Tag all security queries in supported languages' experimental directories with an experimental tag

2025-12-16 16:53:25 +01:00 · 2022-12-14 17:15:50 +01:00
parent a92acf5218
commit 4ec401a3f6
148 changed files with 155 additions and 3 deletions
--- a/Bugs/ArrayAccessProductFlow.ql
+++ b/Bugs/ArrayAccessProductFlow.ql
@@ -6,6 +6,7 @@
 * @id cpp/off-by-one-array-access
 * @tags reliability
 *       security
+ *       experimental
 */

 import cpp
--- a/Bugs/OverrunWriteProductFlow.ql
+++ b/Bugs/OverrunWriteProductFlow.ql
@@ -7,6 +7,7 @@
 * @id cpp/overrun-write
 * @tags reliability
 *       security
+ *       experimental
 *       external/cwe/cwe-119
 *       external/cwe/cwe-131
 */
--- a/Bugs/RedundantNullCheckParam.ql
+++ b/Bugs/RedundantNullCheckParam.ql
@@ -9,6 +9,7 @@
 * @tags reliability
 *       security
 *       external/cwe/cwe-476
+ *       experimental
 */

 import cpp
--- a/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql
@@ -9,6 +9,7 @@
 * @precision medium
 * @tags correctness
 *       security
+ *       experimental
 *       external/cwe/cwe-20
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql
@@ -11,6 +11,7 @@
 * @problem.severity warning
 * @security-severity 7.5
 * @tags security
+ *       experimental
 *       external/cwe/cwe-020
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql
@@ -8,6 +8,7 @@
 * @precision high
 * @id cpp/wordexp-injection
 * @tags security
+ *       experimental
 *       external/cwe/cwe-078
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql
@@ -8,6 +8,7 @@
 * @tags correctness
 *       maintainability
 *       security
+ *       experimental
 *       external/cwe/cwe-1041
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.ql
@@ -9,6 +9,7 @@
 * @precision medium
 * @tags correctness
 *       security
+ *       experimental
 *       external/cwe/cwe-1126
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
@@ -6,6 +6,7 @@
 * @id cpp/memory-unsafe-function-scan
 * @tags reliability
 *       security
+ *       experimental
 *       external/cwe/cwe-120
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql
@@ -7,6 +7,7 @@
 * @precision medium
 * @tags correctness
 *       security
+ *       experimental
 *       external/cwe/cwe-125
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
@@ -6,6 +6,7 @@
 * @precision low
 * @tags security
 *       correctness
+ *       experimental
 *       external/cwe/cwe-190
 *       external/cwe/cwe-128
 * @id cpp/multiplication-overflow-in-alloc
--- a/cpp/ql/src/experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql
@@ -7,6 +7,7 @@
 * @precision medium
 * @tags correctness
 *       security
+ *       experimental
 *       external/cwe/cwe-190
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql
@@ -7,6 +7,7 @@
 * @id cpp/constant-array-overflow
 * @tags reliability
 *       security
+ *       experimental
 */

