Add security-severity tags

2025-12-16 16:53:25 +01:00 · 2021-04-15 17:47:23 +01:00
parent 578ce1e512
commit 47adf24b25
369 changed files with 369 additions and 0 deletions
--- a/Practices/Exceptions/LeakyCatch.ql
+++ b/Practices/Exceptions/LeakyCatch.ql
@@ -3,6 +3,7 @@
 * @description If an exception is allocated on the heap, then it should be deleted when caught.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision high
 * @id cpp/catch-missing-free
 * @tags efficiency
--- a/Errors/OffsetUseBeforeRangeCheck.ql
+++ b/Errors/OffsetUseBeforeRangeCheck.ql
@@ -5,6 +5,7 @@
 * @kind problem
 * @id cpp/offset-use-before-range-check
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @tags reliability
 *       security
--- a/cpp/ql/src/Critical/InconsistentNullnessTesting.ql
+++ b/cpp/ql/src/Critical/InconsistentNullnessTesting.ql
@@ -4,6 +4,7 @@
 * @kind problem
 * @id cpp/inconsistent-nullness-testing
 * @problem.severity warning
+ * @problem.security-severity high
 * @tags reliability
 *       security
 *       external/cwe/cwe-476
--- a/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql
+++ b/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql
@@ -4,6 +4,7 @@
 * @kind problem
 * @id cpp/memory-may-not-be-freed
 * @problem.severity warning
+ * @problem.security-severity high
 * @tags efficiency
 *       security
 *       external/cwe/cwe-401
--- a/cpp/ql/src/Critical/MemoryNeverFreed.ql
+++ b/cpp/ql/src/Critical/MemoryNeverFreed.ql
@@ -4,6 +4,7 @@
 * @kind problem
 * @id cpp/memory-never-freed
 * @problem.severity warning
+ * @problem.security-severity high
 * @tags efficiency
 *       security
 *       external/cwe/cwe-401
--- a/cpp/ql/src/Critical/MissingNullTest.ql
+++ b/cpp/ql/src/Critical/MissingNullTest.ql
@@ -4,6 +4,7 @@
 * @kind problem
 * @id cpp/missing-null-test
 * @problem.severity recommendation
+ * @problem.security-severity high
 * @tags reliability
 *       security
 *       external/cwe/cwe-476
--- a/cpp/ql/src/Critical/NewFreeMismatch.ql
+++ b/cpp/ql/src/Critical/NewFreeMismatch.ql
@@ -3,6 +3,7 @@
 * @description An object that was allocated with 'malloc' or 'new' is being freed using a mismatching 'free' or 'delete'.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision high
 * @id cpp/new-free-mismatch
 * @tags reliability
--- a/cpp/ql/src/Critical/OverflowCalculated.ql
+++ b/cpp/ql/src/Critical/OverflowCalculated.ql
@@ -4,6 +4,7 @@
 * @kind problem
 * @id cpp/overflow-calculated
 * @problem.severity warning
+ * @problem.security-severity critical
 * @tags reliability
 *       security
 *       external/cwe/cwe-131
--- a/cpp/ql/src/Critical/OverflowDestination.ql
+++ b/cpp/ql/src/Critical/OverflowDestination.ql
@@ -5,6 +5,7 @@
 * @kind problem
 * @id cpp/overflow-destination
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision low
 * @tags reliability
 *       security
--- a/cpp/ql/src/Critical/OverflowStatic.ql
+++ b/cpp/ql/src/Critical/OverflowStatic.ql
@@ -4,6 +4,7 @@
 *              may result in a buffer overflow.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @id cpp/static-buffer-overflow
 * @tags reliability
--- a/cpp/ql/src/Critical/ReturnValueIgnored.ql
+++ b/cpp/ql/src/Critical/ReturnValueIgnored.ql
@@ -4,6 +4,7 @@
 * @kind problem
 * @id cpp/return-value-ignored
 * @problem.severity recommendation
+ * @problem.security-severity critical
 * @precision medium
 * @tags reliability
 *       correctness
