++ b/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql @@ -4,7 +4,7 @@ * user can result in integer overflow. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 8.1 * @precision medium * @id cpp/uncontrolled-allocation-size * @tags reliability diff --git a/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql b/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql index ddd7bf3430f..5be71472c92 100644 --- a/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql +++ b/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql @@ -4,7 +4,7 @@ * @kind problem * @id cpp/unsigned-difference-expression-compared-zero * @problem.severity warning - * @security-severity 5.9 + * @security-severity 9.8 * @precision medium * @tags security * correctness diff --git a/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql b/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql index bde1e265690..67ba5b0c45b 100644 --- a/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql +++ b/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql @@ -4,7 +4,7 @@ * @kind problem * @id cpp/hresult-boolean-conversion * @problem.severity error - * @security-severity 4.2 + * @security-severity 7.5 * @precision high * @tags security * external/cwe/cwe-253 diff --git a/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql b/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql index 7cdd5c34b8b..814c6aff21b 100644 --- a/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql +++ b/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql @@ -5,7 +5,7 @@ * vulnerable to spoofing attacks. * @kind path-problem * @problem.severity warning - * @security-severity 5.8 + * @security-severity 8.1 * @precision medium * @id cpp/user-controlled-bypass * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql b/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql index 6785700d077..696c5764fcd 100644 --- a/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql +++ b/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql @@ -4,7 +4,7 @@ * to an attacker. * @kind path-problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.5 * @precision medium * @id cpp/cleartext-storage-buffer * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql b/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql index fcf2a00435e..aa90ff9567c 100644 --- a/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql +++ b/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql @@ -4,7 +4,7 @@ * to an attacker. * @kind problem * @problem.severity warning - * @security-severity 6.4 + * @security-severity 7.5 * @precision medium * @id cpp/cleartext-storage-file * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql b/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql index ccb67f54d3a..bb9135a92ff 100644 --- a/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql +++ b/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql @@ -4,7 +4,7 @@ * database can expose it to an attacker. * @kind path-problem * @problem.severity warning - * @security-severity 6.4 + * @security-severity 7.5 * @precision medium * @id cpp/cleartext-storage-database * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql b/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql index 848adfd7adc..aef114bcc4e 100644 --- a/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql +++ b/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql @@ -4,7 +4,7 @@ * an attacker to compromise security. * @kind problem * @problem.severity error - * @security-severity 5.2 + * @security-severity 7.5 * @precision medium * @id cpp/weak-cryptographic-algorithm * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql b/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql index 5ee196994ac..38067ae200c 100644 --- a/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql +++ b/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql @@ -4,7 +4,7 @@ * attackers to retrieve portions of memory. * @kind problem * @problem.severity error - * @security-severity 5.2 + * @security-severity 7.5 * @precision very-high * @id cpp/openssl-heartbleed * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql b/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql index 7d19e323f2b..f5bed0bee64 100644 --- a/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql +++ b/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql @@ -5,7 +5,7 @@ * the two operations. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.7 * @precision medium * @id cpp/toctou-race-condition * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql b/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql index 73e0d8794ad..7c540e9d313 100644 --- a/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql +++ b/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql @@ -4,7 +4,7 @@ * @id cpp/unsafe-create-process-call * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.8 * @precision medium * @msrc.severity important * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql b/cpp/ql/src/Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql index 3d6c54e33ae..c6a797929bb 100644 --- a/cpp/ql/src/Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql +++ b/cpp/ql/src/Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql @@ -5,7 +5,7 @@ * state, and reading the variable may result in undefined behavior. * @kind problem * @problem.severity warning - * @security-severity 6.9 + * @security-severity 7.8 * @opaque-id SM02313 * @id cpp/conditionally-uninitialized-variable * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScaling.ql b/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScaling.ql index a582813ed5f..ce99ce1ebce 100644 --- a/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScaling.ql +++ b/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScaling.ql @@ -4,7 +4,7 @@ * can cause buffer overflow conditions. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.8 * @precision medium * @id cpp/suspicious-pointer-scaling * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingChar.ql b/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingChar.ql index c1bfb9c4ee9..5b7e3379929 100644 --- a/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingChar.ql +++ b/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingChar.ql @@ -5,7 +5,7 @@ * @kind problem * @id cpp/incorrect-pointer-scaling-char * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.8 * @precision low * @tags security * external/cwe/cwe-468 diff --git a/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql b/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql index aa267a25f4e..460c98bf1e3 100644 --- a/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql +++ b/cpp/ql/src/Security/CWE/CWE-468/IncorrectPointerScalingVoid.ql @@ -4,7 +4,7 @@ * can cause buffer overflow conditions. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.8 * @precision medium * @id cpp/suspicious-pointer-scaling-void * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql b/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql index 7532f7e9fcf..4ac00fc42c6 100644 --- a/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql +++ b/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql @@ -5,7 +5,7 @@ * implicitly scaled. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.8 * @precision high * @id cpp/suspicious-add-sizeof * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql b/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql index ead50c9620e..bbe3b0805e1 100644 --- a/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql +++ b/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql @@ -5,7 +5,7 @@ * attack plan. * @kind problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 6.5 * @precision medium * @id cpp/system-data-exposure * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql b/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql index 321684dc93c..65551a1f138 100644 --- a/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql +++ b/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql @@ -6,7 +6,7 @@ * @kind problem * @id cpp/incorrect-string-type-conversion * @problem.severity error - * @security-severity 5.9 + * @security-severity 8.8 * @precision high * @tags security * external/cwe/cwe-704 diff --git a/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql b/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql index 67dce658ed8..1fd55a02d01 100644 --- a/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql +++ b/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql @@ -3,7 +3,7 @@ * @description Creating a file that is world-writable can allow an attacker to write to the file. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @precision medium * @id cpp/world-writable-file-creation * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql b/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql index 72399cec376..bf673826347 100644 --- a/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql +++ b/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql @@ -7,7 +7,7 @@ * @id cpp/unsafe-dacl-security-descriptor * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.8 * @precision high * @tags security * external/cwe/cwe-732 diff --git a/cpp/ql/src/Security/CWE/CWE-764/LockOrderCycle.ql b/cpp/ql/src/Security/CWE/CWE-764/LockOrderCycle.ql index 2a0d765f239..cd5d8771807 100644 --- a/cpp/ql/src/Security/CWE/CWE-764/LockOrderCycle.ql +++ b/cpp/ql/src/Security/CWE/CWE-764/LockOrderCycle.ql @@ -5,7 +5,7 @@ * @kind problem * @id cpp/lock-order-cycle * @problem.severity error - * @security-severity 6.9 + * @security-severity 5.0 * @tags security * external/cwe/cwe-764 * external/cwe/cwe-833 diff --git a/cpp/ql/src/Security/CWE/CWE-764/TwiceLocked.ql b/cpp/ql/src/Security/CWE/CWE-764/TwiceLocked.ql index c32e747f3e4..051ad2eeeea 100644 --- a/cpp/ql/src/Security/CWE/CWE-764/TwiceLocked.ql +++ b/cpp/ql/src/Security/CWE/CWE-764/TwiceLocked.ql @@ -5,7 +5,7 @@ * @kind problem * @id cpp/twice-locked * @problem.severity error - * @security-severity 6.9 + * @security-severity 5.0 * @precision low * @tags security * external/cwe/cwe-764 diff --git a/cpp/ql/src/Security/CWE/CWE-764/UnreleasedLock.ql b/cpp/ql/src/Security/CWE/CWE-764/UnreleasedLock.ql index 8f3d9e92149..dd224352b12 100644 --- a/cpp/ql/src/Security/CWE/CWE-764/UnreleasedLock.ql +++ b/cpp/ql/src/Security/CWE/CWE-764/UnreleasedLock.ql @@ -5,7 +5,7 @@ * @kind problem * @id cpp/unreleased-lock * @problem.severity error - * @security-severity 6.9 + * @security-severity 5.0 * @precision low * @tags security * external/cwe/cwe-764 diff --git a/cpp/ql/src/Security/CWE/CWE-807/TaintedCondition.ql b/cpp/ql/src/Security/CWE/CWE-807/TaintedCondition.ql index 08a5ceb49db..64505ee8283 100644 --- a/cpp/ql/src/Security/CWE/CWE-807/TaintedCondition.ql +++ b/cpp/ql/src/Security/CWE/CWE-807/TaintedCondition.ql @@ -5,7 +5,7 @@ * attack. * @kind path-problem * @problem.severity warning - * @security-severity 6.4 + * @security-severity 7.5 * @precision medium * @id cpp/tainted-permissions-check * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql b/cpp/ql/src/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql index cd85179d14d..3db5e15874b 100644 --- a/cpp/ql/src/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql +++ b/cpp/ql/src/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql @@ -6,7 +6,7 @@ * @kind problem * @id cpp/infinite-loop-with-unsatisfiable-exit-condition * @problem.severity warning - * @security-severity 3.6 + * @security-severity 7.5 * @tags security * external/cwe/cwe-835 */ diff --git a/csharp/ql/src/Bad Practices/UseOfHtmlInputHidden.ql b/csharp/ql/src/Bad Practices/UseOfHtmlInputHidden.ql index 09ee699163f..47097fea753 100644 --- a/csharp/ql/src/Bad Practices/UseOfHtmlInputHidden.ql +++ b/csharp/ql/src/Bad Practices/UseOfHtmlInputHidden.ql @@ -3,7 +3,7 @@ * @description Finds uses of hidden fields on forms * @kind problem * @problem.severity recommendation - * @security-severity 6.4 + * @security-severity 7.5 * @precision medium * @id cs/web/html-hidden-input * @tags security diff --git a/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql b/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql index e7dee2143c1..9fe53d2cc90 100644 --- a/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql +++ b/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql @@ -3,7 +3,7 @@ * @description Finds empty passwords in configuration files. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @precision medium * @id cs/empty-password-in-configuration * @tags security diff --git a/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql b/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql index eb4756ea962..8e4dd77febd 100644 --- a/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql +++ b/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql @@ -3,7 +3,7 @@ * @description Finds passwords in configuration files. * @kind problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 7.5 * @precision medium * @id cs/password-in-configuration * @tags security diff --git a/csharp/ql/src/Input Validation/UseOfFileUpload.ql b/csharp/ql/src/Input Validation/UseOfFileUpload.ql index 4eb96e2c072..e936962ad51 100644 --- a/csharp/ql/src/Input Validation/UseOfFileUpload.ql +++ b/csharp/ql/src/Input Validation/UseOfFileUpload.ql @@ -3,7 +3,7 @@ * @description Finds uses of file upload * @kind problem * @problem.severity recommendation - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id cs/web/file-upload * @tags security diff --git a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql index 1ee9c4a2bfa..392c3e843d7 100644 --- a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql +++ b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql @@ -5,7 +5,7 @@ * but under some circumstances may also result in incorrect results. * @kind problem * @problem.severity warning - * @security-severity 6.9 + * @security-severity 7.0 * @precision medium * @id cs/thread-unsafe-icryptotransform-field-in-class * @tags concurrency diff --git a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql index 33f8a8ab47c..7787a1bd622 100644 --- a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql +++ b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql @@ -6,7 +6,7 @@ * but under some circumstances may also result in incorrect results. * @kind problem * @problem.severity warning - * @security-severity 6.9 + * @security-severity 7.0 * @precision medium * @id cs/thread-unsafe-icryptotransform-captured-in-lambda * @tags concurrency diff --git a/csharp/ql/src/Security Features/CWE-011/ASPNetDebug.ql b/csharp/ql/src/Security Features/CWE-011/ASPNetDebug.ql index c9b2112b488..3bccd9b0331 100644 --- a/csharp/ql/src/Security Features/CWE-011/ASPNetDebug.ql +++ b/csharp/ql/src/Security Features/CWE-011/ASPNetDebug.ql @@ -4,7 +4,7 @@ * debug builds provide additional information useful to a malicious attacker. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.5 * @precision very-high * @id cs/web/debug-binary * @tags security diff --git a/csharp/ql/src/Security Features/CWE-016/ASPNetMaxRequestLength.ql b/csharp/ql/src/Security Features/CWE-016/ASPNetMaxRequestLength.ql index 6c58c910089..5a527c96084 100644 --- a/csharp/ql/src/Security Features/CWE-016/ASPNetMaxRequestLength.ql +++ b/csharp/ql/src/Security Features/CWE-016/ASPNetMaxRequestLength.ql @@ -4,7 +4,7 @@ * denial-of-service attacks. * @kind problem * @problem.severity warning - * @security-severity 6.9 + * @security-severity 7.5 * @id cs/web/large-max-request-length * @tags security * frameworks/asp.net diff --git a/csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql b/csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql index 362b8a70ebe..f093a888446 100644 --- a/csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql +++ b/csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql @@ -3,7 +3,7 @@ * @description ASP.NET pages should not disable the built-in request validation. * @kind problem * @problem.severity warning - * @security-severity 6.9 + * @security-severity 7.5 * @id cs/web/request-validation-disabled * @tags security * frameworks/asp.net diff --git a/csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.ql b/csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.ql index a270a5928bb..dd9ed5218ff 100644 --- a/csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.ql +++ b/csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.ql @@ -6,7 +6,7 @@ * @kind problem * @id cs/insecure-request-validation-mode * @problem.severity warning - * @security-severity 6.9 + * @security-severity 7.5 * @tags security * external/cwe/cwe-016 */ diff --git a/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql b/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql index cda257234ab..6148f0f6ae9 100644 --- a/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql +++ b/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql @@ -4,7 +4,7 @@ * @kind problem * @id cs/serialization-check-bypass * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @precision medium * @tags security * external/cwe/cwe-20 diff --git a/csharp/ql/src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql b/csharp/ql/src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql index c378e31d8aa..ca21947ee9b 100644 --- a/csharp/ql/src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql +++ b/csharp/ql/src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql @@ -5,7 +5,7 @@ * @kind path-problem * @precision low * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.8 * @tags security external/cwe/cwe-20 */ diff --git a/csharp/ql/src/Security Features/CWE-022/TaintedPath.ql b/csharp/ql/src/Security Features/CWE-022/TaintedPath.ql index bf75ab47904..b3659df1617 100644 --- a/csharp/ql/src/Security Features/CWE-022/TaintedPath.ql +++ b/csharp/ql/src/Security Features/CWE-022/TaintedPath.ql @@ -3,7 +3,7 @@ * @description Accessing paths influenced by users can allow an attacker to access unexpected resources. * @kind path-problem * @problem.severity error - * @security-severity 6.4 + * @security-severity 7.5 * @precision high * @id cs/path-injection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-022/ZipSlip.ql b/csharp/ql/src/Security Features/CWE-022/ZipSlip.ql index 5f6855701ed..4203f94cb33 100644 --- a/csharp/ql/src/Security Features/CWE-022/ZipSlip.ql +++ b/csharp/ql/src/Security Features/CWE-022/ZipSlip.ql @@ -6,7 +6,7 @@ * @kind path-problem * @id cs/zipslip * @problem.severity error - * @security-severity 6.4 + * @security-severity 7.5 * @precision high * @tags security * external/cwe/cwe-022 diff --git a/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql b/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql index 7056d3222f2..f66f86f290e 100644 --- a/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql +++ b/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql @@ -4,7 +4,7 @@ * user to change the meaning of the command. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id cs/command-line-injection * @tags correctness diff --git a/csharp/ql/src/Security Features/CWE-078/StoredCommandInjection.ql b/csharp/ql/src/Security Features/CWE-078/StoredCommandInjection.ql index b8264b4d8a1..b15dd866e72 100644 --- a/csharp/ql/src/Security Features/CWE-078/StoredCommandInjection.ql +++ b/csharp/ql/src/Security Features/CWE-078/StoredCommandInjection.ql @@ -4,7 +4,7 @@ * user to change the meaning of the command. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision medium * @id cs/stored-command-line-injection * @tags correctness diff --git a/csharp/ql/src/Security Features/CWE-079/StoredXSS.ql b/csharp/ql/src/Security Features/CWE-079/StoredXSS.ql index fcf10553a6a..548e72dbd56 100644 --- a/csharp/ql/src/Security Features/CWE-079/StoredXSS.ql +++ b/csharp/ql/src/Security Features/CWE-079/StoredXSS.ql @@ -4,7 +4,7 @@ * scripting vulnerability if the data was originally user-provided. * @kind path-problem * @problem.severity error - * @security-severity 2.9 + * @security-severity 6.1 * @precision medium * @id cs/web/stored-xss * @tags security diff --git a/csharp/ql/src/Security Features/CWE-079/XSS.ql b/csharp/ql/src/Security Features/CWE-079/XSS.ql index d58a7828a6f..34a7ea87a72 100644 --- a/csharp/ql/src/Security Features/CWE-079/XSS.ql +++ b/csharp/ql/src/Security Features/CWE-079/XSS.ql @@ -4,7 +4,7 @@ * allows for a cross-site scripting vulnerability. * @kind path-problem * @problem.severity error - * @security-severity 2.9 + * @security-severity 6.1 * @precision high * @id cs/web/xss * @tags security diff --git a/csharp/ql/src/Security Features/CWE-089/SecondOrderSqlInjection.ql b/csharp/ql/src/Security Features/CWE-089/SecondOrderSqlInjection.ql index fde86253edc..7b9bfef0ef9 100644 --- a/csharp/ql/src/Security Features/CWE-089/SecondOrderSqlInjection.ql +++ b/csharp/ql/src/Security Features/CWE-089/SecondOrderSqlInjection.ql @@ -4,7 +4,7 @@ * of malicious SQL code by the user. * @kind path-problem * @problem.severity error - * @security-severity 6.4 + * @security-severity 8.8 * @precision medium * @id cs/second-order-sql-injection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-089/SqlInjection.ql b/csharp/ql/src/Security Features/CWE-089/SqlInjection.ql index 456e36db36e..e818eaeb0af 100644 --- a/csharp/ql/src/Security Features/CWE-089/SqlInjection.ql +++ b/csharp/ql/src/Security Features/CWE-089/SqlInjection.ql @@ -4,7 +4,7 @@ * malicious SQL code by the user. * @kind path-problem * @problem.severity error - * @security-severity 6.4 + * @security-severity 8.8 * @precision high * @id cs/sql-injection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-090/LDAPInjection.ql b/csharp/ql/src/Security Features/CWE-090/LDAPInjection.ql index e0e667ed8da..4878b449eb8 100644 --- a/csharp/ql/src/Security Features/CWE-090/LDAPInjection.ql +++ b/csharp/ql/src/Security Features/CWE-090/LDAPInjection.ql @@ -4,7 +4,7 @@ * malicious LDAP code by the user. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id cs/ldap-injection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-090/StoredLDAPInjection.ql b/csharp/ql/src/Security Features/CWE-090/StoredLDAPInjection.ql index 0c705fbce33..c2791b8f2b1 100644 --- a/csharp/ql/src/Security Features/CWE-090/StoredLDAPInjection.ql +++ b/csharp/ql/src/Security Features/CWE-090/StoredLDAPInjection.ql @@ -4,7 +4,7 @@ * insertion of malicious LDAP code by the user. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision medium * @id cs/stored-ldap-injection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql b/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql index 4e2548895ad..1ad4fad9e41 100644 --- a/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql +++ b/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql @@ -5,7 +5,7 @@ * @kind problem * @id cs/xml-injection * @problem.severity error - * @security-severity 5.9 + * @security-severity 8.8 * @precision high * @tags security * external/cwe/cwe-091 diff --git a/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql b/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql index 8c711400d61..2d85c9aabbc 100644 --- a/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql +++ b/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql @@ -4,7 +4,7 @@ * malicious code. * @kind path-problem * @problem.severity error - * @security-severity 10.0 + * @security-severity 9.3 * @precision high * @id cs/code-injection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-099/ResourceInjection.ql b/csharp/ql/src/Security Features/CWE-099/ResourceInjection.ql index ca32d21b3cb..dee11139a58 100644 --- a/csharp/ql/src/Security Features/CWE-099/ResourceInjection.ql +++ b/csharp/ql/src/Security Features/CWE-099/ResourceInjection.ql @@ -4,7 +4,7 @@ * malicious user providing an unintended resource. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id cs/resource-injection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-112/MissingXMLValidation.ql b/csharp/ql/src/Security Features/CWE-112/MissingXMLValidation.ql index b13d357980b..24716639aa5 100644 --- a/csharp/ql/src/Security Features/CWE-112/MissingXMLValidation.ql +++ b/csharp/ql/src/Security Features/CWE-112/MissingXMLValidation.ql @@ -4,7 +4,7 @@ * schema. * @kind path-problem * @problem.severity recommendation - * @security-severity 3.6 + * @security-severity 4.3 * @precision high * @id cs/xml/missing-validation * @tags security diff --git a/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql b/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql index 54b578d3072..9c3b9b21bac 100644 --- a/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql +++ b/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql @@ -6,7 +6,7 @@ * @kind problem * @id cs/assembly-path-injection * @problem.severity error - * @security-severity 6.0 + * @security-severity 8.2 * @precision high * @tags security * external/cwe/cwe-114 diff --git a/csharp/ql/src/Security Features/CWE-117/LogForging.ql b/csharp/ql/src/Security Features/CWE-117/LogForging.ql index b7642d4e15a..4c31a02c86e 100644 --- a/csharp/ql/src/Security Features/CWE-117/LogForging.ql +++ b/csharp/ql/src/Security Features/CWE-117/LogForging.ql @@ -4,7 +4,7 @@ * insertion of forged log entries by a malicious user. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.8 * @precision high * @id cs/log-forging * @tags security diff --git a/csharp/ql/src/Security Features/CWE-119/LocalUnvalidatedArithmetic.ql b/csharp/ql/src/Security Features/CWE-119/LocalUnvalidatedArithmetic.ql index 263429e6995..57d6e500134 100644 --- a/csharp/ql/src/Security Features/CWE-119/LocalUnvalidatedArithmetic.ql +++ b/csharp/ql/src/Security Features/CWE-119/LocalUnvalidatedArithmetic.ql @@ -5,7 +5,7 @@ * to return any value. * @kind problem * @problem.severity warning - * @security-severity 10.0 + * @security-severity 9.3 * @precision high * @id cs/unvalidated-local-pointer-arithmetic * @tags security diff --git a/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql b/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql index 7494412e3b3..d079c4f9ac9 100644 --- a/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql +++ b/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql @@ -4,7 +4,7 @@ * and cause a denial of service. * @kind path-problem * @problem.severity error - * @security-severity 6.9 + * @security-severity 9.3 * @precision high * @id cs/uncontrolled-format-string * @tags security diff --git a/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql b/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql index fa40db533d5..ed3e5da0b1f 100644 --- a/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql +++ b/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql @@ -3,7 +3,7 @@ * @description Transmitting sensitive information to the user is a potential security risk. * @kind path-problem * @problem.severity error - * @security-severity 1.4 + * @security-severity 4.3 * @precision high * @id cs/sensitive-data-transmission * @tags security diff --git a/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql b/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql index 23e72e4e5e9..34f45c0c64e 100644 --- a/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql +++ b/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql @@ -5,7 +5,7 @@ * developing a subsequent exploit. * @kind path-problem * @problem.severity error - * @security-severity 3.6 + * @security-severity 5.4 * @precision high * @id cs/information-exposure-through-exception * @tags security diff --git a/csharp/ql/src/Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql b/csharp/ql/src/Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql index 323630d0c4e..416608b9115 100644 --- a/csharp/ql/src/Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql +++ b/csharp/ql/src/Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql @@ -4,7 +4,7 @@ * a global error handler, otherwise they may leak exception information. * @kind problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 7.5 * @precision high * @id cs/web/missing-global-error-handler * @tags security diff --git a/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql b/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql index b19ca4ff1bd..6e957788776 100644 --- a/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql +++ b/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql @@ -4,7 +4,7 @@ * attacker. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.5 * @precision high * @id cs/cleartext-storage-of-sensitive-information * @tags security diff --git a/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql b/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql index ff244adee95..20298cac6f7 100644 --- a/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql +++ b/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql @@ -4,7 +4,7 @@ * @kind problem * @id cs/hardcoded-key * @problem.severity error - * @security-severity 5.9 + * @security-severity 8.1 * @tags security * external/cwe/cwe-320 */ diff --git a/csharp/ql/src/Security Features/CWE-321/HardcodedSymmetricEncryptionKey.ql b/csharp/ql/src/Security Features/CWE-321/HardcodedSymmetricEncryptionKey.ql index 2cabc38aa8b..4de91b9a214 100644 --- a/csharp/ql/src/Security Features/CWE-321/HardcodedSymmetricEncryptionKey.ql +++ b/csharp/ql/src/Security Features/CWE-321/HardcodedSymmetricEncryptionKey.ql @@ -4,7 +4,7 @@ * @kind path-problem * @id cs/hard-coded-symmetric-encryption-key * @problem.severity error - * @security-severity 3.6 + * @security-severity 7.5 * @tags security * external/cwe/cwe-321 */ diff --git a/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql b/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql index a843008e582..a4f4d63d6ee 100644 --- a/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql +++ b/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql @@ -5,7 +5,7 @@ * @kind path-problem * @id cs/adding-cert-to-root-store * @problem.severity error - * @security-severity 5.2 + * @security-severity 7.5 * @tags security * external/cwe/cwe-327 */ diff --git a/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql b/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql index a16358b1f90..fd4a37f7ee3 100644 --- a/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql +++ b/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql @@ -4,7 +4,7 @@ * @kind path-problem * @id cs/insecure-sql-connection * @problem.severity error - * @security-severity 5.2 + * @security-severity 7.5 * @precision medium * @tags security * external/cwe/cwe-327 diff --git a/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql b/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql index fb40413716f..e50566d6ca9 100644 --- a/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql +++ b/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql @@ -4,7 +4,7 @@ * allows a malicious attacker to submit a request on behalf of the user. * @kind problem * @problem.severity error - * @security-severity 6.4 + * @security-severity 8.8 * @precision high * @id cs/web/missing-token-validation * @tags security diff --git a/csharp/ql/src/Security Features/CWE-359/ExposureOfPrivateInformation.ql b/csharp/ql/src/Security Features/CWE-359/ExposureOfPrivateInformation.ql index 20323b66bb9..de509e38a3c 100644 --- a/csharp/ql/src/Security Features/CWE-359/ExposureOfPrivateInformation.ql +++ b/csharp/ql/src/Security Features/CWE-359/ExposureOfPrivateInformation.ql @@ -4,7 +4,7 @@ * unauthorized persons. * @kind path-problem * @problem.severity error - * @security-severity 3.6 + * @security-severity 6.5 * @precision high * @id cs/exposure-of-sensitive-information * @tags security diff --git a/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql b/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql index 75daa5fc10c..87dab081188 100644 --- a/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql +++ b/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql @@ -5,7 +5,7 @@ * their session. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 8.8 * @precision high * @id cs/session-reuse * @tags security diff --git a/csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.ql b/csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.ql index 87757be5400..67f3ae1d7b8 100644 --- a/csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.ql +++ b/csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.ql @@ -4,7 +4,7 @@ * overlay their own UI on top of the site by using an iframe. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.5 * @precision high * @id cs/web/missing-x-frame-options * @tags security diff --git a/csharp/ql/src/Security Features/CWE-502/DeserializedDelegate.ql b/csharp/ql/src/Security Features/CWE-502/DeserializedDelegate.ql index 76035d9fcba..c0d0d7ad00b 100644 --- a/csharp/ql/src/Security Features/CWE-502/DeserializedDelegate.ql +++ b/csharp/ql/src/Security Features/CWE-502/DeserializedDelegate.ql @@ -5,7 +5,7 @@ * @kind problem * @id cs/deserialized-delegate * @problem.severity warning - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @tags security * external/cwe/cwe-502 diff --git a/csharp/ql/src/Security Features/CWE-502/UnsafeDeserialization.ql b/csharp/ql/src/Security Features/CWE-502/UnsafeDeserialization.ql index 338347c0887..68c4822544d 100644 --- a/csharp/ql/src/Security Features/CWE-502/UnsafeDeserialization.ql +++ b/csharp/ql/src/Security Features/CWE-502/UnsafeDeserialization.ql @@ -5,7 +5,7 @@ * @kind problem * @id cs/unsafe-deserialization * @problem.severity warning - * @security-severity 5.9 + * @security-severity 9.8 * @precision low * @tags security * external/cwe/cwe-502 diff --git a/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql b/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql index 32981563ab6..949daa4986c 100644 --- a/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql +++ b/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql @@ -5,7 +5,7 @@ * @kind path-problem * @id cs/unsafe-deserialization-untrusted-input * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @tags security * external/cwe/cwe-502 diff --git a/csharp/ql/src/Security Features/CWE-548/ASPNetDirectoryListing.ql b/csharp/ql/src/Security Features/CWE-548/ASPNetDirectoryListing.ql index 82532ed40e0..9416fa32f0a 100644 --- a/csharp/ql/src/Security Features/CWE-548/ASPNetDirectoryListing.ql +++ b/csharp/ql/src/Security Features/CWE-548/ASPNetDirectoryListing.ql @@ -3,7 +3,7 @@ * @description Directory browsing should not be enabled in production as it can leak sensitive information. * @kind problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 6.5 * @precision very-high * @id cs/web/directory-browse-enabled * @tags security diff --git a/csharp/ql/src/Security Features/CWE-601/UrlRedirect.ql b/csharp/ql/src/Security Features/CWE-601/UrlRedirect.ql index 37594e7cf72..18aaed307b5 100644 --- a/csharp/ql/src/Security Features/CWE-601/UrlRedirect.ql +++ b/csharp/ql/src/Security Features/CWE-601/UrlRedirect.ql @@ -4,7 +4,7 @@ * may cause redirection to malicious web sites. * @kind path-problem * @problem.severity error - * @security-severity 2.7 + * @security-severity 6.1 * @precision high * @id cs/web/unvalidated-url-redirection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-611/UntrustedDataInsecureXml.ql b/csharp/ql/src/Security Features/CWE-611/UntrustedDataInsecureXml.ql index 2b37eb33390..29bd2386316 100644 --- a/csharp/ql/src/Security Features/CWE-611/UntrustedDataInsecureXml.ql +++ b/csharp/ql/src/Security Features/CWE-611/UntrustedDataInsecureXml.ql @@ -3,7 +3,7 @@ * @description Untrusted XML is read with an insecure resolver and DTD processing enabled. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.1 * @precision high * @id cs/xml/insecure-dtd-handling * @tags security diff --git a/csharp/ql/src/Security Features/CWE-611/UseXmlSecureResolver.ql b/csharp/ql/src/Security Features/CWE-611/UseXmlSecureResolver.ql index 1073c873d8c..afda204d115 100644 --- a/csharp/ql/src/Security Features/CWE-611/UseXmlSecureResolver.ql +++ b/csharp/ql/src/Security Features/CWE-611/UseXmlSecureResolver.ql @@ -4,7 +4,7 @@ * be restricted using a secure resolver or disabling DTD processing. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 9.1 * @precision low * @id cs/insecure-xml-read * @tags security diff --git a/csharp/ql/src/Security Features/CWE-614/RequireSSL.ql b/csharp/ql/src/Security Features/CWE-614/RequireSSL.ql index 49dd6e52e13..3e5e64ca22e 100644 --- a/csharp/ql/src/Security Features/CWE-614/RequireSSL.ql +++ b/csharp/ql/src/Security Features/CWE-614/RequireSSL.ql @@ -5,7 +5,7 @@ * is used at all times. * @kind problem * @problem.severity error - * @security-severity 5.2 + * @security-severity 7.5 * @precision high * @id cs/web/requiressl-not-set * @tags security diff --git a/csharp/ql/src/Security Features/CWE-643/StoredXPathInjection.ql b/csharp/ql/src/Security Features/CWE-643/StoredXPathInjection.ql index 5d3ee1db4e7..c63ed490d09 100644 --- a/csharp/ql/src/Security Features/CWE-643/StoredXPathInjection.ql +++ b/csharp/ql/src/Security Features/CWE-643/StoredXPathInjection.ql @@ -4,7 +4,7 @@ * user is vulnerable to insertion of malicious code by the user. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision medium * @id cs/xml/stored-xpath-injection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-643/XPathInjection.ql b/csharp/ql/src/Security Features/CWE-643/XPathInjection.ql index a158ccfab69..15a5cf11be9 100644 --- a/csharp/ql/src/Security Features/CWE-643/XPathInjection.ql +++ b/csharp/ql/src/Security Features/CWE-643/XPathInjection.ql @@ -4,7 +4,7 @@ * malicious code by the user. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id cs/xml/xpath-injection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-730/ReDoS.ql b/csharp/ql/src/Security Features/CWE-730/ReDoS.ql index 79ade61af90..7a933dc18bd 100644 --- a/csharp/ql/src/Security Features/CWE-730/ReDoS.ql +++ b/csharp/ql/src/Security Features/CWE-730/ReDoS.ql @@ -4,7 +4,7 @@ * exponential time on certain input. * @kind path-problem * @problem.severity error - * @security-severity 3.6 + * @security-severity 7.5 * @precision high * @id cs/redos * @tags security diff --git a/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql b/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql index 5aca2ad9c49..e358e59b612 100644 --- a/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql +++ b/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql @@ -5,7 +5,7 @@ * exponential time on certain inputs. * @kind path-problem * @problem.severity error - * @security-severity 3.6 + * @security-severity 7.5 * @precision high * @id cs/regex-injection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql b/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql index 0aa5f9026d1..697ce99d127 100644 --- a/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql +++ b/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql @@ -3,7 +3,7 @@ * @description Credentials are hard-coded in a connection string in the source code of the application. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id cs/hardcoded-connection-string-credentials * @tags security diff --git a/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql b/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql index 7b183189921..34961ac0953 100644 --- a/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql +++ b/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql @@ -3,7 +3,7 @@ * @description Credentials are hard coded in the source code of the application. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id cs/hardcoded-credentials * @tags security diff --git a/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql b/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql index 3922c262031..9069c77b603 100644 --- a/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql +++ b/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql @@ -4,7 +4,7 @@ * passing through authentication systems. * @kind path-problem * @problem.severity error - * @security-severity 6.4 + * @security-severity 7.5 * @precision high * @id cs/user-controlled-bypass * @tags security diff --git a/csharp/ql/src/Security Features/CWE-838/InappropriateEncoding.ql b/csharp/ql/src/Security Features/CWE-838/InappropriateEncoding.ql index 8b8bd478031..75982a02943 100644 --- a/csharp/ql/src/Security Features/CWE-838/InappropriateEncoding.ql +++ b/csharp/ql/src/Security Features/CWE-838/InappropriateEncoding.ql @@ -4,7 +4,7 @@ * pose a security risk. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.8 * @precision low * @id cs/inappropriate-encoding * @tags security diff --git a/csharp/ql/src/Security Features/CookieWithOverlyBroadDomain.ql b/csharp/ql/src/Security Features/CookieWithOverlyBroadDomain.ql index 472a87441ed..ca59bd42bdc 100644 --- a/csharp/ql/src/Security Features/CookieWithOverlyBroadDomain.ql +++ b/csharp/ql/src/Security Features/CookieWithOverlyBroadDomain.ql @@ -3,7 +3,7 @@ * @description Finds cookies with an overly broad domain. * @kind problem * @problem.severity warning - * @security-severity 6.4 + * @security-severity 9.3 * @precision high * @id cs/web/broad-cookie-domain * @tags security diff --git a/csharp/ql/src/Security Features/CookieWithOverlyBroadPath.ql b/csharp/ql/src/Security Features/CookieWithOverlyBroadPath.ql index ec6953f72e1..bfb2f24f360 100644 --- a/csharp/ql/src/Security Features/CookieWithOverlyBroadPath.ql +++ b/csharp/ql/src/Security Features/CookieWithOverlyBroadPath.ql @@ -3,7 +3,7 @@ * @description Finds cookies with an overly broad path. * @kind problem * @problem.severity warning - * @security-severity 6.4 + * @security-severity 9.3 * @precision high * @id cs/web/broad-cookie-path * @tags security diff --git a/csharp/ql/src/Security Features/Encryption using ECB.ql b/csharp/ql/src/Security Features/Encryption using ECB.ql index 72c63b9c565..ec9719aa781 100644 --- a/csharp/ql/src/Security Features/Encryption using ECB.ql +++ b/csharp/ql/src/Security Features/Encryption using ECB.ql @@ -3,7 +3,7 @@ * @description Highlights uses of the encryption mode 'CipherMode.ECB'. This mode should normally not be used because it is vulnerable to replay attacks. * @kind problem * @problem.severity warning - * @security-severity 5.2 + * @security-severity 7.5 * @precision high * @id cs/ecb-encryption * @tags security diff --git a/csharp/ql/src/Security Features/HeaderCheckingDisabled.ql b/csharp/ql/src/Security Features/HeaderCheckingDisabled.ql index 94d01609100..631b408a5a3 100644 --- a/csharp/ql/src/Security Features/HeaderCheckingDisabled.ql +++ b/csharp/ql/src/Security Features/HeaderCheckingDisabled.ql @@ -3,7 +3,7 @@ * @description Finds places where header checking is disabled. * @kind problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 6.1 * @precision high * @id cs/web/disabled-header-checking * @tags security diff --git a/csharp/ql/src/Security Features/InadequateRSAPadding.ql b/csharp/ql/src/Security Features/InadequateRSAPadding.ql index ddeb9b370f6..2968b39b6b3 100644 --- a/csharp/ql/src/Security Features/InadequateRSAPadding.ql +++ b/csharp/ql/src/Security Features/InadequateRSAPadding.ql @@ -3,7 +3,7 @@ * @description Finds uses of RSA encryption with inadequate padding. * @kind problem * @problem.severity warning - * @security-severity 5.2 + * @security-severity 7.5 * @precision high * @id cs/inadequate-rsa-padding * @tags security diff --git a/csharp/ql/src/Security Features/InsecureRandomness.ql b/csharp/ql/src/Security Features/InsecureRandomness.ql index 434f8c287f2..b618bff07a5 100644 --- a/csharp/ql/src/Security Features/InsecureRandomness.ql +++ b/csharp/ql/src/Security Features/InsecureRandomness.ql @@ -5,7 +5,7 @@ * be generated. * @kind path-problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @precision high * @id cs/insecure-randomness * @tags security diff --git a/csharp/ql/src/Security Features/InsufficientKeySize.ql b/csharp/ql/src/Security Features/InsufficientKeySize.ql index 70caea4b179..9829d1dcf4d 100644 --- a/csharp/ql/src/Security Features/InsufficientKeySize.ql +++ b/csharp/ql/src/Security Features/InsufficientKeySize.ql @@ -3,7 +3,7 @@ * @description Finds uses of encryption algorithms with too small a key size * @kind problem * @problem.severity warning - * @security-severity 5.2 + * @security-severity 7.5 * @precision high * @id cs/insufficient-key-size * @tags security diff --git a/csharp/ql/src/Security Features/PersistentCookie.ql b/csharp/ql/src/Security Features/PersistentCookie.ql index c7041cb7a36..be99e63b906 100644 --- a/csharp/ql/src/Security Features/PersistentCookie.ql +++ b/csharp/ql/src/Security Features/PersistentCookie.ql @@ -3,7 +3,7 @@ * @description Persistent cookies are vulnerable to attacks. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.2 * @precision high * @id cs/web/persistent-cookie * @tags security diff --git a/csharp/ql/src/Security Features/WeakEncryption.ql b/csharp/ql/src/Security Features/WeakEncryption.ql index b6d543d6de7..9bf7fae7356 100644 --- a/csharp/ql/src/Security Features/WeakEncryption.ql +++ b/csharp/ql/src/Security Features/WeakEncryption.ql @@ -3,7 +3,7 @@ * @description Finds uses of encryption algorithms that are weak and obsolete * @kind problem * @problem.severity warning - * @security-severity 5.2 + * @security-severity 7.5 * @precision high * @id cs/weak-encryption * @tags security diff --git a/java/ql/src/Frameworks/JavaEE/EJB/EjbContainerInterference.ql b/java/ql/src/Frameworks/JavaEE/EJB/EjbContainerInterference.ql index 6b08a14c244..cbd74a838f3 100644 --- a/java/ql/src/Frameworks/JavaEE/EJB/EjbContainerInterference.ql +++ b/java/ql/src/Frameworks/JavaEE/EJB/EjbContainerInterference.ql @@ -7,7 +7,7 @@ * Such operations could interfere with the EJB container's operation. * @kind problem * @problem.severity error - * @security-severity 4.9 + * @security-severity 5.8 * @precision low * @id java/ejb/container-interference * @tags reliability diff --git a/java/ql/src/Frameworks/JavaEE/EJB/EjbFileIO.ql b/java/ql/src/Frameworks/JavaEE/EJB/EjbFileIO.ql index 62b2d5f48ec..ec406ac3171 100644 --- a/java/ql/src/Frameworks/JavaEE/EJB/EjbFileIO.ql +++ b/java/ql/src/Frameworks/JavaEE/EJB/EjbFileIO.ql @@ -5,7 +5,7 @@ * for enterprise components. * @kind problem * @problem.severity error - * @security-severity 4.9 + * @security-severity 5.8 * @precision low * @id java/ejb/file-io * @tags reliability diff --git a/java/ql/src/Frameworks/JavaEE/EJB/EjbNative.ql b/java/ql/src/Frameworks/JavaEE/EJB/EjbNative.ql index 787ae9a72c5..bbc57fca5e9 100644 --- a/java/ql/src/Frameworks/JavaEE/EJB/EjbNative.ql +++ b/java/ql/src/Frameworks/JavaEE/EJB/EjbNative.ql @@ -4,7 +4,7 @@ * Such use could compromise security and system stability. * @kind problem * @problem.severity error - * @security-severity 4.9 + * @security-severity 5.8 * @precision low * @id java/ejb/native-code * @tags reliability diff --git a/java/ql/src/Frameworks/JavaEE/EJB/EjbReflection.ql b/java/ql/src/Frameworks/JavaEE/EJB/EjbReflection.ql index 4e6eea2cbf1..7bc062209df 100644 --- a/java/ql/src/Frameworks/JavaEE/EJB/EjbReflection.ql +++ b/java/ql/src/Frameworks/JavaEE/EJB/EjbReflection.ql @@ -4,7 +4,7 @@ * as this could compromise security. * @kind problem * @problem.severity error - * @security-severity 4.9 + * @security-severity 5.8 * @precision low * @id java/ejb/reflection * @tags external/cwe/cwe-573 diff --git a/java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.ql b/java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.ql index 4efde8d82bf..ea8a7087d26 100644 --- a/java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.ql +++ b/java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.ql @@ -5,7 +5,7 @@ * This functionality is reserved for the EJB container for security reasons. * @kind problem * @problem.severity error - * @security-severity 4.9 + * @security-severity 5.8 * @precision low * @id java/ejb/security-configuration-access * @tags external/cwe/cwe-573 diff --git a/java/ql/src/Frameworks/JavaEE/EJB/EjbSerialization.ql b/java/ql/src/Frameworks/JavaEE/EJB/EjbSerialization.ql index 02c493c7a70..7de0a0f8aed 100644 --- a/java/ql/src/Frameworks/JavaEE/EJB/EjbSerialization.ql +++ b/java/ql/src/Frameworks/JavaEE/EJB/EjbSerialization.ql @@ -4,7 +4,7 @@ * the Java serialization protocol, since their use could compromise security. * @kind problem * @problem.severity error - * @security-severity 4.9 + * @security-severity 5.8 * @precision low * @id java/ejb/substitution-in-serialization * @tags external/cwe/cwe-573 diff --git a/java/ql/src/Frameworks/JavaEE/EJB/EjbSetSocketOrUrlFactory.ql b/java/ql/src/Frameworks/JavaEE/EJB/EjbSetSocketOrUrlFactory.ql index 8011b3c1d22..e8b898b00cc 100644 --- a/java/ql/src/Frameworks/JavaEE/EJB/EjbSetSocketOrUrlFactory.ql +++ b/java/ql/src/Frameworks/JavaEE/EJB/EjbSetSocketOrUrlFactory.ql @@ -5,7 +5,7 @@ * compromise security or interfere with the EJB container's operation. * @kind problem * @problem.severity error - * @security-severity 4.9 + * @security-severity 5.8 * @precision low * @id java/ejb/socket-or-stream-handler-factory * @tags reliability diff --git a/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql b/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql index 52bb9f04289..29b60cae012 100644 --- a/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql +++ b/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql @@ -5,7 +5,7 @@ * numeric errors such as overflows. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.1 * @precision very-high * @id java/implicit-cast-in-compound-assignment * @tags reliability diff --git a/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql b/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql index fb1a44b2222..f2b78dcaf18 100644 --- a/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql +++ b/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql @@ -4,7 +4,7 @@ * guarantee an evenly distributed sequence of random numbers. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 9.8 * @precision medium * @id java/random-used-once * @tags reliability diff --git a/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql b/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql index 4a3fc548085..10a054f4106 100644 --- a/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql +++ b/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql @@ -4,7 +4,7 @@ * may cause a deadlock. * @kind problem * @problem.severity error - * @security-severity 6.9 + * @security-severity 5.0 * @precision medium * @id java/unreleased-lock * @tags reliability diff --git a/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql b/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql index bf2e3f06f26..63c66ffa9d0 100644 --- a/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql +++ b/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql @@ -5,7 +5,7 @@ * @kind path-problem * @precision low * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.8 * @tags security external/cwe/cwe-20 */ diff --git a/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql b/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql index ac3ec8664a2..adb51f751b4 100644 --- a/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql +++ b/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql @@ -3,7 +3,7 @@ * @description Accessing paths influenced by users can allow an attacker to access unexpected resources. * @kind path-problem * @problem.severity error - * @security-severity 6.4 + * @security-severity 7.5 * @precision high * @id java/path-injection * @tags security diff --git a/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql b/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql index 90b77661500..ebd9c4f079d 100644 --- a/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql +++ b/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql @@ -3,7 +3,7 @@ * @description Accessing paths influenced by users can allow an attacker to access unexpected resources. * @kind path-problem * @problem.severity recommendation - * @security-severity 6.4 + * @security-severity 7.5 * @precision medium * @id java/path-injection-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql b/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql index 1a70b273d84..a7c15a82b87 100644 --- a/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql +++ b/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql @@ -6,7 +6,7 @@ * @kind path-problem * @id java/zipslip * @problem.severity error - * @security-severity 6.4 + * @security-severity 7.5 * @precision high * @tags security * external/cwe/cwe-022 diff --git a/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql b/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql index f7d844f225a..501826c6426 100644 --- a/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql +++ b/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql @@ -4,7 +4,7 @@ * malicious changes in the PATH environment variable. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 9.8 * @precision medium * @id java/relative-path-command * @tags security diff --git a/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql b/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql index fc409bcfd5a..e95d81dcf06 100644 --- a/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql +++ b/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql @@ -4,7 +4,7 @@ * changes in the strings. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id java/command-line-injection * @tags security diff --git a/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql b/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql index c98a45a06d8..febd020db46 100644 --- a/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql +++ b/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql @@ -4,7 +4,7 @@ * changes in the strings. * @kind path-problem * @problem.severity recommendation - * @security-severity 5.9 + * @security-severity 9.8 * @precision medium * @id java/command-line-injection-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql b/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql index a3b88b40ae7..d250b242c05 100644 --- a/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql +++ b/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql @@ -4,7 +4,7 @@ * insertion of special characters in the strings. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id java/concatenated-command-line * @tags security diff --git a/java/ql/src/Security/CWE/CWE-079/XSS.ql b/java/ql/src/Security/CWE/CWE-079/XSS.ql index d864d24a95e..f1f8a5afa9b 100644 --- a/java/ql/src/Security/CWE/CWE-079/XSS.ql +++ b/java/ql/src/Security/CWE/CWE-079/XSS.ql @@ -4,7 +4,7 @@ * allows for a cross-site scripting vulnerability. * @kind path-problem * @problem.severity error - * @security-severity 2.9 + * @security-severity 6.1 * @precision high * @id java/xss * @tags security diff --git a/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql b/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql index 44ab185b3b5..e16a9bbc2e9 100644 --- a/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql +++ b/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql @@ -4,7 +4,7 @@ * allows for a cross-site scripting vulnerability. * @kind path-problem * @problem.severity recommendation - * @security-severity 2.9 + * @security-severity 6.1 * @precision medium * @id java/xss-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql b/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql index d002bb96ce1..28b09d37dbb 100644 --- a/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql +++ b/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql @@ -4,7 +4,7 @@ * malicious code by the user. * @kind path-problem * @problem.severity error - * @security-severity 6.4 + * @security-severity 8.8 * @precision high * @id java/sql-injection * @tags security diff --git a/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql b/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql index ada846dcf47..df5807f3f5f 100644 --- a/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql +++ b/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql @@ -4,7 +4,7 @@ * malicious code by the user. * @kind path-problem * @problem.severity recommendation - * @security-severity 6.4 + * @security-severity 8.8 * @precision medium * @id java/sql-injection-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql b/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql index 9ddd5def883..6ec2be3e1c8 100644 --- a/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql +++ b/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql @@ -4,7 +4,7 @@ * characters is vulnerable to insertion of malicious code. * @kind problem * @problem.severity error - * @security-severity 6.4 + * @security-severity 8.8 * @precision high * @id java/concatenated-sql-query * @tags security diff --git a/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql b/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql index 5a7ab632a55..df57a810033 100644 --- a/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql +++ b/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql @@ -4,7 +4,7 @@ * malicious LDAP code by the user. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id java/ldap-injection * @tags security diff --git a/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql b/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql index f865d7d16b1..a673142f810 100644 --- a/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql +++ b/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql @@ -3,7 +3,7 @@ * @description User-controlled data may be evaluated as a Java EL expression, leading to arbitrary code execution. * @kind path-problem * @problem.severity error - * @security-severity 10.0 + * @security-severity 9.3 * @precision high * @id java/insecure-bean-validation * @tags security diff --git a/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql b/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql index cf555aa3442..c780fa60f20 100644 --- a/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql +++ b/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql @@ -4,7 +4,7 @@ * may lead to arbitrary code execution. * @kind path-problem * @problem.severity error - * @security-severity 10.0 + * @security-severity 9.3 * @precision high * @id java/jexl-expression-injection * @tags security diff --git a/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql b/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql index 76fa154ae7b..350358b69c1 100644 --- a/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql +++ b/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql @@ -5,7 +5,7 @@ * an HTTP header. * @kind problem * @problem.severity error - * @security-severity 3.6 + * @security-severity 6.1 * @precision high * @id java/netty-http-response-splitting * @tags security diff --git a/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql b/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql index 92468d61936..d32e7544f3e 100644 --- a/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql +++ b/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql @@ -4,7 +4,7 @@ * makes code vulnerable to attack by header splitting. * @kind path-problem * @problem.severity error - * @security-severity 3.6 + * @security-severity 6.1 * @precision high * @id java/http-response-splitting * @tags security diff --git a/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql b/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql index ff9a379d1f7..608636982c9 100644 --- a/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql +++ b/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql @@ -4,7 +4,7 @@ * makes code vulnerable to attack by header splitting. * @kind path-problem * @problem.severity recommendation - * @security-severity 3.6 + * @security-severity 6.1 * @precision medium * @id java/http-response-splitting-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql index ca5d05db10c..8ccf937355c 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql @@ -3,7 +3,7 @@ * @description Using unvalidated external input as the argument to a construction of an array can lead to index out of bound exceptions. * @kind path-problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.8 * @precision medium * @id java/improper-validation-of-array-construction * @tags security diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql index f3471027561..62038fe73a6 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql @@ -4,7 +4,7 @@ * a construction of an array can lead to index out of bound exceptions. * @kind path-problem * @problem.severity recommendation - * @security-severity 5.9 + * @security-severity 8.8 * @precision medium * @id java/improper-validation-of-array-construction-code-specified * @tags security diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql index 94e06109da4..db7dfc0aec5 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql @@ -4,7 +4,7 @@ * a construction of an array can lead to index out of bound exceptions. * @kind path-problem * @problem.severity recommendation - * @security-severity 5.9 + * @security-severity 8.8 * @precision medium * @id java/improper-validation-of-array-construction-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql index 5fe23b564d6..4cc9c58e64f 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql @@ -3,7 +3,7 @@ * @description Using external input as an index to an array, without proper validation, can lead to index out of bound exceptions. * @kind path-problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.8 * @precision medium * @id java/improper-validation-of-array-index * @tags security diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql index 99c819533cb..79911f5422d 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql @@ -4,7 +4,7 @@ * proper validation, can lead to index out of bound exceptions. * @kind path-problem * @problem.severity recommendation - * @security-severity 5.9 + * @security-severity 8.8 * @precision medium * @id java/improper-validation-of-array-index-code-specified * @tags security diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql index c246bcff158..537c47b34cc 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql @@ -4,7 +4,7 @@ * proper validation, can lead to index out of bound exceptions. * @kind path-problem * @problem.severity recommendation - * @security-severity 5.9 + * @security-severity 8.8 * @precision medium * @id java/improper-validation-of-array-index-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql index 0208955e10f..4e319b388e6 100644 --- a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql +++ b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql @@ -3,7 +3,7 @@ * @description Using external input in format strings can lead to exceptions or information leaks. * @kind path-problem * @problem.severity error - * @security-severity 6.9 + * @security-severity 9.3 * @precision high * @id java/tainted-format-string * @tags security diff --git a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql index 5dd2f629393..36027f97c30 100644 --- a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql +++ b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql @@ -3,7 +3,7 @@ * @description Using external input in format strings can lead to exceptions or information leaks. * @kind path-problem * @problem.severity recommendation - * @security-severity 6.9 + * @security-severity 9.3 * @precision medium * @id java/tainted-format-string-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql b/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql index 261c6891039..5fa48ee10d1 100644 --- a/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql +++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql @@ -4,7 +4,7 @@ * overflows. * @kind path-problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.6 * @precision medium * @id java/tainted-arithmetic * @tags security diff --git a/java/ql/src/Security/CWE/CWE-190/ArithmeticTaintedLocal.ql b/java/ql/src/Security/CWE/CWE-190/ArithmeticTaintedLocal.ql index 54e3fa1b10a..20bec26dd9f 100644 --- a/java/ql/src/Security/CWE/CWE-190/ArithmeticTaintedLocal.ql +++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticTaintedLocal.ql @@ -4,7 +4,7 @@ * overflows. * @kind path-problem * @problem.severity recommendation - * @security-severity 5.9 + * @security-severity 8.6 * @precision medium * @id java/tainted-arithmetic-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql b/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql index ad67e3b55bc..9cc3dfbabeb 100644 --- a/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql +++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql @@ -4,7 +4,7 @@ * overflows. * @kind path-problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.6 * @precision medium * @id java/uncontrolled-arithmetic * @tags security diff --git a/java/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql b/java/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql index 0ffcbec38e6..5c49e1b3229 100644 --- a/java/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql +++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql @@ -4,7 +4,7 @@ * is then used in an arithmetic expression, this may result in an overflow. * @kind path-problem * @problem.severity recommendation - * @security-severity 5.9 + * @security-severity 8.6 * @precision medium * @id java/extreme-value-arithmetic * @tags security diff --git a/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql b/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql index c6e72a94b65..259f36fb42b 100644 --- a/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql +++ b/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql @@ -4,7 +4,7 @@ * to behave unexpectedly. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.1 * @precision medium * @id java/comparison-with-wider-type * @tags reliability diff --git a/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql b/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql index bf96ee8d1bb..3b085b609b2 100644 --- a/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql +++ b/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql @@ -5,7 +5,7 @@ * that are useful to an attacker for developing a subsequent exploit. * @kind problem * @problem.severity error - * @security-severity 3.6 + * @security-severity 5.4 * @precision high * @id java/stack-trace-exposure * @tags security diff --git a/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql b/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql index d7a5f374953..1828b924752 100644 --- a/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql +++ b/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql @@ -3,7 +3,7 @@ * @description Marking a certificate as valid for a host without checking the certificate hostname allows an attacker to perform a machine-in-the-middle attack. * @kind path-problem * @problem.severity error - * @security-severity 4.9 + * @security-severity 5.9 * @precision high * @id java/unsafe-hostname-verification * @tags security diff --git a/java/ql/src/Security/CWE/CWE-312/CleartextStorageClass.ql b/java/ql/src/Security/CWE/CWE-312/CleartextStorageClass.ql index 00527d4ab60..e14b9bfe552 100644 --- a/java/ql/src/Security/CWE/CWE-312/CleartextStorageClass.ql +++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorageClass.ql @@ -3,7 +3,7 @@ * @description Storing sensitive information in cleartext can expose it to an attacker. * @kind problem * @problem.severity recommendation - * @security-severity 5.9 + * @security-severity 7.5 * @precision medium * @id java/cleartext-storage-in-class * @tags security diff --git a/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql b/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql index 7a3c55379de..c5a76434dcd 100644 --- a/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql +++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql @@ -3,7 +3,7 @@ * @description Storing sensitive information in cleartext can expose it to an attacker. * @kind problem * @problem.severity error - * @security-severity 2.9 + * @security-severity 5.0 * @precision high * @id java/cleartext-storage-in-cookie * @tags security diff --git a/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql b/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql index 7f05192357d..495fd3f6f20 100644 --- a/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql +++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql @@ -3,7 +3,7 @@ * @description Storing sensitive information in cleartext can expose it to an attacker. * @kind problem * @problem.severity warning - * @security-severity 6.4 + * @security-severity 7.5 * @precision medium * @id java/cleartext-storage-in-properties * @tags security diff --git a/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql b/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql index 544197f0252..001afb8efb1 100644 --- a/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql +++ b/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql @@ -3,7 +3,7 @@ * @description Non-HTTPS connections can be intercepted