 import experimental.semmle.code.cpp.semantic.analysis.RangeAnalysis
--- a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql
@@ -8,6 +8,7 @@
 * @id cpp/invalid-pointer-deref
 * @tags reliability
 *       security
+ *       experimental
 *       external/cwe/cwe-119
 *       external/cwe/cwe-125
 *       external/cwe/cwe-193
--- a/cpp/ql/src/experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql
@@ -8,6 +8,7 @@
 * @tags correctness
 *       maintainability
 *       security
+ *       experimental
 *       external/cwe/cwe-200
 *       external/cwe/cwe-264
 */
--- a/cpp/ql/src/experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql
@@ -7,6 +7,7 @@
 * @precision medium
 * @tags correctness
 *       security
+ *       experimental
 *       external/cwe/cwe-243
 *       external/cwe/cwe-252
 */
--- a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql
@@ -8,6 +8,7 @@
 * @tags correctness
 *       maintainability
 *       security
+ *       experimental
 *       external/cwe/cwe-266
 *       external/cwe/cwe-264
 *       external/cwe/cwe-200
--- a/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql
@@ -8,6 +8,7 @@
 * @problem.severity recommendation
 * @id cpp/drop-linux-privileges-outoforder
 * @tags security
+ *       experimental
 *       external/cwe/cwe-273
 * @precision medium
 */
--- a/cpp/ql/src/experimental/Security/CWE/CWE-285/PamAuthorization.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-285/PamAuthorization.ql
@@ -5,6 +5,7 @@
 * @problem.severity error
 * @id cpp/pam-auth-bypass
 * @tags security
+ *       experimental
 *       external/cwe/cwe-285
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql
@@ -6,6 +6,7 @@
 * @problem.severity error
 * @id cpp/private-cleartext-write
 * @tags security
+ *       experimental
 *       external/cwe/cwe-359
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql
@@ -11,6 +11,7 @@
 * @problem.severity warning
 * @security-severity 7.5
 * @tags security
+ *       experimental
 *       external/cwe/cwe-362
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql
@@ -7,6 +7,7 @@
 * @precision medium
 * @tags correctness
 *       security
+ *       experimental
 *       external/cwe/cwe-377
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
@@ -8,6 +8,7 @@
 * @precision medium
 * @tags correctness
 *       security
+ *       experimental
 *       external/cwe/cwe-401
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-415/DoubleFree.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-415/DoubleFree.ql
@@ -6,6 +6,7 @@
 * @problem.severity warning
 * @precision medium
 * @tags security
+ *       experimental
 *       external/cwe/cwe-415
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql
@@ -7,6 +7,7 @@
 * @precision medium
 * @tags correctness
 *       security
+ *       experimental
 *       external/cwe/cwe-476
 *       external/cwe/cwe-415
 */
--- a/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql
@@ -8,6 +8,7 @@
 * @precision medium
 * @tags correctness
 *       security
+ *       experimental
 *       external/cwe/cwe-561
 *       external/cwe/cwe-691
 *       external/cwe/cwe-478
--- a/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql
@@ -7,6 +7,7 @@
 * @precision medium
 * @tags correctness
 *       security
+ *       experimental
 *       external/cwe/cwe-670
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql
@@ -6,6 +6,7 @@
 * @problem.severity warning
 * @precision medium
 * @tags security
+ *       experimental
 *       external/cwe/cwe-675
 *       external/cwe/cwe-666
 */
--- a/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementAfterRefactoringTheCode.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementAfterRefactoringTheCode.ql
@@ -10,6 +10,7 @@
 * @precision medium
 * @tags correctness
 *       security
+ *       experimental
 *       external/cwe/cwe-691
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementWhenUsingBitOperations.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementWhenUsingBitOperations.ql
@@ -8,6 +8,7 @@
 * @precision medium
 * @tags correctness
 *       security
+ *       experimental
 *       external/cwe/cwe-691
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql
@@ -7,6 +7,7 @@
 * @precision medium
 * @tags correctness
 *       security
+ *       experimental
 *       external/cwe/cwe-703
 *       external/cwe/cwe-248
 *       external/cwe/cwe-390
--- a/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql
@@ -7,6 +7,7 @@
 * @precision medium
 * @tags correctness
 *       security
+ *       experimental
 *       external/cwe/cwe-754
 *       external/cwe/cwe-908
 */
--- a/cpp/ql/src/experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql
@@ -8,6 +8,7 @@
 * @problem.severity warning
 * @precision medium
 * @tags security
+ *       experimental
 *       external/cwe/cwe-758
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql
@@ -8,6 +8,7 @@
 * @precision medium
 * @tags maintainability
 *       readability
+ *       experimental
 *       external/cwe/cwe-783
 *       external/cwe/cwe-480
 */
--- a/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql
@@ -8,6 +8,7 @@
 * @precision medium
 * @tags correctness
 *       security
+ *       experimental
 *       external/cwe/cwe-783
 *       external/cwe/cwe-480
 */
--- a/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql
@@ -6,6 +6,7 @@
 * @problem.severity warning
 * @tags reliability
 *       security
+ *       experimental
 *       external/cwe/cwe-787
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql
@@ -8,6 +8,7 @@
 * @precision medium
 * @tags correctness
 *       security
+ *       experimental
 *       external/cwe/cwe-788
 */