--- a/cpp/ql/src/Critical/SizeCheck.ql
+++ b/cpp/ql/src/Critical/SizeCheck.ql
@@ -4,6 +4,7 @@
 *              an instance of the type of the pointer may result in a buffer overflow
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @id cpp/allocation-too-small
 * @tags reliability
--- a/cpp/ql/src/Critical/SizeCheck2.ql
+++ b/cpp/ql/src/Critical/SizeCheck2.ql
@@ -4,6 +4,7 @@
 *              multiple instances of the type of the pointer may result in a buffer overflow
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @id cpp/suspicious-allocation-size
 * @tags reliability
--- a/cpp/ql/src/Critical/UseAfterFree.ql
+++ b/cpp/ql/src/Critical/UseAfterFree.ql
@@ -4,6 +4,7 @@
 * @kind problem
 * @id cpp/use-after-free
 * @problem.severity warning
+ * @problem.security-severity high
 * @tags reliability
 *       security
 *       external/cwe/cwe-416
--- a/Bugs/AmbiguouslySignedBitField.ql
+++ b/Bugs/AmbiguouslySignedBitField.ql
@@ -7,6 +7,7 @@
 *              overflow.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision high
 * @id cpp/ambiguously-signed-bit-field
 * @tags reliability
--- a/Bugs/Arithmetic/BadAdditionOverflowCheck.ql
+++ b/Bugs/Arithmetic/BadAdditionOverflowCheck.ql
@@ -6,6 +6,7 @@
 *              to a larger type.
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity high
 * @precision very-high
 * @id cpp/bad-addition-overflow-check
 * @tags reliability
--- a/Bugs/Arithmetic/IntMultToLong.ql
+++ b/Bugs/Arithmetic/IntMultToLong.ql
@@ -4,6 +4,7 @@
 *              be a sign that the result can overflow the type converted from.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision high
 * @id cpp/integer-multiplication-cast-to-long
 * @tags reliability
--- a/Bugs/Conversion/CastArrayPointerArithmetic.ql
+++ b/Bugs/Conversion/CastArrayPointerArithmetic.ql
@@ -6,6 +6,7 @@
 *              use the width of the base type, leading to misaligned reads.
 * @kind path-problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision high
 * @tags correctness
 *       reliability
--- a/Bugs/Format/NonConstantFormat.ql
+++ b/Bugs/Format/NonConstantFormat.ql
@@ -6,6 +6,7 @@
 *              from an untrusted source, this can be used for exploits.
 * @kind problem
 * @problem.severity recommendation
+ * @problem.security-severity critical
 * @precision high
 * @id cpp/non-constant-format
 * @tags maintainability
--- a/Bugs/InconsistentCallOnResult.ql
+++ b/Bugs/InconsistentCallOnResult.ql
@@ -3,6 +3,7 @@
 * @description A function is called, and the same operation is usually performed on the return value - for example, free, delete, close etc. However, in some cases it is not performed. These unusual cases may indicate misuse of the API and could cause resource leaks.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity critical
 * @precision medium
 * @id cpp/inconsistent-call-on-result
 * @tags reliability
--- a/Bugs/InconsistentCheckReturnNull.ql
+++ b/Bugs/InconsistentCheckReturnNull.ql
@@ -6,6 +6,7 @@
 *              omitting the check could crash the program.
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity high
 * @precision medium
 * @id cpp/inconsistent-null-check
 * @tags reliability
--- a/Typos/inconsistentLoopDirection.ql
+++ b/Typos/inconsistentLoopDirection.ql
@@ -3,6 +3,7 @@
 * @description A for-loop iteration expression goes backward with respect of the initialization statement and condition expression.