by third parties. * @kind path-problem * @problem.severity recommendation - * @security-severity 5.2 + * @security-severity 7.5 * @precision medium * @id java/non-https-url * @tags security diff --git a/java/ql/src/Security/CWE/CWE-319/UseSSL.ql b/java/ql/src/Security/CWE/CWE-319/UseSSL.ql index b4fabf15940..1b267af52cf 100644 --- a/java/ql/src/Security/CWE/CWE-319/UseSSL.ql +++ b/java/ql/src/Security/CWE/CWE-319/UseSSL.ql @@ -3,7 +3,7 @@ * @description Non-SSL connections can be intercepted by third parties. * @kind problem * @problem.severity recommendation - * @security-severity 5.2 + * @security-severity 7.5 * @precision medium * @id java/non-ssl-connection * @tags security diff --git a/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql b/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql index 6fa51d4caf2..5defe0cd612 100644 --- a/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql +++ b/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql @@ -4,7 +4,7 @@ * third parties. * @kind problem * @problem.severity recommendation - * @security-severity 5.2 + * @security-severity 7.5 * @precision medium * @id java/non-ssl-socket-factory * @tags security diff --git a/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql b/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql index 194d7ecf7d5..5c8a5b51df0 100644 --- a/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql +++ b/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql @@ -3,7 +3,7 @@ * @description Using broken or weak cryptographic algorithms can allow an attacker to compromise security. * @kind path-problem * @problem.severity warning - * @security-severity 5.2 + * @security-severity 7.5 * @precision high * @id java/weak-cryptographic-algorithm * @tags security diff --git a/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql b/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql index fac3d66f2b8..1b99c53561b 100644 --- a/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql +++ b/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql @@ -3,7 +3,7 @@ * @description Using broken or weak cryptographic algorithms can allow an attacker to compromise security. * @kind path-problem * @problem.severity warning - * @security-severity 5.2 + * @security-severity 7.5 * @precision medium * @id java/potentially-weak-cryptographic-algorithm * @tags security diff --git a/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql b/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql index 2cd7bbae1dd..9b873aa407f 100644 --- a/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql +++ b/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql @@ -3,7 +3,7 @@ * @description Using a predictable seed in a pseudo-random number generator can lead to predictability of the numbers generated by it. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id java/predictable-seed * @tags security diff --git a/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql b/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql index 6a456fbae32..9a530e5078f 100644 --- a/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql +++ b/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql @@ -3,7 +3,7 @@ * @description Using a vulnerable version of JHipster to generate random numbers makes it easier for attackers to take over accounts. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.8 * @precision very-high * @id java/jhipster-prng * @tags security diff --git a/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql b/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql index d7fe7b8611e..9bca9dc3ed9 100644 --- a/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql +++ b/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql @@ -4,7 +4,7 @@ * a Cross-Site Request Forgery (CSRF) attack. * @kind problem * @problem.severity error - * @security-severity 6.4 + * @security-severity 8.8 * @precision high * @id java/spring-disabled-csrf-protection * @tags security diff --git a/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql b/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql index 740dd6ba314..2fb46ad8943 100644 --- a/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql +++ b/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql @@ -4,7 +4,7 @@ * if the state may be changed between the check and use. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.7 * @precision medium * @id java/toctou-race-condition * @tags security diff --git a/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql b/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql index d4301a3d620..c8515f2b085 100644 --- a/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql +++ b/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql @@ -3,7 +3,7 @@ * @description Opening a socket after authenticating via a different channel may allow an attacker to connect to the port first. * @kind problem * @problem.severity warning - * @security-severity 10.0 + * @security-severity 7.2 * @precision medium * @id java/socket-auth-race-condition * @tags security diff --git a/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql b/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql index 82dd42c3c32..1e7f734a875 100644 --- a/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql +++ b/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql @@ -4,7 +4,7 @@ * execute arbitrary code. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id java/unsafe-deserialization * @tags security diff --git a/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql b/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql index 7d072091245..02840afaf65 100644 --- a/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql +++ b/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql @@ -4,7 +4,7 @@ * may cause redirection to malicious web sites. * @kind path-problem * @problem.severity error - * @security-severity 2.7 + * @security-severity 6.1 * @precision high * @id java/unvalidated-url-redirection * @tags security diff --git a/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql b/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql index 4f60a15d8a6..a8157748d7b 100644 --- a/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql +++ b/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql @@ -4,7 +4,7 @@ * may cause redirection to malicious web sites. * @kind path-problem * @problem.severity recommendation - * @security-severity 2.7 + * @security-severity 6.1 * @precision medium * @id java/unvalidated-url-redirection-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-611/XXE.ql b/java/ql/src/Security/CWE/CWE-611/XXE.ql index dc277337769..bfcedb19d17 100644 --- a/java/ql/src/Security/CWE/CWE-611/XXE.ql +++ b/java/ql/src/Security/CWE/CWE-611/XXE.ql @@ -4,7 +4,7 @@ * references may lead to disclosure of confidential data or denial of service. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.1 * @precision high * @id java/xxe * @tags security diff --git a/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql b/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql index ef6d143ece8..d71be47bc79 100644 --- a/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql +++ b/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql @@ -4,7 +4,7 @@ * interception. * @kind problem * @problem.severity error - * @security-severity 2.9 + * @security-severity 5.0 * @precision high * @id java/insecure-cookie * @tags security diff --git a/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql b/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql index 0dd73370569..9e2d1c1a2ac 100644 --- a/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql +++ b/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql @@ -4,7 +4,7 @@ * malicious code by the user. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id java/xml/xpath-injection * @tags security diff --git a/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql b/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql index 0518b99e221..fcc2651ae9e 100644 --- a/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql +++ b/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql @@ -4,7 +4,7 @@ * can cause unexpected truncation. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.0 * @precision high * @id java/tainted-numeric-cast * @tags security diff --git a/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql b/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql index 519e4c398ee..ad02cb21bc7 100644 --- a/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql +++ b/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql @@ -4,7 +4,7 @@ * can cause unexpected truncation. * @kind path-problem * @problem.severity recommendation - * @security-severity 5.9 + * @security-severity 9.0 * @precision medium * @id java/tainted-numeric-cast-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql b/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql index 3797f11dfd5..7d2a309c6c0 100644 --- a/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql +++ b/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql @@ -4,7 +4,7 @@ * the file may be modified or removed by external actors. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.8 * @precision high * @id java/world-writable-file-read * @tags security diff --git a/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql b/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql index 5300e3864ef..13cb2a7a69d 100644 --- a/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql +++ b/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql @@ -3,7 +3,7 @@ * @description Using a hard-coded credential in a call to a sensitive Java API may compromise security. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision medium * @id java/hardcoded-credential-api-call * @tags security diff --git a/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsComparison.ql b/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsComparison.ql index 8583f4bef39..d43530f7d69 100644 --- a/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsComparison.ql +++ b/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsComparison.ql @@ -3,7 +3,7 @@ * @description Comparing a parameter to a hard-coded credential may compromise security. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision low * @id java/hardcoded-credential-comparison * @tags security diff --git a/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsSourceCall.ql b/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsSourceCall.ql index 724916f1511..e14188905fa 100644 --- a/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsSourceCall.ql +++ b/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsSourceCall.ql @@ -3,7 +3,7 @@ * @description Using a hard-coded credential in a sensitive call may compromise security. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision low * @id java/hardcoded-credential-sensitive-call * @tags security diff --git a/java/ql/src/Security/CWE/CWE-798/HardcodedPasswordField.ql b/java/ql/src/Security/CWE/CWE-798/HardcodedPasswordField.ql index 4464268a5ec..0a98c000300 100644 --- a/java/ql/src/Security/CWE/CWE-798/HardcodedPasswordField.ql +++ b/java/ql/src/Security/CWE/CWE-798/HardcodedPasswordField.ql @@ -3,7 +3,7 @@ * @description Hard-coding a password string may compromise security. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision low * @id java/hardcoded-password-field * @tags security diff --git a/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql b/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql index 6f1c7275bb4..0dca7acd64d 100644 --- a/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql +++ b/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql @@ -4,7 +4,7 @@ * passing through authentication systems. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.8 * @precision medium * @id java/user-controlled-bypass * @tags security diff --git a/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql b/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql index 7eb03c1ecd7..beabdead5af 100644 --- a/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql +++ b/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql @@ -4,7 +4,7 @@ * permissions being granted. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.8 * @precision high * @id java/tainted-permissions-check * @tags security diff --git a/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql b/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql index d3b833eaf72..0123354572d 100644 --- a/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql +++ b/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql @@ -3,7 +3,7 @@ * @description Non-HTTPS connections can be intercepted by third parties. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 8.1 * @precision very-high * @id java/maven/non-https-url * @tags security diff --git a/java/ql/src/Security/CWE/CWE-833/LockOrderInconsistency.ql b/java/ql/src/Security/CWE/CWE-833/LockOrderInconsistency.ql index 241965f4b09..5ad653bd6dd 100644 --- a/java/ql/src/Security/CWE/CWE-833/LockOrderInconsistency.ql +++ b/java/ql/src/Security/CWE/CWE-833/LockOrderInconsistency.ql @@ -3,7 +3,7 @@ * @description Acquiring multiple locks in a different order may cause deadlock. * @kind problem * @problem.severity recommendation - * @security-severity 6.9 + * @security-severity 5.0 * @precision medium * @id java/lock-order-inconsistency * @tags security diff --git a/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql b/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql index 4fe1c38c6d5..35f951d6d52 100644 --- a/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql +++ b/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql @@ -5,7 +5,7 @@ * looping. * @kind problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 7.5 * @precision medium * @id java/unreachable-exit-in-loop * @tags security diff --git a/javascript/ql/src/AngularJS/DisablingSce.ql b/javascript/ql/src/AngularJS/DisablingSce.ql index eae9a924a2c..7ec1b5405b2 100644 --- a/javascript/ql/src/AngularJS/DisablingSce.ql +++ b/javascript/ql/src/AngularJS/DisablingSce.ql @@ -3,7 +3,7 @@ * @description Disabling strict contextual escaping (SCE) can cause security vulnerabilities. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @precision very-high * @id js/angular/disabling-sce * @tags security diff --git a/javascript/ql/src/AngularJS/DoubleCompilation.ql b/javascript/ql/src/AngularJS/DoubleCompilation.ql index e81351ea0d4..95f088d20ce 100644 --- a/javascript/ql/src/AngularJS/DoubleCompilation.ql +++ b/javascript/ql/src/AngularJS/DoubleCompilation.ql @@ -4,7 +4,7 @@ * unexpected behavior of directives, performance problems, and memory leaks. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.8 * @id js/angular/double-compilation * @tags reliability * frameworks/angularjs diff --git a/javascript/ql/src/AngularJS/InsecureUrlWhitelist.ql b/javascript/ql/src/AngularJS/InsecureUrlWhitelist.ql index b17c3188328..ac4c4772f11 100644 --- a/javascript/ql/src/AngularJS/InsecureUrlWhitelist.ql +++ b/javascript/ql/src/AngularJS/InsecureUrlWhitelist.ql @@ -3,7 +3,7 @@ * @description URL whitelists that are too permissive can cause security vulnerabilities. * @kind problem * @problem.severity warning - * @security-severity 6.4 + * @security-severity 7.5 * @precision very-high * @id js/angular/insecure-url-whitelist * @tags security diff --git a/javascript/ql/src/DOM/TargetBlank.ql b/javascript/ql/src/DOM/TargetBlank.ql index 588552c9bff..8d16a60bc83 100644 --- a/javascript/ql/src/DOM/TargetBlank.ql +++ b/javascript/ql/src/DOM/TargetBlank.ql @@ -4,7 +4,7 @@ * link type 'noopener' or 'noreferrer' are a potential security risk. * @kind problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 6.5 * @id js/unsafe-external-link * @tags maintainability * security diff --git a/javascript/ql/src/Electron/AllowRunningInsecureContent.ql b/javascript/ql/src/Electron/AllowRunningInsecureContent.ql index 8a4535992d9..327caf9a4bd 100644 --- a/javascript/ql/src/Electron/AllowRunningInsecureContent.ql +++ b/javascript/ql/src/Electron/AllowRunningInsecureContent.ql @@ -3,7 +3,7 @@ * @description Enabling allowRunningInsecureContent can allow remote code execution. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 8.8 * @precision very-high * @tags security * frameworks/electron diff --git a/javascript/ql/src/Electron/DisablingWebSecurity.ql b/javascript/ql/src/Electron/DisablingWebSecurity.ql index 07b4d98ad3c..a2b0c0a8a01 100644 --- a/javascript/ql/src/Electron/DisablingWebSecurity.ql +++ b/javascript/ql/src/Electron/DisablingWebSecurity.ql @@ -3,7 +3,7 @@ * @description Disabling webSecurity can cause critical security vulnerabilities. * @kind problem * @problem.severity error - * @security-severity 2.9 + * @security-severity 6.1 * @precision very-high * @tags security * frameworks/electron diff --git a/javascript/ql/src/Electron/EnablingNodeIntegration.ql b/javascript/ql/src/Electron/EnablingNodeIntegration.ql index 6bf424d52e9..074470b6a64 100644 --- a/javascript/ql/src/Electron/EnablingNodeIntegration.ql +++ b/javascript/ql/src/Electron/EnablingNodeIntegration.ql @@ -3,7 +3,7 @@ * @description Enabling `nodeIntegration` or `nodeIntegrationInWorker` can expose the application to remote code execution. * @kind problem * @problem.severity warning - * @security-severity 10.0 + * @security-severity 9.3 * @precision low * @id js/enabling-electron-renderer-node-integration * @tags security diff --git a/javascript/ql/src/Performance/PolynomialReDoS.ql b/javascript/ql/src/Performance/PolynomialReDoS.ql index d463b450bfe..5f46b36b5e1 100644 --- a/javascript/ql/src/Performance/PolynomialReDoS.ql +++ b/javascript/ql/src/Performance/PolynomialReDoS.ql @@ -4,7 +4,7 @@ * to match may be vulnerable to denial-of-service attacks. * @kind path-problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 7.5 * @precision high * @id js/polynomial-redos * @tags security diff --git a/javascript/ql/src/Performance/ReDoS.ql b/javascript/ql/src/Performance/ReDoS.ql index 39b8dbce9b3..804e59fe813 100644 --- a/javascript/ql/src/Performance/ReDoS.ql +++ b/javascript/ql/src/Performance/ReDoS.ql @@ -5,7 +5,7 @@ * attacks. * @kind problem * @problem.severity error - * @security-severity 3.6 + * @security-severity 7.5 * @precision high * @id js/redos * @tags security diff --git a/javascript/ql/src/RegExp/IdentityReplacement.ql b/javascript/ql/src/RegExp/IdentityReplacement.ql index 8d74e735053..0949423aa8b 100644 --- a/javascript/ql/src/RegExp/IdentityReplacement.ql +++ b/javascript/ql/src/RegExp/IdentityReplacement.ql @@ -3,7 +3,7 @@ * @description Replacing a substring with itself has no effect and may indicate a mistake. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @id js/identity-replacement * @precision very-high * @tags correctness diff --git a/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql b/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql index ba4db85c448..bd095887011 100644 --- a/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql +++ b/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql @@ -3,7 +3,7 @@ * @description Matching a URL or hostname against a regular expression that contains an unescaped dot as part of the hostname might match more hostnames than expected. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @precision high * @id js/incomplete-hostname-regexp * @tags correctness diff --git a/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql b/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql index a40924a1311..81276ff98aa 100644 --- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql +++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql @@ -4,7 +4,7 @@ * and "data:" suggests a logic error or even a security vulnerability. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @precision high * @id js/incomplete-url-scheme-check * @tags security diff --git a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql index a9e2366c4a2..56ab631d1e1 100644 --- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql +++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql @@ -3,7 +3,7 @@ * @description Security checks on the substrings of an unparsed URL are often vulnerable to bypassing. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @precision high * @id js/incomplete-url-substring-sanitization * @tags correctness diff --git a/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql b/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql index 640f0f5ed34..e6ec89da534 100644 --- a/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql +++ b/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql @@ -3,7 +3,7 @@ * @description Using indexOf to implement endsWith functionality is error-prone if the -1 case is not explicitly handled. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.8 * @precision high * @id js/incorrect-suffix-check * @tags security diff --git a/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql b/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql index 4cbd92613e8..cd71f5c6a49 100644 --- a/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql +++ b/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql @@ -3,7 +3,7 @@ * @description Regular expressions without anchors can be vulnerable to bypassing. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @precision medium * @id js/regex/missing-regexp-anchor * @tags correctness diff --git a/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql b/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql index 3c87f57f3df..898e3b616cc 100644 --- a/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql +++ b/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql @@ -5,7 +5,7 @@ * @kind path-problem * @precision low * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.8 * @tags security external/cwe/cwe-20 */ diff --git a/javascript/ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql b/javascript/ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql index a48fbbb84b9..29933de7848 100644 --- a/javascript/ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql +++ b/javascript/ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql @@ -5,7 +5,7 @@ * behave unexpectedly. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.8 * @precision high * @id js/useless-regexp-character-escape * @tags correctness diff --git a/javascript/ql/src/Security/CWE-022/TaintedPath.ql b/javascript/ql/src/Security/CWE-022/TaintedPath.ql index cda0074aa86..a9b197a28de 100644 --- a/javascript/ql/src/Security/CWE-022/TaintedPath.ql +++ b/javascript/ql/src/Security/CWE-022/TaintedPath.ql @@ -4,7 +4,7 @@ * unexpected resources. * @kind path-problem * @problem.severity error - * @security-severity 6.4 + * @security-severity 7.5 * @precision high * @id js/path-injection * @tags security diff --git a/javascript/ql/src/Security/CWE-022/ZipSlip.ql b/javascript/ql/src/Security/CWE-022/ZipSlip.ql index 4282de76742..8fcb9d7edaa 100644 --- a/javascript/ql/src/Security/CWE-022/ZipSlip.ql +++ b/javascript/ql/src/Security/CWE-022/ZipSlip.ql @@ -6,7 +6,7 @@ * @kind path-problem * @id js/zipslip * @problem.severity error - * @security-severity 6.4 + * @security-severity 7.5 * @precision high * @tags security * external/cwe/cwe-022 diff --git a/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql b/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql index 7f413152df1..17d65433b54 100644 --- a/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql +++ b/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql @@ -3,7 +3,7 @@ * @description Instantiating a template using a user-controlled object is vulnerable to local file read and potential remote code execution. * @kind path-problem * @problem.severity error - * @security-severity 10.0 + * @security-severity 9.3 * @precision high * @id js/template-object-injection * @tags security diff --git a/javascript/ql/src/Security/CWE-078/CommandInjection.ql b/javascript/ql/src/Security/CWE-078/CommandInjection.ql index aa9b3920e06..59ebd7cc1ee 100644 --- a/javascript/ql/src/Security/CWE-078/CommandInjection.ql +++ b/javascript/ql/src/Security/CWE-078/CommandInjection.ql @@ -4,7 +4,7 @@ * user to change the meaning of the command. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id js/command-line-injection * @tags correctness diff --git a/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql b/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql index ae665a250e7..31bf6cfdf85 100644 --- a/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql +++ b/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql @@ -5,7 +5,7 @@ * command-line injection vulnerabilities. * @kind path-problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 9.8 * @precision medium * @id js/indirect-command-line-injection * @tags correctness diff --git a/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql b/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql index cccb26ec545..a1c3f879961 100644 --- a/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql +++ b/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql @@ -4,7 +4,7 @@ * environment may cause subtle bugs or vulnerabilities. * @kind path-problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id js/shell-command-injection-from-environment * @tags correctness diff --git a/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql b/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql index d0d0129e214..a1dafda3921 100644 --- a/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql +++ b/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql @@ -4,7 +4,7 @@ * user to change the meaning of the command. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id js/shell-command-constructed-from-input * @tags correctness diff --git a/javascript/ql/src/Security/CWE-078/UselessUseOfCat.ql b/javascript/ql/src/Security/CWE-078/UselessUseOfCat.ql index 81134d6bb5b..fd29399546a 100644 --- a/javascript/ql/src/Security/CWE-078/UselessUseOfCat.ql +++ b/javascript/ql/src/Security/CWE-078/UselessUseOfCat.ql @@ -3,7 +3,7 @@ * @description Using the `cat` process to read a file is unnecessarily complex, inefficient, unportable, and can lead to subtle bugs, or even security vulnerabilities. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id js/unnecessary-use-of-cat * @tags correctness diff --git a/javascript/ql/src/Security/CWE-079/ExceptionXss.ql b/javascript/ql/src/Security/CWE-079/ExceptionXss.ql index b82676dca61..3723bfc99f8 100644 --- a/javascript/ql/src/Security/CWE-079/ExceptionXss.ql +++ b/javascript/ql/src/Security/CWE-079/ExceptionXss.ql @@ -4,7 +4,7 @@ * can lead to a cross-site scripting vulnerability. * @kind path-problem * @problem.severity warning - * @security-severity 2.9 + * @security-severity 6.1 * @precision high * @id js/xss-through-exception * @tags security diff --git a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql index 958d5296e71..9a102fcc57f 100644 --- a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql +++ b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql @@ -4,7 +4,7 @@ * a cross-site scripting vulnerability. * @kind path-problem * @problem.severity error - * @security-severity 2.9 + * @security-severity 6.1 * @precision high * @id js/reflected-xss * @tags security diff --git a/javascript/ql/src/Security/CWE-079/StoredXss.ql b/javascript/ql/src/Security/CWE-079/StoredXss.ql index df674173c28..ed9aac39bd9 100644 --- a/javascript/ql/src/Security/CWE-079/StoredXss.ql +++ b/javascript/ql/src/Security/CWE-079/StoredXss.ql @@ -4,7 +4,7 @@ * a stored cross-site scripting vulnerability. * @kind path-problem * @problem.severity error - * @security-severity 2.9 + * @security-severity 6.1 * @precision high * @id js/stored-xss * @tags security diff --git a/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql b/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql index ca4564a5968..cc85e07f61a 100644 --- a/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql +++ b/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql @@ -4,7 +4,7 @@ * user to perform a cross-site scripting attack. * @kind path-problem * @problem.severity error - * @security-severity 2.9 + * @security-severity 6.1 * @precision high * @id js/html-constructed-from-input * @tags security diff --git a/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql b/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql index fdbdc74f2a5..24db75323df 100644 --- a/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql +++ b/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql @@ -3,7 +3,7 @@ * @description A jQuery plugin that unintentionally constructs HTML from some of its options may be unsafe to use for clients. * @kind path-problem * @problem.severity warning - * @security-severity 2.9 + * @security-severity 6.1 * @precision high * @id js/unsafe-jquery-plugin * @tags security diff --git a/javascript/ql/src/Security/CWE-079/Xss.ql b/javascript/ql/src/Security/CWE-079/Xss.ql index 7ae8268ca0f..20aaa86e61a 100644 --- a/javascript/ql/src/Security/CWE-079/Xss.ql +++ b/javascript/ql/src/Security/CWE-079/Xss.ql @@ -4,7 +4,7 @@ * a cross-site scripting vulnerability. * @kind path-problem * @problem.severity error - * @security-severity 2.9 + * @security-severity 6.1 * @precision high * @id js/xss * @tags security diff --git a/javascript/ql/src/Security/CWE-079/XssThroughDom.ql b/javascript/ql/src/Security/CWE-079/XssThroughDom.ql index 9e3b1231346..3b15e6def61 100644 --- a/javascript/ql/src/Security/CWE-079/XssThroughDom.ql +++ b/javascript/ql/src/Security/CWE-079/XssThroughDom.ql @@ -4,7 +4,7 @@ * can lead to a cross-site scripting vulnerability. * @kind path-problem * @problem.severity warning - * @security-severity 2.9 + * @security-severity 6.1 * @precision high * @id js/xss-through-dom * @tags security diff --git a/javascript/ql/src/Security/CWE-089/SqlInjection.ql b/javascript/ql/src/Security/CWE-089/SqlInjection.ql index 43e7ef9f5de..4aac9d9a1b7 100644 --- a/javascript/ql/src/Security/CWE-089/SqlInjection.ql +++ b/javascript/ql/src/Security/CWE-089/SqlInjection.ql @@ -4,7 +4,7 @@ * malicious code by the user. * @kind path-problem * @problem.severity error - * @security-severity 6.4 + * @security-severity 8.8 * @precision high * @id js/sql-injection * @tags security diff --git a/javascript/ql/src/Security/CWE-094/CodeInjection.ql b/javascript/ql/src/Security/CWE-094/CodeInjection.ql index df22801f530..4c233079f44 100644 --- a/javascript/ql/src/Security/CWE-094/CodeInjection.ql +++ b/javascript/ql/src/Security/CWE-094/CodeInjection.ql @@ -4,7 +4,7 @@ * code execution. * @kind path-problem * @problem.severity error - * @security-severity 2.9 + * @security-severity 6.1 * @precision high * @id js/code-injection * @tags security diff --git a/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql b/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql index e33a2ff38fa..7a8aedcb8c5 100644 --- a/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql +++ b/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql @@ -3,7 +3,7 @@ * @description Escaping code as HTML does not provide protection against code injection. * @kind path-problem * @problem.severity error - * @security-severity 2.9 + * @security-severity 6.1 * @precision high * @id js/bad-code-sanitization * @tags security diff --git a/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql b/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql index bae55692732..918f09496af 100644 --- a/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql +++ b/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql @@ -3,7 +3,7 @@ * @description Invoking user-controlled methods on certain objects can lead to remote code execution. * @kind path-problem * @problem.severity error - * @security-severity 10.0 + * @security-severity 9.3 * @precision high * @id js/unsafe-dynamic-method-access * @tags security diff --git a/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql b/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql index 84053c9767e..6a647db75cd 100644 --- a/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql +++ b/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql @@ -5,7 +5,7 @@ * and conversely it has to be unescaped last to avoid double-unescaping. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @precision high * @id js/double-escaping * @tags correctness diff --git a/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql b/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql index a38cc7be61d..ecfe0f63ea1 100644 --- a/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql +++ b/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql @@ -5,7 +5,7 @@ * scripting vulnerability. * @kind path-problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 6.1 * @precision high * @id js/incomplete-html-attribute-sanitization * @tags security diff --git a/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql b/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql index 326d7c0e335..1cd23ea4432 100644 --- a/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql +++ b/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql @@ -3,7 +3,7 @@ * @description A sanitizer that removes a sequence of characters may reintroduce the dangerous sequence. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @precision high * @id js/incomplete-multi-character-sanitization * @tags correctness diff --git a/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql b/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql index 1894326a989..08bb355799a 100644 --- a/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql +++ b/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql @@ -4,7 +4,7 @@ * meta-character may be ineffective. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @precision high * @id js/incomplete-sanitization * @tags correctness diff --git a/javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql b/javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql index 5141e3403ef..1ef9e434339 100644 --- a/javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql +++ b/javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql @@ -4,7 +4,7 @@ * tags may lead to cross-site scripting vulnerabilities. * @kind problem * @problem.severity warning - * @security-severity 2.9 + * @security-severity 6.1 * @precision very-high * @id js/unsafe-html-expansion * @tags correctness diff --git a/javascript/ql/src/Security/CWE-117/LogInjection.ql b/javascript/ql/src/Security/CWE-117/LogInjection.ql index 038992e0876..bcdd80ec543 100644 --- a/javascript/ql/src/Security/CWE-117/LogInjection.ql +++ b/javascript/ql/src/Security/CWE-117/LogInjection.ql @@ -4,7 +4,7 @@ * insertion of forged log entries by a malicious user. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.8 * @precision medium * @id js/log-injection * @tags security diff --git a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql index fff23183a9a..00b7ea626e5 100644 --- a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql +++ b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql @@ -3,7 +3,7 @@ * @description Using external input in format strings can lead to garbled output. * @kind path-problem * @problem.severity warning - * @security-severity 6.9 + * @security-severity 9.3 * @precision high * @id js/tainted-format-string * @tags security diff --git a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql index d13c5218349..928b22fdff4 100644 --- a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql +++ b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql @@ -3,7 +3,7 @@ * @description Directly sending file data in an outbound network request can indicate unauthorized information disclosure. * @kind path-problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 6.5 * @precision medium * @id js/file-access-to-http * @tags security diff --git a/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql b/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql index 5ea4fbc6a3a..45e6ab2572c 100644 --- a/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql +++ b/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql @@ -4,7 +4,7 @@ * of private information. * @kind problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 6.5 * @id js/exposure-of-private-files * @tags security * external/cwe/cwe-200 diff --git a/javascript/ql/src/Security/CWE-201/PostMessageStar.ql b/javascript/ql/src/Security/CWE-201/PostMessageStar.ql index 991eaa3c6e3..cbb3df5cf5d 100644 --- a/javascript/ql/src/Security/CWE-201/PostMessageStar.ql +++ b/javascript/ql/src/Security/CWE-201/PostMessageStar.ql @@ -5,7 +5,7 @@ * information leaks. * @kind path-problem * @problem.severity error - * @security-severity 1.4 + * @security-severity 4.3 * @precision high * @id js/cross-window-information-leak * @tags security diff --git a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql index 1ff12bae7cb..a5e05eab0bb 100644 --- a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql +++ b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql @@ -5,7 +5,7 @@ * to an attacker for developing a subsequent exploit. * @kind path-problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 5.4 * @precision very-high * @id js/stack-trace-exposure * @tags security diff --git a/javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql b/javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql index a17d41dffc9..2f785bace35 100644 --- a/javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql +++ b/javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql @@ -3,7 +3,7 @@ * @description Disabling cryptographic certificate validation can cause security vulnerabilities. * @kind problem * @problem.severity error - * @security-severity 5.2 + * @security-severity 7.5 * @precision very-high * @id js/disabling-certificate-validation * @tags security diff --git a/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql b/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql index e2b9f3a9b84..e99c8076678 100644 --- a/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql +++ b/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql @@ -4,7 +4,7 @@ * expose it to an attacker. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.5 * @precision high * @id js/build-artifact-leak * @tags security diff --git a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql index 99933087daa..7a3626b4860 100644 --- a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql +++ b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql @@ -4,7 +4,7 @@ * expose it to an attacker. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.5 * @precision high * @id js/clear-text-logging * @tags security diff --git a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql index 6d2fbe2c6a5..ee9944c9b8d 100644 --- a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql +++ b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql @@ -4,7 +4,7 @@ * attacker. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.5 * @precision high * @id js/clear-text-storage-of-sensitive-data * @tags security diff --git a/javascript/ql/src/Security/CWE-313/PasswordInConfigurationFile.ql b/javascript/ql/src/Security/CWE-313/PasswordInConfigurationFile.ql index df6cb0d6046..4d534248f45 100644 --- a/javascript/ql/src/Security/CWE-313/PasswordInConfigurationFile.ql +++ b/javascript/ql/src/Security/CWE-313/PasswordInConfigurationFile.ql @@ -3,7 +3,7 @@ * @description Storing unencrypted passwords in configuration files is unsafe. * @kind problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 7.5 * @precision medium * @id js/password-in-configuration-file * @tags security diff --git a/javascript/ql/src/Security/CWE-327/BadRandomness.ql b/javascript/ql/src/Security/CWE-327/BadRandomness.ql index b6ef62f3eea..41b0602da65 100644 --- a/javascript/ql/src/Security/CWE-327/BadRandomness.ql +++ b/javascript/ql/src/Security/CWE-327/BadRandomness.ql @@ -4,7 +4,7 @@ * the results and compromise security. * @kind problem * @problem.severity warning - * @security-severity 5.2 + * @security-severity 7.5 * @precision high * @id js/biased-cryptographic-random * @tags security diff --git a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql index f79c59d9ccc..32625d62f77 100644 --- a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql +++ b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql @@ -3,7 +3,7 @@ * @description Using broken or weak cryptographic algorithms can compromise security. * @kind path-problem * @problem.severity warning - * @security-severity 5.2 + * @security-severity 7.5 * @precision high * @id js/weak-cryptographic-algorithm * @tags security diff --git a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql index 16b32b409ba..66e86f65ffd 100644 --- a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql +++ b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql @@ -5,7 +5,7 @@ * be generated. * @kind path-problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @precision high * @id js/insecure-randomness * @tags security diff --git a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql index 1a7d592498b..185533f93fb 100644 --- a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql +++ b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql @@ -3,7 +3,7 @@ * @description Misconfiguration of CORS HTTP headers allows for leaks of secret credentials. * @kind path-problem * @problem.severity error - * @security-severity 5.2 + * @security-severity 7.5 * @precision high * @id js/cors-misconfiguration-for-credentials * @tags security diff --git a/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql b/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql index d18fae34091..4aed89d69f7 100644 --- a/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql +++ b/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql @@ -4,7 +4,7 @@ * submit requests on behalf of the user. * @kind problem * @problem.severity error - * @security-severity 6.4 + * @security-severity 8.8 * @precision high * @id js/missing-token-validation * @tags security diff --git a/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql b/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql index 9c18a5fe686..3e2ab24f70d 100644 --- a/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql +++ b/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql @@ -3,7 +3,7 @@ * @description Processing user-controlled object hierarchies inefficiently can lead to denial of service. * @kind path-problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 7.5 * @precision high * @id js/resource-exhaustion-from-deep-object-traversal * @tags security diff --git a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql index 1cb5511cda3..4bfbbd85d23 100644 --- a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql +++ b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql @@ -4,7 +4,7 @@ * denial-of-service attacks. * @kind path-problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 7.5 * @precision medium * @id js/remote-property-injection * @tags security diff --git a/javascript/ql/src/Security/CWE-451/MissingXFrameOptions.ql b/javascript/ql/src/Security/CWE-451/MissingXFrameOptions.ql index e21bffa6498..316af8d4a36 100644 --- a/javascript/ql/src/Security/CWE-451/MissingXFrameOptions.ql +++ b/javascript/ql/src/Security/CWE-451/MissingXFrameOptions.ql @@ -4,7 +4,7 @@ * overlay their own UI on top of the site by using an iframe. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.5 * @precision low * @id js/missing-x-frame-options * @tags security diff --git a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql index 795c9372527..89302f775f2 100644 --- a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql +++ b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql @@ -4,7 +4,7 @@ * execute arbitrary code. * @kind path-problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id js/unsafe-deserialization * @tags security diff --git a/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql b/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql index e1e68854227..f0dfe833b06 100644 --- a/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql +++ b/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql @@ -5,7 +5,7 @@ * be avoided. * @kind path-problem * @problem.severity error - * @security-severity 5.2 + * @security-severity 9.1 * @precision medium * @id js/hardcoded-data-interpreted-as-code * @tags security diff --git a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql index a93dfd8dc34..9e2987c966f 100644 --- a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql +++ b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql @@ -4,7 +4,7 @@ * may cause redirection to malicious web sites. * @kind path-problem * @problem.severity error - * @security-severity 2.9 + * @security-severity 6.1 * @precision high * @id js/client-side-unvalidated-url-redirection * @tags security diff --git a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql index d0d68278ff0..3440d9ee405 100644 --- a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql +++ b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql @@ -4,7 +4,7 @@ * may cause redirection to malicious web sites. * @kind path-problem * @problem.severity warning - * @security-severity 2.7 + * @security-severity 6.1 * @id js/server-side-unvalidated-url-redirection * @tags security * external/cwe/cwe-601 diff --git a/javascript/ql/src/Security/CWE-611/Xxe.ql b/javascript/ql/src/Security/CWE-611/Xxe.ql index 42ff8cc2338..b2733d068a2 100644 --- a/javascript/ql/src/Security/CWE-611/Xxe.ql +++ b/javascript/ql/src/Security/CWE-611/Xxe.ql @@ -4,7 +4,7 @@ * entity expansion is vulnerable to XXE attacks. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.1 * @precision high * @id js/xxe * @tags security diff --git a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql index 332d29e0cb7..a2e24a9dd42 100644 --- a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql +++ b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql @@ -4,7 +4,7 @@ * attacks and leak password reset tokens. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id js/host-header-forgery-in-email-generation * @tags security diff --git a/javascript/ql/src/Security/CWE-643/XpathInjection.ql b/javascript/ql/src/Security/CWE-643/XpathInjection.ql index 675b078a5d6..5aa4142cde7 100644 --- a/javascript/ql/src/Security/CWE-643/XpathInjection.ql +++ b/javascript/ql/src/Security/CWE-643/XpathInjection.ql @@ -4,7 +4,7 @@ * malicious code by the user. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id js/xpath-injection * @tags security diff --git a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql index cd7ee8a2509..4278df33f8a 100644 --- a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql +++ b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql @@ -5,7 +5,7 @@ * exponential time on certain inputs. * @kind path-problem * @problem.severity error - * @security-severity 3.6 + * @security-severity 7.5 * @precision high * @id js/regex-injection * @tags security diff --git a/javascript/ql/src/Security/CWE-730/ServerCrash.ql b/javascript/ql/src/Security/CWE-730/ServerCrash.ql index a05351f851f..7c16287d48c 100644 --- a/javascript/ql/src/Security/CWE-730/ServerCrash.ql +++ b/javascript/ql/src/Security/CWE-730/ServerCrash.ql @@ -4,7 +4,7 @@ * attacks. * @kind path-problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 7.5 * @precision high * @id js/server-crash * @tags security diff --git a/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql b/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql index f21382d68d9..088d98bbbcb 100644 --- a/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql +++ b/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql @@ -4,7 +4,7 @@ * an unexpected target, which could cause an exception. * @kind path-problem * @problem.severity warning - * @security-severity 4.2 + * @security-severity 7.5 * @precision high * @id js/unvalidated-dynamic-method-call * @tags security diff --git a/javascript/ql/src/Security/CWE-770/MissingRateLimiting.ql b/javascript/ql/src/Security/CWE-770/MissingRateLimiting.ql index 6827b23d067..9ed860fd169 100644 --- a/javascript/ql/src/Security/CWE-770/MissingRateLimiting.ql +++ b/javascript/ql/src/Security/CWE-770/MissingRateLimiting.ql @@ -5,7 +5,7 @@ * to denial-of-service attacks. * @kind problem * @problem.severity error - * @security-severity 3.6 + * @security-severity 7.5 * @precision high * @id js/missing-rate-limiting * @tags security diff --git a/javascript/ql/src/Security/CWE-776/XmlBomb.ql b/javascript/ql/src/Security/CWE-776/XmlBomb.ql index 26c16a37bf0..5320236421c 100644 --- a/javascript/ql/src/Security/CWE-776/XmlBomb.ql +++ b/javascript/ql/src/Security/CWE-776/XmlBomb.ql @@ -4,7 +4,7 @@ * entity expansion is vulnerable to denial-of-service attacks. * @kind path-problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 7.5 * @precision high * @id js/xml-bomb * @tags security diff --git a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql index c17bfac7836..60269e8a634 100644 --- a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql +++ b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql @@ -4,7 +4,7 @@ * to gain unauthorized access. * @kind path-problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id js/hardcoded-credentials * @tags security diff --git a/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql b/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql index a94780bec1e..ee88eec03d2 100644 --- a/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql +++ b/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql @@ -3,7 +3,7 @@ * @description Conditions that the user controls are not suited for making security-related decisions. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.8 * @precision medium * @id js/user-controlled-bypass * @tags security diff --git a/javascript/ql/src/Security/CWE-807/DifferentKindsComparisonBypass.ql b/javascript/ql/src/Security/CWE-807/DifferentKindsComparisonBypass.ql index d8cf7ef3716..20cd6446683 100644 --- a/javascript/ql/src/Security/CWE-807/DifferentKindsComparisonBypass.ql +++ b/javascript/ql/src/Security/CWE-807/DifferentKindsComparisonBypass.ql @@ -3,7 +3,7 @@ * @description Comparing different kinds of HTTP request data may be a symptom of an insufficient security check. * @kind problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.8 * @precision low * @id js/different-kinds-comparison-bypass * @tags security diff --git a/javascript/ql/src/Security/CWE-829/InsecureDownload.ql b/javascript/ql/src/Security/CWE-829/InsecureDownload.ql index 2df6d29f038..41fea83ef1f 100644 --- a/javascript/ql/src/Security/CWE-829/InsecureDownload.ql +++ b/javascript/ql/src/Security/CWE-829/InsecureDownload.ql @@ -4,7 +4,7 @@ * opens up for potential man-in-the-middle attacks. * @kind path-problem * @problem.severity error - * @security-severity 6.4 + * @security-severity 8.1 * @precision high * @id js/insecure-download * @tags security diff --git a/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql b/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql index 726f88272fc..bbbd4da1e9a 100644 --- a/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql +++ b/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql @@ -4,7 +4,7 @@ * property can cause indefinite looping. * @kind path-problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 6.5 * @id js/loop-bound-injection * @tags security * external/cwe/cwe-834 diff --git a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql index 218cb70f571..8dbef4a8cce 100644 --- a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql +++ b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql @@ -3,7 +3,7 @@ * @description Sanitizing an HTTP request parameter may be ineffective if the user controls its type. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision high * @id js/type-confusion-through-parameter-tampering * @tags security diff --git a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql index 72393fd4f5a..3bed7d8c190 100644 --- a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql +++ b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql @@ -3,7 +3,7 @@ * @description Writing network data directly to the file system allows arbitrary file upload and might indicate a backdoor. * @kind path-problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 9.8 * @precision medium * @id js/http-to-file-access * @tags security diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql index 4447eef043a..cdcc474ef92 100644 --- a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql +++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql @@ -5,7 +5,7 @@ * and possibly escalate to remote code execution or cross-site scripting. * @kind path-problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 6.1 * @precision high * @id js/prototype-polluting-assignment * @tags security diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql b/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql index 3980557174b..b279c6cbe12 100644 --- a/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql +++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql @@ -4,7 +4,7 @@ * the cause of accidental modification of a built-in prototype object. * @kind path-problem * @problem.severity warning - * @security-severity 3.6 + * @security-severity 6.1 * @precision high * @id js/prototype-pollution-utility * @tags security diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql b/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql index 2bc625bcedd..53b6378fad8 100644 --- a/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql +++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql @@ -5,7 +5,7 @@ * and possibly escalate to remote code execution or cross-site scripting. * @kind path-problem * @problem.severity error - * @security-severity 3.6 + * @security-severity 6.1 * @precision high * @id js/prototype-pollution * @tags security diff --git a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql index 995ede73f38..61c341bba02 100644 --- a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql +++ b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql @@ -3,7 +3,7 @@ * @description Creating a hash of a password with low computational effort makes the hash vulnerable to password cracking attacks. * @kind path-problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 8.1 * @precision high * @id js/insufficient-password-hash * @tags security diff --git a/javascript/ql/src/Security/CWE-918/RequestForgery.ql b/javascript/ql/src/Security/CWE-918/RequestForgery.ql index 8d56a477177..9697904ce0e 100644 --- a/javascript/ql/src/Security/CWE-918/RequestForgery.ql +++ b/javascript/ql/src/Security/CWE-918/RequestForgery.ql @@ -3,7 +3,7 @@ * @description Sending network requests with user-controlled data allows for request forgery attacks. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.1 * @precision medium * @id js/request-forgery * @tags security diff --git a/python/ql/src/Expressions/UseofInput.ql b/python/ql/src/Expressions/UseofInput.ql index 68566ab0f95..8d95ce6b241 100644 --- a/python/ql/src/Expressions/UseofInput.ql +++ b/python/ql/src/Expressions/UseofInput.ql @@ -6,7 +6,7 @@ * correctness * security/cwe/cwe-78 * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @sub-severity high * @precision high * @id py/use-of-input diff --git a/python/ql/src/Security/CVE-2018-1281/BindToAllInterfaces.ql b/python/ql/src/Security/CVE-2018-1281/BindToAllInterfaces.ql index e5cc90196d1..9baa6e17775 100644 --- a/python/ql/src/Security/CVE-2018-1281/BindToAllInterfaces.ql +++ b/python/ql/src/Security/CVE-2018-1281/BindToAllInterfaces.ql @@ -6,7 +6,7 @@ * @tags security * external/cwe/cwe-200 * @problem.severity error - * @security-severity 3.6 + * @security-severity 6.5 * @sub-severity low * @precision high * @id py/bind-socket-all-network-interfaces diff --git a/python/ql/src/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql b/python/ql/src/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql index 17af70d836f..c1298ed9998 100644 --- a/python/ql/src/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql +++ b/python/ql/src/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql @@ -5,7 +5,7 @@ * @kind path-problem * @precision low * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.8 * @tags security external/cwe/cwe-20 */ diff --git a/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql b/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql index be44f462d53..7f32419261c 100644 --- a/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql +++ b/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql @@ -3,7 +3,7 @@ * @description Matching a URL or hostname against a regular expression that contains an unescaped dot as part of the hostname might match more hostnames than expected. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @precision high * @id py/incomplete-hostname-regexp * @tags correctness diff --git a/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql b/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql index 5b25f8fe595..7db2b972da0 100644 --- a/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql +++ b/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql @@ -3,7 +3,7 @@ * @description Security checks on the substrings of an unparsed URL are often vulnerable to bypassing. * @kind problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @precision high * @id py/incomplete-url-substring-sanitization * @tags correctness diff --git a/python/ql/src/Security/CWE-022/PathInjection.ql b/python/ql/src/Security/CWE-022/PathInjection.ql index 7083f12ab2b..ed4d9fc6a32 100644 --- a/python/ql/src/Security/CWE-022/PathInjection.ql +++ b/python/ql/src/Security/CWE-022/PathInjection.ql @@ -3,7 +3,7 @@ * @description Accessing paths influenced by users can allow an attacker to access unexpected resources. * @kind path-problem * @problem.severity error - * @security-severity 6.4 + * @security-severity 7.5 * @sub-severity high * @precision high * @id py/path-injection diff --git a/python/ql/src/Security/CWE-022/TarSlip.ql b/python/ql/src/Security/CWE-022/TarSlip.ql index cb6faccd1e2..f671072a6ef 100644 --- a/python/ql/src/Security/CWE-022/TarSlip.ql +++ b/python/ql/src/Security/CWE-022/TarSlip.ql @@ -6,7 +6,7 @@ * @kind path-problem * @id py/tarslip * @problem.severity error - * @security-severity 6.4 + * @security-severity 7.5 * @precision medium * @tags security * external/cwe/cwe-022 diff --git a/python/ql/src/Security/CWE-078/CommandInjection.ql b/python/ql/src/Security/CWE-078/CommandInjection.ql index 5a2a475ea10..8eaadf3b642 100755 --- a/python/ql/src/Security/CWE-078/CommandInjection.ql +++ b/python/ql/src/Security/CWE-078/CommandInjection.ql @@ -4,7 +4,7 @@ * user to change the meaning of the command. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @sub-severity high * @precision high * @id py/command-line-injection diff --git a/python/ql/src/Security/CWE-079/Jinja2WithoutEscaping.ql b/python/ql/src/Security/CWE-079/Jinja2WithoutEscaping.ql index fb443d15d2c..1ab93ae4a2b 100644 --- a/python/ql/src/Security/CWE-079/Jinja2WithoutEscaping.ql +++ b/python/ql/src/Security/CWE-079/Jinja2WithoutEscaping.ql @@ -4,7 +4,7 @@ * cause a cross-site scripting vulnerability. * @kind problem * @problem.severity error - * @security-severity 2.9 + * @security-severity 6.1 * @precision medium * @id py/jinja2/autoescape-false * @tags security diff --git a/python/ql/src/Security/CWE-079/ReflectedXss.ql b/python/ql/src/Security/CWE-079/ReflectedXss.ql index ca81f589b0e..ae037e5aa67 100644 --- a/python/ql/src/Security/CWE-079/ReflectedXss.ql +++ b/python/ql/src/Security/CWE-079/ReflectedXss.ql @@ -4,7 +4,7 @@ * allows for a cross-site scripting vulnerability. * @kind path-problem * @problem.severity error - * @security-severity 2.9 + * @security-severity 6.1 * @sub-severity high * @precision high * @id py/reflective-xss diff --git a/python/ql/src/Security/CWE-089/SqlInjection.ql b/python/ql/src/Security/CWE-089/SqlInjection.ql index c7ce0ebd4a7..1d34b1a58f2 100644 --- a/python/ql/src/Security/CWE-089/SqlInjection.ql +++ b/python/ql/src/Security/CWE-089/SqlInjection.ql @@ -4,7 +4,7 @@ * malicious SQL code by the user. * @kind path-problem * @problem.severity error - * @security-severity 6.4 + * @security-severity 8.8 * @precision high * @id py/sql-injection * @tags security diff --git a/python/ql/src/Security/CWE-094/CodeInjection.ql b/python/ql/src/Security/CWE-094/CodeInjection.ql index 7f7a391db81..980b9bde040 100644 --- a/python/ql/src/Security/CWE-094/CodeInjection.ql +++ b/python/ql/src/Security/CWE-094/CodeInjection.ql @@ -4,7 +4,7 @@ * code execution. * @kind path-problem * @problem.severity error - * @security-severity 10.0 + * @security-severity 9.3 * @sub-severity high * @precision high * @id py/code-injection diff --git a/python/ql/src/Security/CWE-209/StackTraceExposure.ql b/python/ql/src/Security/CWE-209/StackTraceExposure.ql index c092f399055..03ebdc84442 100644 --- a/python/ql/src/Security/CWE-209/StackTraceExposure.ql +++ b/python/ql/src/Security/CWE-209/StackTraceExposure.ql @@ -5,7 +5,7 @@ * developing a subsequent exploit. * @kind path-problem * @problem.severity error - * @security-severity 3.6 + * @security-severity 5.4 * @precision high * @id py/stack-trace-exposure * @tags security diff --git a/python/ql/src/Security/CWE-215/FlaskDebug.ql b/python/ql/src/Security/CWE-215/FlaskDebug.ql index f55844ae1b5..0bca0cd2c31 100644 --- a/python/ql/src/Security/CWE-215/FlaskDebug.ql +++ b/python/ql/src/Security/CWE-215/FlaskDebug.ql @@ -3,7 +3,7 @@ * @description Running a Flask app in debug mode may allow an attacker to run arbitrary code through the Werkzeug debugger. * @kind problem * @problem.severity error - * @security-severity 6.4 + * @security-severity 7.5 * @precision high * @id py/flask-debug * @tags security diff --git a/python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql b/python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql index adc04dc2984..89548d714ce 100644 --- a/python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql +++ b/python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql @@ -3,7 +3,7 @@ * @description Accepting unknown host keys can allow man-in-the-middle attacks. * @kind problem * @problem.severity error - * @security-severity 5.2 + * @security-severity 7.5 * @precision high * @id py/paramiko-missing-host-key-validation * @tags security diff --git a/python/ql/src/Security/CWE-295/RequestWithoutValidation.ql b/python/ql/src/Security/CWE-295/RequestWithoutValidation.ql index 97711bacbbb..5a3819f498e 100644 --- a/python/ql/src/Security/CWE-295/RequestWithoutValidation.ql +++ b/python/ql/src/Security/CWE-295/RequestWithoutValidation.ql @@ -3,7 +3,7 @@ * @description Making a request without certificate validation can allow man-in-the-middle attacks. * @kind problem * @problem.severity error - * @security-severity 5.2 + * @security-severity 7.5 * @precision medium * @id py/request-without-cert-validation * @tags security diff --git a/python/ql/src/Security/CWE-312/CleartextLogging.ql b/python/ql/src/Security/CWE-312/CleartextLogging.ql index c5f4c334557..61fb693aafb 100644 --- a/python/ql/src/Security/CWE-312/CleartextLogging.ql +++ b/python/ql/src/Security/CWE-312/CleartextLogging.ql @@ -4,7 +4,7 @@ * expose it to an attacker. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.5 * @precision high * @id py/clear-text-logging-sensitive-data * @tags security diff --git a/python/ql/src/Security/CWE-312/CleartextStorage.ql b/python/ql/src/Security/CWE-312/CleartextStorage.ql index 8ae5af8ef35..d54fbd94d50 100644 --- a/python/ql/src/Security/CWE-312/CleartextStorage.ql +++ b/python/ql/src/Security/CWE-312/CleartextStorage.ql @@ -4,7 +4,7 @@ * attacker. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.5 * @precision high * @id py/clear-text-storage-sensitive-data * @tags security diff --git a/python/ql/src/Security/CWE-326/WeakCryptoKey.ql b/python/ql/src/Security/CWE-326/WeakCryptoKey.ql index 0f48dc91a88..cb62940cc26 100644 --- a/python/ql/src/Security/CWE-326/WeakCryptoKey.ql +++ b/python/ql/src/Security/CWE-326/WeakCryptoKey.ql @@ -3,7 +3,7 @@ * @description Use of a cryptographic key that is too small may allow the encryption to be broken. * @kind problem * @problem.severity error - * @security-severity 5.2 + * @security-severity 7.5 * @precision high * @id py/weak-crypto-key * @tags security diff --git a/python/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql b/python/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql index 9c64ece8b11..9ee3e49a0a1 100644 --- a/python/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql +++ b/python/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql @@ -3,7 +3,7 @@ * @description Using broken or weak cryptographic algorithms can compromise security. * @kind problem * @problem.severity warning - * @security-severity 5.2 + * @security-severity 7.5 * @precision high * @id py/weak-cryptographic-algorithm * @tags security diff --git a/python/ql/src/Security/CWE-327/InsecureDefaultProtocol.ql b/python/ql/src/Security/CWE-327/InsecureDefaultProtocol.ql index 07dfe9e412a..5d9c72a3cb1 100644 --- a/python/ql/src/Security/CWE-327/InsecureDefaultProtocol.ql +++ b/python/ql/src/Security/CWE-327/InsecureDefaultProtocol.ql @@ -5,7 +5,7 @@ * @id py/insecure-default-protocol * @kind problem * @problem.severity warning - * @security-severity 5.2 + * @security-severity 7.5 * @precision high * @tags security * external/cwe/cwe-327 diff --git a/python/ql/src/Security/CWE-327/InsecureProtocol.ql b/python/ql/src/Security/CWE-327/InsecureProtocol.ql index bb9c2f71ca2..540691a4c11 100644 --- a/python/ql/src/Security/CWE-327/InsecureProtocol.ql +++ b/python/ql/src/Security/CWE-327/InsecureProtocol.ql @@ -4,7 +4,7 @@ * @id py/insecure-protocol * @kind problem * @problem.severity warning - * @security-severity 5.2 + * @security-severity 7.5 * @precision high * @tags security * external/cwe/cwe-327 diff --git a/python/ql/src/Security/CWE-327/WeakSensitiveDataHashing.ql b/python/ql/src/Security/CWE-327/WeakSensitiveDataHashing.ql index e5bc4b95c82..846abd78eaf 100644 --- a/python/ql/src/Security/CWE-327/WeakSensitiveDataHashing.ql +++ b/python/ql/src/Security/CWE-327/WeakSensitiveDataHashing.ql @@ -3,7 +3,7 @@ * @description Using broken or weak cryptographic hashing algorithms can compromise security. * @kind path-problem * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.5 * @precision high * @id py/weak-sensitive-data-hashing * @tags security diff --git a/python/ql/src/Security/CWE-377/InsecureTemporaryFile.ql b/python/ql/src/Security/CWE-377/InsecureTemporaryFile.ql index d224d35e2f6..05905cda960 100644 --- a/python/ql/src/Security/CWE-377/InsecureTemporaryFile.ql +++ b/python/ql/src/Security/CWE-377/InsecureTemporaryFile.ql @@ -4,7 +4,7 @@ * @kind problem * @id py/insecure-temporary-file * @problem.severity error - * @security-severity 5.9 + * @security-severity 7.0 * @sub-severity high * @precision high * @tags external/cwe/cwe-377 diff --git a/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql b/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql index 7994431d940..c054a3706d0 100644 --- a/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql +++ b/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql @@ -4,7 +4,7 @@ * @kind path-problem * @id py/unsafe-deserialization * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @sub-severity high * @precision high * @tags external/cwe/cwe-502 diff --git a/python/ql/src/Security/CWE-601/UrlRedirect.ql b/python/ql/src/Security/CWE-601/UrlRedirect.ql index 77948b01779..ace3e9bf98d 100644 --- a/python/ql/src/Security/CWE-601/UrlRedirect.ql +++ b/python/ql/src/Security/CWE-601/UrlRedirect.ql @@ -4,7 +4,7 @@ * may cause redirection to malicious web sites. * @kind path-problem * @problem.severity error - * @security-severity 2.7 + * @security-severity 6.1 * @sub-severity low * @id py/url-redirection * @tags security diff --git a/python/ql/src/Security/CWE-732/WeakFilePermissions.ql b/python/ql/src/Security/CWE-732/WeakFilePermissions.ql index e964df073df..033083ceeb0 100644 --- a/python/ql/src/Security/CWE-732/WeakFilePermissions.ql +++ b/python/ql/src/Security/CWE-732/WeakFilePermissions.ql @@ -4,7 +4,7 @@ * @kind problem * @id py/overly-permissive-file * @problem.severity warning - * @security-severity 5.9 + * @security-severity 7.8 * @sub-severity high * @precision medium * @tags external/cwe/cwe-732 diff --git a/python/ql/src/Security/CWE-798/HardcodedCredentials.ql b/python/ql/src/Security/CWE-798/HardcodedCredentials.ql index 84bf1e2f16e..cd00908fe05 100644 --- a/python/ql/src/Security/CWE-798/HardcodedCredentials.ql +++ b/python/ql/src/Security/CWE-798/HardcodedCredentials.ql @@ -3,7 +3,7 @@ * @description Credentials are hard coded in the source code of the application. * @kind path-problem * @problem.severity error - * @security-severity 5.9 + * @security-severity 9.8 * @precision medium * @id py/hardcoded-credentials * @tags security