--- a/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql
+++ b/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id cs/webclient-path-injection
 * @tags security
+ *       experimental
 *       external/cwe/cwe-099
 *       external/cwe/cwe-023
 *       external/cwe/cwe-036
--- a/csharp/ql/src/experimental/CWE-918/RequestForgery.ql
+++ b/csharp/ql/src/experimental/CWE-918/RequestForgery.ql
@@ -6,6 +6,7 @@
 * @precision high
 * @id cs/request-forgery
 * @tags security
+ *       experimental
 *       external/cwe/cwe-918
 */

--- a/Features/CWE-1004/CookieWithoutHttpOnly.ql
+++ b/Features/CWE-1004/CookieWithoutHttpOnly.ql
@@ -9,6 +9,7 @@
 * @precision high
 * @id cs/web/cookie-httponly-not-set
 * @tags security
+ *       experimental
 *       external/cwe/cwe-1004
 */

--- a/Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
+++ b/Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
@@ -4,6 +4,7 @@
 * @kind problem
 * @tags security
 *       cryptography
+ *       experimental
 *       external/cwe/cwe-327
 * @id cs/azure-storage/unsafe-usage-of-client-side-encryption-version
 * @problem.severity error
--- a/Features/CWE-614/CookieWithoutSecure.ql
+++ b/Features/CWE-614/CookieWithoutSecure.ql
@@ -8,6 +8,7 @@
 * @precision high
 * @id cs/web/cookie-secure-not-set
 * @tags security
+ *       experimental
 *       external/cwe/cwe-319
 *       external/cwe/cwe-614
 */
--- a/Features/CWE-759/HashWithoutSalt.ql
+++ b/Features/CWE-759/HashWithoutSalt.ql
@@ -5,6 +5,7 @@
 * @problem.severity error
 * @id cs/hash-without-salt
 * @tags security
+ *       experimental
 *       external/cwe-759
 */

--- a/Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql
+++ b/Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql
@@ -4,6 +4,7 @@
 *   Higher precision version checks for exception throws, so less false positives are expected.
 * @kind problem
 * @tags security
+ *       experimental
 *       JsonWebTokenHandler
 *       manual-verification-required
 * @id cs/json-webtoken-handler/delegated-security-validations-always-return-true
--- a/Features/JsonWebTokenHandler/security-validation-disabled.ql
+++ b/Features/JsonWebTokenHandler/security-validation-disabled.ql
@@ -3,6 +3,7 @@
 * @description Check if security sensitive token validations for `JsonWebTokenHandler` are being disabled.
 * @kind problem
 * @tags security
+ *       experimental
 *       JsonWebTokenHandler
 *       manual-verification-required
 * @id cs/json-webtoken-handler/security-validations-disabled
--- a/Features/Serialization/DefiningDatasetRelatedType.ql
+++ b/Features/Serialization/DefiningDatasetRelatedType.ql
@@ -5,6 +5,7 @@
 * @problem.severity warning
 * @id cs/dataset-serialization/defining-dataset-related-type
 * @tags security
+ *       experimental
 */

 import csharp
--- a/Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.ql
+++ b/Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.ql
@@ -6,6 +6,7 @@
 * @precision medium
 * @id cs/dataset-serialization/defining-potentially-unsafe-xml-serializer
 * @tags security
+ *       experimental
 */

 import csharp
--- a/Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql
+++ b/Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql
@@ -6,6 +6,7 @@
 * @precision medium
 * @id cs/dataset-serialization/unsafe-type-used-data-contract-serializer
 * @tags security
+ *       experimental
 */