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity high
 * @precision high
 * @id cpp/inconsistent-loop-direction
 * @tags correctness
--- a/Management/AllocaInLoop.ql
+++ b/Management/AllocaInLoop.ql
@@ -3,6 +3,7 @@
 * @description Using alloca in a loop can lead to a stack overflow
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision high
 * @id cpp/alloca-in-loop
 * @tags reliability
--- a/Management/ImproperNullTermination.ql
+++ b/Management/ImproperNullTermination.ql
@@ -5,6 +5,7 @@
 * @kind problem
 * @id cpp/improper-null-termination
 * @problem.severity warning
+ * @problem.security-severity high
 * @tags security
 *       external/cwe/cwe-170
 *       external/cwe/cwe-665
--- a/Management/StrncpyFlippedArgs.ql
+++ b/Management/StrncpyFlippedArgs.ql
@@ -4,6 +4,7 @@
 *              as the third argument may result in a buffer overflow.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @id cpp/bad-strncpy-size
 * @tags reliability
--- a/Management/SuspiciousCallToStrncat.ql
+++ b/Management/SuspiciousCallToStrncat.ql
@@ -4,6 +4,7 @@
 *              as the third argument may result in a buffer overflow.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @id cpp/unsafe-strncat
 * @tags reliability
--- a/Management/UninitializedLocal.ql
+++ b/Management/UninitializedLocal.ql
@@ -5,6 +5,7 @@
 * @kind problem
 * @id cpp/uninitialized-local
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @tags security
 *       external/cwe/cwe-665
--- a/Management/UnsafeUseOfStrcat.ql
+++ b/Management/UnsafeUseOfStrcat.ql
@@ -4,6 +4,7 @@
 *              may result in a buffer overflow
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity critical
 * @precision medium
 * @id cpp/unsafe-strcat
 * @tags reliability
--- a/Bugs/RedundantNullCheckSimple.ql
+++ b/Bugs/RedundantNullCheckSimple.ql
@@ -5,6 +5,7 @@
 *              it should be moved before the dereference.
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity high
 * @id cpp/redundant-null-check-simple
 * @tags reliability
 *       correctness
--- a/cpp/ql/src/Microsoft/IgnoreReturnValueSAL.ql
+++ b/cpp/ql/src/Microsoft/IgnoreReturnValueSAL.ql
@@ -6,6 +6,7 @@
 * @kind problem
 * @id cpp/ignore-return-value-sal
 * @problem.severity warning
+ * @problem.security-severity critical
 * @tags reliability
 *       external/cwe/cwe-573
 *       external/cwe/cwe-252
--- a/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql
+++ b/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql
@@ -5,6 +5,7 @@
 * @kind path-problem
 * @precision low
 * @problem.severity error
+ * @problem.security-severity high
 * @tags security external/cwe/cwe-20
 */

--- a/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql
+++ b/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql
@@ -5,6 +5,7 @@
 * @kind path-problem
 * @precision low
 * @problem.severity error
+ * @problem.security-severity high
 * @tags security external/cwe/cwe-20
 */

--- a/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
+++ b/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
@@ -4,6 +4,7 @@
 *              attacker to access unexpected resources.
 * @kind path-problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @id cpp/path-injection
 * @tags security
--- a/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
@@ -5,6 +5,7 @@
 *              to command injection.
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity critical
 * @precision low
 * @id cpp/command-line-injection
 * @tags security
--- a/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
+++ b/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
@@ -4,6 +4,7 @@
 *              allows for a cross-site scripting vulnerability.
 * @kind path-problem
 * @problem.severity error
+ * @problem.security-severity medium
 * @precision high
 * @id cpp/cgi-xss
 * @tags security
--- a/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
@@ -5,6 +5,7 @@
 *              to SQL Injection.
 * @kind path-problem
 * @problem.severity error
+ * @problem.security-severity critical
 * @precision high
 * @id cpp/sql-injection
 * @tags security
--- a/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
+++ b/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
@@ -5,6 +5,7 @@
 *              commands.
 * @kind path-problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @id cpp/uncontrolled-process-operation
 * @tags security
--- a/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql
+++ b/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql
@@ -6,6 +6,7 @@
 * @kind problem
 * @id cpp/overflow-buffer
 * @problem.severity recommendation
+ * @problem.security-severity high
 * @tags security
 *       external/cwe/cwe-119
 *       external/cwe/cwe-121
--- a/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
@@ -5,6 +5,7 @@
 *              overflow.
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity critical
 * @precision high
 * @id cpp/badly-bounded-write
 * @tags reliability
--- a/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql
@@ -4,6 +4,7 @@
 *              of data written may overflow.
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity critical
 * @precision medium
 * @id cpp/overrunning-write
 * @tags reliability
--- a/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql
+++ b/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql
@@ -5,6 +5,7 @@
 *              take extreme values.
