Tag all security queries in supported languages' experimental directories with an experimental tag

2025-12-21 19:26:31 +01:00 · 2022-12-14 17:15:50 +01:00
parent a92acf5218
commit 4ec401a3f6
148 changed files with 155 additions and 3 deletions
--- a/python/ql/src/experimental/Security/CWE-022/ZipSlip.ql
+++ b/python/ql/src/experimental/Security/CWE-022/ZipSlip.ql
@@ -9,6 +9,7 @@
 * @security-severity 7.5
 * @precision high
 * @tags security
+ *       experimental
 *       external/cwe/cwe-022
 */

--- a/python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.ql
+++ b/python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.ql
@@ -9,6 +9,7 @@
 * @security-severity 7.5
 * @precision high
 * @tags security
+ *       experimental
 *       external/cwe/cwe-022
 */

--- a/python/ql/src/experimental/Security/CWE-074/TemplateInjection.ql
+++ b/python/ql/src/experimental/Security/CWE-074/TemplateInjection.ql
@@ -6,6 +6,7 @@
 * @precision high
 * @id py/template-injection
 * @tags security
+ *       experimental
 *       external/cwe/cwe-074
 */

--- a/python/ql/src/experimental/Security/CWE-079/ReflectedXSS.ql
+++ b/python/ql/src/experimental/Security/CWE-079/ReflectedXSS.ql
@@ -8,6 +8,7 @@
 * @sub-severity high
 * @id py/reflective-xss-email
 * @tags security
+ *       experimental
 *       external/cwe/cwe-079
 *       external/cwe/cwe-116
 */
--- a/python/ql/src/experimental/Security/CWE-091/Xslt.ql
+++ b/python/ql/src/experimental/Security/CWE-091/Xslt.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id py/xslt-injection
 * @tags security
+ *       experimental
 *       external/cwe/cwe-643
 */

--- a/python/ql/src/experimental/Security/CWE-113/HeaderInjection.ql
+++ b/python/ql/src/experimental/Security/CWE-113/HeaderInjection.ql
@@ -6,6 +6,7 @@
 * @problem.severity error
 * @id py/header-injection
 * @tags security
+ *       experimental
 *       external/cwe/cwe-113
 *       external/cwe/cwe-079
 */
--- a/python/ql/src/experimental/Security/CWE-1236/CsvInjection.ql
+++ b/python/ql/src/experimental/Security/CWE-1236/CsvInjection.ql
@@ -6,6 +6,7 @@
 * @problem.severity error
 * @id py/csv-injection
 * @tags security
+ *       experimental
 *       external/cwe/cwe-1236
 */

--- a/python/ql/src/experimental/Security/CWE-287/ImproperLdapAuth.ql
+++ b/python/ql/src/experimental/Security/CWE-287/ImproperLdapAuth.ql
@@ -5,6 +5,7 @@
 * @problem.severity warning
 * @id py/improper-ldap-auth
 * @tags security
+ *       experimental
 *       external/cwe/cwe-287
 */

--- a/python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
+++ b/python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
@@ -3,6 +3,7 @@
 * @description Using version v1 of Azure Storage client-side encryption is insecure, and may enable an attacker to decrypt encrypted data
 * @kind problem
 * @tags security
+ *       experimental
 *       cryptography
 *       external/cwe/cwe-327
 * @id py/azure-storage/unsafe-client-side-encryption-in-use
--- a/python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql
+++ b/python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql
@@ -9,6 +9,7 @@
 * @precision high
 * @id py/insecure-randomness
 * @tags security
+ *       experimental
 *       external/cwe/cwe-338
 */

--- a/python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql
+++ b/python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql
@@ -8,6 +8,7 @@
 * @security-severity 5
 * @id py/predictable-token
 * @tags security
+ *       experimental
 *       external/cwe/cwe-340
 */

--- a/python/ql/src/experimental/Security/CWE-347/JWTEmptyKeyOrAlgorithm.ql
+++ b/python/ql/src/experimental/Security/CWE-347/JWTEmptyKeyOrAlgorithm.ql
@@ -5,6 +5,7 @@
 * @problem.severity warning
 * @id py/jwt-empty-secret-or-algorithm
 * @tags security
+ *       experimental
 */

 // determine precision above
--- a/python/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql
+++ b/python/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql
@@ -5,6 +5,7 @@
 * @problem.severity warning
 * @id py/jwt-missing-verification
 * @tags security
+ *       experimental
 *       external/cwe/cwe-347
 */

--- a/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql
+++ b/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql
@@ -7,6 +7,7 @@
 * @precision high
 * @id py/ip-address-spoofing
 * @tags security
+ *       experimental
 *       external/cwe/cwe-348
 */

--- a/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql
+++ b/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql
@@ -5,6 +5,7 @@
 * @problem.severity error
 * @id py/insecure-ldap-auth
 * @tags security
+ *       experimental
 *       external/cwe/cwe-522
 *       external/cwe/cwe-523
 */
--- a/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql
+++ b/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql
@@ -6,6 +6,7 @@
 * @precision high
 * @id py/simple-xml-rpc-server-dos
 * @tags security
+ *       experimental
 *       external/cwe/cwe-776
 */

--- a/python/ql/src/experimental/Security/CWE-614/CookieInjection.ql
+++ b/python/ql/src/experimental/Security/CWE-614/CookieInjection.ql
@@ -5,6 +5,7 @@
 * @problem.severity error
 * @id py/cookie-injection
 * @tags security
+ *       experimental
 *       external/cwe/cwe-614
 */

--- a/python/ql/src/experimental/Security/CWE-614/InsecureCookie.ql
+++ b/python/ql/src/experimental/Security/CWE-614/InsecureCookie.ql
@@ -8,6 +8,7 @@
 * @precision ???
 * @id py/insecure-cookie
 * @tags security
+ *       experimental
 *       external/cwe/cwe-614
 */

--- a/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.ql
+++ b/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.ql
@@ -6,6 +6,7 @@
 * @problem.severity error
 * @id py/nosql-injection
 * @tags security
+ *       experimental
 *       external/cwe/cwe-943
 */