 import csharp
--- a/Features/Serialization/XmlDeserializationWithDataSet.ql
+++ b/Features/Serialization/XmlDeserializationWithDataSet.ql
@@ -6,6 +6,7 @@
 * @precision medium
 * @id cs/dataset-serialization/xml-deserialization-with-dataset
 * @tags security
+ *       experimental
 */

 import csharp
--- a/Features/backdoor/DangerousNativeFunctionCall.ql
+++ b/Features/backdoor/DangerousNativeFunctionCall.ql
@@ -6,6 +6,7 @@
 * @precision low
 * @id cs/backdoor/dangerous-native-functions
 * @tags security
+ *       experimental
 *       solorigate
 */

--- a/Features/backdoor/PotentialTimeBomb.ql
+++ b/Features/backdoor/PotentialTimeBomb.ql
@@ -6,6 +6,7 @@
 * @problem.severity warning
 * @id cs/backdoor/potential-time-bomb
 * @tags security
+ *       experimental
 *       solorigate
 */

--- a/Features/backdoor/ProcessNameToHashTaintFlow.ql
+++ b/Features/backdoor/ProcessNameToHashTaintFlow.ql
@@ -3,6 +3,7 @@
 * @description Flow from a function retrieving process name to a hash function.
 * @kind path-problem
 * @tags security
+ *       experimental
 *       solorigate
 * @problem.severity warning
 * @precision medium
--- a/go/ql/src/experimental/CWE-090/LDAPInjection.ql
+++ b/go/ql/src/experimental/CWE-090/LDAPInjection.ql
@@ -6,6 +6,7 @@
 * @problem.severity error
 * @id go/ldap-injection
 * @tags security
+ *       experimental
 *       external/cwe/cwe-90
 */

--- a/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql
+++ b/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql
@@ -9,6 +9,7 @@
 * @precision high
 * @id go/cookie-httponly-not-set
 * @tags security
+ *       experimental
 *       external/cwe/cwe-1004
 */

--- a/go/ql/src/experimental/CWE-285/PamAuthBypass.ql
+++ b/go/ql/src/experimental/CWE-285/PamAuthBypass.ql
@@ -6,6 +6,7 @@
 * @id go/pam-auth-bypass
 * @tags maintainability
 *       correctness
+ *       experimental
 *       external/cwe/cwe-561
 *       external/cwe/cwe-285
 * @precision very-high
--- a/go/ql/src/experimental/CWE-321/HardcodedKeys.ql
+++ b/go/ql/src/experimental/CWE-321/HardcodedKeys.ql
@@ -5,6 +5,7 @@
 * @problem.severity error
 * @id go/hardcoded-key
 * @tags security
+ *       experimental
 *       external/cwe/cwe-321
 */

--- a/go/ql/src/experimental/CWE-327/WeakCryptoAlgorithm.ql
+++ b/go/ql/src/experimental/CWE-327/WeakCryptoAlgorithm.ql
@@ -5,8 +5,9 @@
 * @problem.severity error
 * @id go/weak-crypto-algorithm
 * @tags security
- *         external/cwe/cwe-327
- *         external/cwe/cwe-328
+ *       experimental
+ *       external/cwe/cwe-327
+ *       external/cwe/cwe-328
 */

 import go
--- a/go/ql/src/experimental/CWE-369/DivideByZero.ql
+++ b/go/ql/src/experimental/CWE-369/DivideByZero.ql
@@ -5,6 +5,7 @@
 * @problem.severity error
 * @id go/divide-by-zero
 * @tags security
+ *       experimental
 *       external/cwe/cwe-369
 */