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity critical
 * @precision medium
 * @id cpp/overrunning-write-with-float
 * @tags reliability
--- a/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
@@ -4,6 +4,7 @@
 *              of data written may overflow.
 * @kind path-problem
 * @problem.severity error
+ * @problem.security-severity critical
 * @precision medium
 * @id cpp/unbounded-write
 * @tags reliability
--- a/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql
+++ b/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql
@@ -5,6 +5,7 @@
 *              a specific value to terminate the argument list.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity critical
 * @precision medium
 * @id cpp/unterminated-variadic-call
 * @tags reliability
--- a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
+++ b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
@@ -6,6 +6,7 @@
 * @kind problem
 * @id cpp/unclear-array-index-validation
 * @problem.severity warning
+ * @problem.security-severity critical
 * @tags security
 *       external/cwe/cwe-129
 */
--- a/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
+++ b/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
@@ -5,6 +5,7 @@
 *              terminator can cause a buffer overrun.
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity critical
 * @precision high
 * @id cpp/no-space-for-terminator
 * @tags reliability
--- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
+++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
@@ -5,6 +5,7 @@
 *              or data representation problems.
 * @kind path-problem
 * @problem.severity warning
+ * @problem.security-severity critical
 * @precision high
 * @id cpp/tainted-format-string
 * @tags reliability
--- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql
+++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql
@@ -5,6 +5,7 @@
 *              or data representation problems.
 * @kind path-problem
 * @problem.severity warning
+ * @problem.security-severity critical
 * @precision high
 * @id cpp/tainted-format-string-through-global
 * @tags reliability
--- a/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
@@ -5,6 +5,7 @@
 * @kind problem
 * @id cpp/user-controlled-null-termination-tainted
 * @problem.severity warning
+ * @problem.security-severity medium
 * @tags security
 *       external/cwe/cwe-170
 */
--- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
@@ -4,6 +4,7 @@
 *              not validated can cause overflows.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision low
 * @id cpp/tainted-arithmetic
 * @tags security
--- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
@@ -4,6 +4,7 @@
 *              validated can cause overflows.
 * @kind path-problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @id cpp/uncontrolled-arithmetic
 * @tags security
--- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql
@@ -6,6 +6,7 @@
 * @kind problem
 * @id cpp/arithmetic-with-extreme-values
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision low
 * @tags security
 *       reliability
--- a/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
@@ -5,6 +5,7 @@
 * @id cpp/comparison-with-wider-type
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision high
 * @tags reliability
 *       security
--- a/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql
@@ -5,6 +5,7 @@
 * @kind problem
 * @id cpp/integer-overflow-tainted
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision low
 * @tags security
 *       external/cwe/cwe-190
--- a/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql
@@ -4,6 +4,7 @@
 *              user can result in integer overflow.
 * @kind path-problem
 * @problem.severity error
+ * @problem.security-severity high
 * @precision medium
 * @id cpp/uncontrolled-allocation-size
 * @tags reliability
--- a/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
+++ b/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
@@ -4,6 +4,7 @@
 * @kind problem
 * @id cpp/unsigned-difference-expression-compared-zero
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @tags security
 *       correctness
--- a/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql
+++ b/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql
@@ -5,6 +5,7 @@
 *              vulnerable to spoofing attacks.
 * @kind path-problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @id cpp/user-controlled-bypass
 * @tags security
--- a/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
@@ -4,6 +4,7 @@
 *              to an attacker.
 * @kind path-problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @id cpp/cleartext-storage-buffer
 * @tags security
--- a/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
+++ b/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
@@ -4,6 +4,7 @@
 *              an attacker to compromise security.
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity high
 * @precision medium
 * @id cpp/weak-cryptographic-algorithm
 * @tags security
--- a/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql
+++ b/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql
@@ -4,6 +4,7 @@
 *              attackers to retrieve portions of memory.
