diff --git a/javascript/ql/src/Security/CWE-022/TaintedPath.ql b/javascript/ql/src/Security/CWE-022/TaintedPath.ql index 82ce5358760..fcc90abb618 100644 --- a/javascript/ql/src/Security/CWE-022/TaintedPath.ql +++ b/javascript/ql/src/Security/CWE-022/TaintedPath.ql @@ -2,7 +2,7 @@ * @name Uncontrolled data used in path expression * @description Accessing paths influenced by users can allow an attacker to access * unexpected resources. - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @id js/path-injection diff --git a/javascript/ql/src/Security/CWE-078/CommandInjection.ql b/javascript/ql/src/Security/CWE-078/CommandInjection.ql index 36158c3d0b9..0f000d32741 100644 --- a/javascript/ql/src/Security/CWE-078/CommandInjection.ql +++ b/javascript/ql/src/Security/CWE-078/CommandInjection.ql @@ -2,7 +2,7 @@ * @name Uncontrolled command line * @description Using externally controlled strings in a command line may allow a malicious * user to change the meaning of the command. - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @id js/command-line-injection diff --git a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql index f5598e0dccc..16a6819773d 100644 --- a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql +++ b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql @@ -2,7 +2,7 @@ * @name Reflected cross-site scripting * @description Writing user input directly to an HTTP response allows for * a cross-site scripting vulnerability. - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @id js/reflected-xss diff --git a/javascript/ql/src/Security/CWE-079/StoredXss.ql b/javascript/ql/src/Security/CWE-079/StoredXss.ql index beb499a607b..affb40e2771 100644 --- a/javascript/ql/src/Security/CWE-079/StoredXss.ql +++ b/javascript/ql/src/Security/CWE-079/StoredXss.ql @@ -2,7 +2,7 @@ * @name Stored cross-site scripting * @description Using uncontrolled stored values in HTML allows for * a stored cross-site scripting vulnerability. - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @id js/stored-xss diff --git a/javascript/ql/src/Security/CWE-079/Xss.ql b/javascript/ql/src/Security/CWE-079/Xss.ql index 25a6b83a449..368ff84b340 100644 --- a/javascript/ql/src/Security/CWE-079/Xss.ql +++ b/javascript/ql/src/Security/CWE-079/Xss.ql @@ -2,7 +2,7 @@ * @name Client side cross-site scripting * @description Writing user input directly to the DOM allows for * a cross-site scripting vulnerability. - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @id js/xss diff --git a/javascript/ql/src/Security/CWE-089/SqlInjection.ql b/javascript/ql/src/Security/CWE-089/SqlInjection.ql index 25a0ff693b5..2e1847efd0c 100644 --- a/javascript/ql/src/Security/CWE-089/SqlInjection.ql +++ b/javascript/ql/src/Security/CWE-089/SqlInjection.ql @@ -2,7 +2,7 @@ * @name Database query built from user-controlled sources * @description Building a database query from user-controlled sources is vulnerable to insertion of * malicious code by the user. -* @kind problem +* @kind path-problem * @problem.severity error * @precision high * @id js/sql-injection diff --git a/javascript/ql/src/Security/CWE-094/CodeInjection.ql b/javascript/ql/src/Security/CWE-094/CodeInjection.ql index c52d854ea67..1ee6d4fff6a 100644 --- a/javascript/ql/src/Security/CWE-094/CodeInjection.ql +++ b/javascript/ql/src/Security/CWE-094/CodeInjection.ql @@ -2,7 +2,7 @@ * @name Code injection * @description Interpreting unsanitized user input as code allows a malicious user arbitrary * code execution. - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @id js/code-injection diff --git a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql index c1dd3a4c40e..98e0f10dd02 100644 --- a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql +++ b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql @@ -1,7 +1,7 @@ /** * @name Use of externally-controlled format string * @description Using external input in format strings can lead to garbled output. - * @kind problem + * @kind path-problem * @problem.severity warning * @precision high * @id js/tainted-format-string diff --git a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql index e43ffe38049..2ff9d648c71 100644 --- a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql +++ b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql @@ -1,7 +1,7 @@ /** * @name File data in outbound network request * @description Directly sending file data in an outbound network request can indicate unauthorized information disclosure. - * @kind problem + * @kind path-problem * @problem.severity warning * @id js/file-access-to-http * @tags security diff --git a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql index e86c090ef0c..ffbfcb2e381 100644 --- a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql +++ b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql @@ -3,7 +3,7 @@ * @description Propagating stack trace information to an external user can * unintentionally reveal implementation details that are useful * to an attacker for developing a subsequent exploit. - * @kind problem + * @kind path-problem * @problem.severity warning * @precision very-high * @id js/stack-trace-exposure diff --git a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql index 9a645eadeb6..e31e6c30567 100644 --- a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql +++ b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql @@ -2,7 +2,7 @@ * @name Clear-text logging of sensitive information * @description Logging sensitive information without encryption or hashing can * expose it to an attacker. - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @id js/clear-text-logging diff --git a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql index 03f876f9abc..32d64d79da3 100644 --- a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql +++ b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql @@ -2,7 +2,7 @@ * @name Clear text storage of sensitive information * @description Sensitive information stored without