--- a/go/ql/src/experimental/CWE-400/DatabaseCallInLoop.ql
+++ b/go/ql/src/experimental/CWE-400/DatabaseCallInLoop.ql
@@ -6,6 +6,8 @@
 * @problem.severity warning
 * @precision high
 * @id go/examples/database-call-in-loop
+ * @tags security
+ *       experimental
 */

 import go
--- a/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql
+++ b/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql
@@ -6,6 +6,7 @@
 * @problem.severity warning
 * @id go/html-template-escaping-passthrough
 * @tags security
+ *       experimental
 *       external/cwe/cwe-79
 */

--- a/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql
+++ b/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql
@@ -8,6 +8,8 @@
 * @tags external/cwe/cwe-807
 *       external/cwe/cwe-247
 *       external/cwe/cwe-350
+ *       experimental
+ *       security
 */

 import go
--- a/go/ql/src/experimental/CWE-840/ConditionalBypass.ql
+++ b/go/ql/src/experimental/CWE-840/ConditionalBypass.ql
@@ -6,6 +6,8 @@
 * @kind problem
 * @problem.severity warning
 * @tags external/cwe/cwe-840
+ *       security
+ *       experimental
 */

 import go
--- a/go/ql/src/experimental/CWE-918/SSRF.ql
+++ b/go/ql/src/experimental/CWE-918/SSRF.ql
@@ -6,6 +6,7 @@
 * @problem.severity error
 * @precision high
 * @tags security
+ *       experimental
 *       external/cwe/cwe-918
 */