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity high
 * @precision very-high
 * @id cpp/openssl-heartbleed
 * @tags security
--- a/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql
+++ b/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql
@@ -5,6 +5,7 @@
 *              the two operations.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @id cpp/toctou-race-condition
 * @tags security
--- a/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql
+++ b/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql
@@ -4,6 +4,7 @@
 * @id cpp/unsafe-create-process-call
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity high
 * @precision medium
 * @msrc.severity important
 * @tags security
--- a/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql
+++ b/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql
@@ -6,6 +6,7 @@
 * @kind problem
 * @id cpp/incorrect-string-type-conversion
 * @problem.severity error
+ * @problem.security-severity critical
 * @precision high
 * @tags security
 *       external/cwe/cwe-704
--- a/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql
+++ b/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql
@@ -3,6 +3,7 @@
 * @description Creating a file that is world-writable can allow an attacker to write to the file.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @id cpp/world-writable-file-creation
 * @tags security
--- a/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql
+++ b/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql
@@ -7,6 +7,7 @@
 * @id cpp/unsafe-dacl-security-descriptor
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity high
 * @precision high
 * @tags security
 *       external/cwe/cwe-732
--- a/cpp/ql/src/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql
+++ b/cpp/ql/src/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql
@@ -6,6 +6,7 @@
 * @kind problem
 * @id cpp/infinite-loop-with-unsatisfiable-exit-condition
 * @problem.severity warning
+ * @problem.security-severity high
 * @tags security
 *       external/cwe/cwe-835
 */
--- a/Bugs/RedundantNullCheckParam.ql
+++ b/Bugs/RedundantNullCheckParam.ql
@@ -6,6 +6,7 @@
 * @kind problem
 * @id cpp/redundant-null-check-param
 * @problem.severity recommendation
+ * @problem.security-severity high
 * @tags reliability
 *       security
 *       external/cwe/cwe-476
--- a/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql
@@ -6,6 +6,7 @@
 * @kind problem
 * @id cpp/late-check-of-function-argument
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @tags correctness
 *       security
--- a/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
@@ -3,6 +3,7 @@
 * @description Use of one of the scanf functions without a specified length.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity critical
 * @id cpp/memory-unsafe-function-scan
 * @tags reliability
 *       security
--- a/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
@@ -3,6 +3,7 @@
 * @description Using a multiplication result that may overflow in the size of an allocation may lead to buffer overflows when the allocated memory is used.
 * @kind path-problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision low
 * @tags security
 *       correctness
--- a/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql
@@ -6,6 +6,7 @@
 *                from these methods is not checked.
 * @kind problem
 * @problem.severity recommendation
+ * @problem.security-severity critical
 * @id cpp/drop-linux-privileges-outoforder
 * @tags security
 *       external/cwe/cwe-273
--- a/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
@@ -5,6 +5,7 @@
 * @kind problem
 * @id cpp/memory-leak-on-failed-call-to-realloc
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @tags correctness
 *       security
--- a/cpp/ql/src/jsf/4.10
+++ b/cpp/ql/src/jsf/4.10
@@ -3,6 +3,7 @@
 * @description All resources acquired by a class should be released by its destructor. Avoid the use of the 'open / close' pattern, since C++ constructors and destructors provide a safer way to handle resource acquisition and release. Best practice in C++ is to use the 'RAII' technique: constructors allocate resources and destructors free them.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision high
 * @id cpp/resource-not-released-in-destructor
 * @tags efficiency