--- a/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql
+++ b/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql
@@ -7,6 +7,7 @@
 * @problem.severity warning
 * @id go/cors-misconfiguration
 * @tags security
+ *       experimental
 *       external/cwe/cwe-942
 *       external/cwe/cwe-346
 */
--- a/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql
+++ b/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql
@@ -6,6 +6,7 @@
 * @problem.severity error
 * @id go/wrong-usage-of-unsafe
 * @tags security
+ *       experimental
 *       external/cwe/cwe-119
 *       external/cwe/cwe-126
 */
--- a/java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id java/insecure-spring-actuator-config
 * @tags security
+ *       experimental
 *       external/cwe/cwe-016
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id java/spring-boot-exposed-actuators
 * @tags security
+ *       experimental
 *       external/cwe/cwe-16
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql
@@ -8,6 +8,7 @@
 * @precision high
 * @id java/log4j-injection
 * @tags security
+ *       experimental
 *       external/cwe/cwe-020
 *       external/cwe/cwe-074
 *       external/cwe/cwe-400
--- a/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql
@@ -7,6 +7,7 @@
 * @precision medium
 * @id java/openstream-called-on-tainted-url
 * @tags security
+ *       experimental
 *       external/cwe/cwe-036
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql
@@ -8,6 +8,7 @@
 * @precision high
 * @id java/file-path-injection
 * @tags security
+ *       experimental
 *       external/cwe-073
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id java/command-line-injection-experimental
 * @tags security
+ *       experimental
 *       external/cwe/cwe-078
 *       external/cwe/cwe-088
 */
--- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql
@@ -8,6 +8,7 @@
 * @precision high
 * @id java/mybatis-annotation-sql-injection
 * @tags security
+ *       experimental
 *       external/cwe/cwe-089
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql
@@ -8,6 +8,7 @@
 * @precision high
 * @id java/mybatis-xml-sql-injection
 * @tags security
+ *       experimental
 *       external/cwe/cwe-089
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id java/beanshell-injection
 * @tags security
+ *       experimental
 *       external/cwe/cwe-094
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-094/InsecureDexLoading.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/InsecureDexLoading.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id java/android-insecure-dex-loading
 * @tags security
+ *       experimental
 *       external/cwe/cwe-094
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id java/jshell-injection
 * @tags security
+ *       experimental
 *       external/cwe/cwe-094
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id java/javaee-expression-injection
 * @tags security
+ *       experimental
 *       external/cwe/cwe-094
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id java/jython-injection
 * @tags security
+ *       experimental
 *       external/cwe/cwe-094
 *       external/cwe/cwe-095
 */
--- a/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id java/unsafe-eval
 * @tags security
+ *       experimental
 *       external/cwe/cwe-094
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql
@@ -6,6 +6,7 @@
 * @precision high
 * @id java/spring-view-manipulation-implicit
 * @tags security
+ *       experimental
 *       external/cwe/cwe-094
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.ql
@@ -6,6 +6,7 @@
 * @precision high
 * @id java/spring-view-manipulation
 * @tags security
+ *       experimental
 *       external/cwe/cwe-094
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-1004/InsecureTomcatConfig.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-1004/InsecureTomcatConfig.ql
@@ -6,6 +6,7 @@
 * @precision medium
 * @id java/tomcat-disabled-httponly
 * @tags security
+ *       experimental
 *       external/cwe/cwe-1004
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql
@@ -7,6 +7,7 @@
 * @precision medium
 * @id java/sensitive-cookie-not-httponly
 * @tags security
+ *       experimental
 *       external/cwe/cwe-1004
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql
@@ -6,6 +6,7 @@
 * @id java/insecure-webview-resource-response
 * @problem.severity error
 * @tags security
+ *       experimental
 *       external/cwe/cwe-200
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql
@@ -6,6 +6,7 @@
 * @id java/sensitive-android-file-leak
 * @problem.severity warning
 * @tags security
+ *       experimental
 *       external/cwe/cwe-200
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-208/PossibleTimingAttackAgainstSignature.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-208/PossibleTimingAttackAgainstSignature.ql
@@ -9,6 +9,7 @@
 * @precision medium
 * @id java/possible-timing-attack-against-signature
 * @tags security
+ *       experimental
 *       external/cwe/cwe-208
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id java/timing-attack-against-headers-value
 * @tags security
+ *       experimental
 *       external/cwe/cwe-208
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstSignature.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstSignature.ql
@@ -10,6 +10,7 @@
 * @precision high
 * @id java/timing-attack-against-signature
 * @tags security
+ *       experimental
 *       external/cwe/cwe-208
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql
@@ -8,6 +8,7 @@
 * @precision medium
 * @id java/jxbrowser/disabled-certificate-validation
 * @tags security
+ *       experimental
 *       external/cwe/cwe-295
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id java/ignored-hostname-verification
 * @tags security
+ *       experimental
 *       external/cwe/cwe-297
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql
@@ -8,6 +8,7 @@
 * @precision medium
 * @id java/insecure-ldaps-endpoint
 * @tags security
+ *       experimental
 *       external/cwe/cwe-297
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id java/disabled-certificate-revocation-checking
 * @tags security
+ *       experimental
 *       external/cwe/cwe-299
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-321/HardcodedJwtKey.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-321/HardcodedJwtKey.ql
@@ -5,6 +5,7 @@
 * @problem.severity error
 * @id java/hardcoded-jwt-key
 * @tags security
+ *       experimental
 *       external/cwe/cwe-321
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id java/unsafe-tls-version
 * @tags security
+ *       experimental
 *       external/cwe/cwe-327
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql
@@ -6,6 +6,7 @@
 * @precision high
 * @id java/unvalidated-cors-origin-set
 * @tags security
+ *       experimental
 *       external/cwe/cwe-346
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id java/ip-address-spoofing
 * @tags security
+ *       experimental
 *       external/cwe/cwe-348
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id java/jsonp-injection
 * @tags security
+ *       experimental
 *       external/cwe/cwe-352
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql
@@ -6,6 +6,7 @@
 * @id java/thread-resource-abuse
 * @problem.severity warning
 * @tags security
+ *       experimental
 *       external/cwe/cwe-400
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id java/unsafe-reflection
 * @tags security
+ *       experimental
 *       external/cwe/cwe-470
 */

--- a/java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql
@@ -6,6 +6,7 @@
 * @precision medium
 * @id java/main-method-in-enterprise-bean
 * @tags security
+ *       experimental
 *       external/cwe/cwe-489
 */

--- a/Show More
+++ b/Show More