--- a/cpp/ql/src/jsf/4.20
+++ b/cpp/ql/src/jsf/4.20
@@ -4,6 +4,7 @@
 *              may result in unexpected sign extension or overflow.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision low
 * @id cpp/signed-bit-field
 * @tags correctness
--- a/Abuse/DisposeNotCalledOnException.ql
+++ b/Abuse/DisposeNotCalledOnException.ql
@@ -5,6 +5,7 @@
 *              not be released.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @id cs/dispose-not-called-on-throw
 * @tags efficiency
--- a/Abuse/MissingDisposeCall.ql
+++ b/Abuse/MissingDisposeCall.ql
@@ -4,6 +4,7 @@
 *              should dispose those members in their 'Dispose()' method.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision low
 * @id cs/member-not-disposed
 * @tags efficiency
--- a/Abuse/MissingDisposeMethod.ql
+++ b/Abuse/MissingDisposeMethod.ql
@@ -4,6 +4,7 @@
 *              should also declare/override 'Dispose()'.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision low
 * @id cs/missing-dispose-method
 * @tags efficiency
--- a/Abuse/NoDisposeCallOnLocalIDisposable.ql
+++ b/Abuse/NoDisposeCallOnLocalIDisposable.ql
@@ -4,6 +4,7 @@
 *              objects, otherwise unmanaged resources may not be released.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision high
 * @id cs/local-not-disposed
 * @tags efficiency
--- a/Abuse/UncheckedReturnValue.ql
+++ b/Abuse/UncheckedReturnValue.ql
@@ -4,6 +4,7 @@
 *              of that method, the calls that do not check the return value may be mistakes.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity critical
 * @precision low
 * @id cs/unchecked-return-value
 * @tags reliability
--- a/Practices/Control-Flow/ConstantCondition.ql
+++ b/Practices/Control-Flow/ConstantCondition.ql
@@ -5,6 +5,7 @@
 *              is likely to cause an infinite loop.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision very-high
 * @id cs/constant-condition
 * @tags maintainability
--- a/csharp/ql/src/CSI/NullAlways.ql
+++ b/csharp/ql/src/CSI/NullAlways.ql
@@ -3,6 +3,7 @@
 * @description Dereferencing a variable whose value is 'null' causes a 'NullReferenceException'.
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity high
 * @precision very-high
 * @id cs/dereferenced-value-is-always-null
 * @tags reliability
--- a/csharp/ql/src/CSI/NullMaybe.ql
+++ b/csharp/ql/src/CSI/NullMaybe.ql
@@ -4,6 +4,7 @@
 *              'NullReferenceException'.
 * @kind path-problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision high
 * @id cs/dereferenced-value-may-be-null
 * @tags reliability
--- a/csharp/ql/src/Concurrency/FutileSyncOnField.ql
+++ b/csharp/ql/src/Concurrency/FutileSyncOnField.ql
@@ -4,6 +4,7 @@
 *              to provide the desired thread safety.
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity high
 * @precision high
 * @id cs/unsafe-sync-on-field
 * @tags reliability
--- a/csharp/ql/src/Concurrency/LockOrder.ql
+++ b/csharp/ql/src/Concurrency/LockOrder.ql
@@ -3,6 +3,7 @@
 * @description Locking in an inconsistent sequence can lead to deadlock.
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity high
 * @precision high
 * @id cs/inconsistent-lock-sequence
 * @tags reliability
--- a/csharp/ql/src/Concurrency/LockThis.ql
+++ b/csharp/ql/src/Concurrency/LockThis.ql
@@ -4,6 +4,7 @@
 *              it might be locked elsewhere.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision high
 * @id cs/lock-this
 * @tags reliability
--- a/csharp/ql/src/Concurrency/LockedWait.ql
+++ b/csharp/ql/src/Concurrency/LockedWait.ql
@@ -3,6 +3,7 @@
 * @description A lock is held during a call to System.Threading.Monitor.Wait(). This can lead to deadlocks and performance problems.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision high
 * @id cs/locked-wait
 * @tags reliability
--- a/csharp/ql/src/Concurrency/SynchSetUnsynchGet.ql
+++ b/csharp/ql/src/Concurrency/SynchSetUnsynchGet.ql
@@ -4,6 +4,7 @@
 *              then the value returned by the getter can be inconsistent.
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity high
 * @precision medium
 * @id cs/unsynchronized-getter
 * @tags correctness
--- a/csharp/ql/src/Concurrency/UnsynchronizedStaticAccess.ql
+++ b/csharp/ql/src/Concurrency/UnsynchronizedStaticAccess.ql
@@ -4,6 +4,7 @@
 *              during an addition or resizing operation, an infinite loop can occur.
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity high
 * @precision medium
 * @id cs/unsynchronized-static-access
 * @tags concurrency
--- a/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql
+++ b/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql
@@ -3,6 +3,7 @@
 * @description Finds empty passwords in configuration files.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @id cs/empty-password-in-configuration
 * @tags security
--- a/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql
+++ b/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql
@@ -3,6 +3,7 @@
 * @description Finds passwords in configuration files.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity medium
 * @precision medium
 * @id cs/password-in-configuration
 * @tags security
--- a/Validation/UseOfFileUpload.ql
+++ b/Validation/UseOfFileUpload.ql
@@ -3,6 +3,7 @@
 * @description Finds uses of file upload
 * @kind problem
 * @problem.severity recommendation
+ * @problem.security-severity high
 * @precision high
 * @id cs/web/file-upload
 * @tags security
--- a/Bugs/Collections/ContainerLengthCmpOffByOne.ql
+++ b/Bugs/Collections/ContainerLengthCmpOffByOne.ql
@@ -4,6 +4,7 @@
 *              in an array indexing operation that could be out of bounds.
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity critical
 * @precision high
 * @id cs/index-out-of-bounds
 * @tags reliability
--- a/Bugs/PossibleLossOfPrecision.ql
+++ b/Bugs/PossibleLossOfPrecision.ql
@@ -4,6 +4,7 @@
 *              floating-point value may result in a loss of precision.
 * @kind problem
 * @problem.severity error
+ * @problem.security-severity high
 * @precision high
 * @id cs/loss-of-precision
 * @tags reliability
--- a/Bugs/RandomUsedOnce.ql
+++ b/Bugs/RandomUsedOnce.ql
@@ -4,6 +4,7 @@
 *              guarantee an evenly distributed sequence of random numbers.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity critical
 * @precision low
 * @id cs/random-used-once
 * @tags reliability
--- a/Bugs/ThreadUnsafeICryptoTransform.ql
+++ b/Bugs/ThreadUnsafeICryptoTransform.ql
@@ -5,6 +5,7 @@
 *              but under some circumstances may also result in incorrect results.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @id cs/thread-unsafe-icryptotransform-field-in-class
 * @tags concurrency
--- a/Bugs/ThreadUnsafeICryptoTransformLambda.ql
+++ b/Bugs/ThreadUnsafeICryptoTransformLambda.ql
@@ -6,6 +6,7 @@
 *              but under some circumstances may also result in incorrect results.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @id cs/thread-unsafe-icryptotransform-captured-in-lambda
 * @tags concurrency
--- a/csharp/ql/src/Linq/BadMultipleIteration.ql
+++ b/csharp/ql/src/Linq/BadMultipleIteration.ql
@@ -3,6 +3,7 @@
 * @description Not every enumerable sequence is repeatable, so it is dangerous to write code that can consume elements of a sequence in more than one place.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @id cs/linq/inconsistent-enumeration
 * @tags reliability
--- a/Features/CWE-016/ASPNetMaxRequestLength.ql
+++ b/Features/CWE-016/ASPNetMaxRequestLength.ql
@@ -4,6 +4,7 @@
 *              denial-of-service attacks.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @id cs/web/large-max-request-length
 * @tags security
 *       frameworks/asp.net
--- a/Features/CWE-016/ASPNetPagesValidateRequest.ql
+++ b/Features/CWE-016/ASPNetPagesValidateRequest.ql
@@ -3,6 +3,7 @@
 * @description ASP.NET pages should not disable the built-in request validation.
 * @kind problem
 * @problem.severity warning
+ * @problem.security-severity high
 * @id cs/web/request-validation-disabled
 * @tags security
 *       frameworks/asp.net
--- a/Features/CWE-016/ASPNetRequestValidationMode.ql
+++ b/Features/CWE-016/ASPNetRequestValidationMode.ql
@@ -6,6 +6,7 @@
 * @kind problem
 * @id cs/insecure-request-validation-mode
 * @problem.severity warning
+ * @problem.security-severity high
 * @tags security
 *       external/cwe/cwe-016
 */
--- a/Features/CWE-020/RuntimeChecksBypass.ql
+++ b/Features/CWE-020/RuntimeChecksBypass.ql
@@ -4,6 +4,7 @@
 * @kind problem
 * @id cs/serialization-check-bypass
 * @problem.severity warning
+ * @problem.security-severity high
 * @precision medium
 * @tags security
 *       external/cwe/cwe-20
--- a/Show More
+++ b/Show More