encryption or hashing can expose it to an * attacker. - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @id js/clear-text-storage-of-sensitive-data diff --git a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql index 242d79ecaa7..192857c520e 100644 --- a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql +++ b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql @@ -1,7 +1,7 @@ /** * @name Use of a broken or weak cryptographic algorithm * @description Using broken or weak cryptographic algorithms can compromise security. - * @kind problem + * @kind path-problem * @problem.severity warning * @precision high * @id js/weak-cryptographic-algorithm diff --git a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql index d2007a37636..58ef6368052 100644 --- a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql +++ b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql @@ -3,7 +3,7 @@ * @description Using a cryptographically weak pseudo-random number generator to generate a * security-sensitive value may allow an attacker to predict what value will * be generated. - * @kind problem + * @kind path-problem * @problem.severity warning * @precision high * @id js/insecure-randomness diff --git a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql index a0476e02000..a8020f6741f 100644 --- a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql +++ b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql @@ -1,7 +1,7 @@ /** * @name CORS misconfiguration for credentials transfer * @description Misconfiguration of CORS HTTP headers allows for leaks of secret credentials. - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @id js/cors-misconfiguration-for-credentials diff --git a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql index 32118edee27..be405ebadaf 100644 --- a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql +++ b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql @@ -3,7 +3,7 @@ * @description Allowing writes to arbitrary properties or calls to arbitrary * methods of an object may lead to denial-of-service attacks. * - * @kind problem + * @kind path-problem * @problem.severity warning * @precision medium * @id js/remote-property-injection diff --git a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql index 20a1e7fb2c2..5f40f53aeb0 100644 --- a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql +++ b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql @@ -2,7 +2,7 @@ * @name Deserialization of user-controlled data * @description Deserializing user-controlled data may allow attackers to * execute arbitrary code. - * @kind problem + * @kind path-problem * @problem.severity warning * @precision high * @id js/unsafe-deserialization diff --git a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql index d0d8b0b6ddb..7ac823dd2d2 100644 --- a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql +++ b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql @@ -2,7 +2,7 @@ * @name Client-side URL redirect * @description Client-side URL redirection based on unvalidated user input * may cause redirection to malicious web sites. - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @id js/client-side-unvalidated-url-redirection diff --git a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql index be6a4ef8ecb..7bf1e8e37fd 100644 --- a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql +++ b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql @@ -2,7 +2,7 @@ * @name Server-side URL redirect * @description Server-side URL redirection based on unvalidated user input * may cause redirection to malicious web sites. - * @kind problem + * @kind path-problem * @problem.severity warning * @id js/server-side-unvalidated-url-redirection * @tags security diff --git a/javascript/ql/src/Security/CWE-611/Xxe.ql b/javascript/ql/src/Security/CWE-611/Xxe.ql index 0863ea142c6..c95fce7b0ee 100644 --- a/javascript/ql/src/Security/CWE-611/Xxe.ql +++ b/javascript/ql/src/Security/CWE-611/Xxe.ql @@ -2,7 +2,7 @@ * @name XML external entity expansion * @description Parsing user input as an XML document with external * entity expansion is vulnerable to XXE attacks. - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @id js/xxe diff --git a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql index 0ac715055ad..656ed2e9dbe 100644 --- a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql +++ b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql @@ -2,7 +2,7 @@ * @name Host header poisoning in email generation * @description Using the HTTP Host header to construct a link in an email can facilitate phishing * attacks and leak password reset tokens. - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @id js/host-header-forgery-in-email-generation diff --git a/javascript/ql/src/Security/CWE-643/XpathInjection.ql b/javascript/ql/src/Security/CWE-643/XpathInjection.ql index dd4e4954ca5..a083c9d6ca8 100644 --- a/javascript/ql/src/Security/CWE-643/XpathInjection.ql +++ b/javascript/ql/src/Security/CWE-643/XpathInjection.ql @@ -2,7 +2,7 @@ * @name XPath injection * @description Building an XPath expression from user-controlled sources is vulnerable to insertion of * malicious code by the user. - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @id js/xpath-injection diff --git a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql index 4de4e0ec229..c6ba972aa8a 100644 --- a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql +++ b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql @@ -3,7 +3,7 @@ * @description User input should not be used in regular expressions without first being escaped, * otherwise a malicious user may be able to inject an expression that could require * exponential time on certain inputs. - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @id js/regex-injection diff --git a/javascript/ql/src/Security/CWE-776/XmlBomb.ql b/javascript/ql/src/Security/CWE-776/XmlBomb.ql index 27c207751d4..7c254249a1c 100644 --- a/javascript/ql/src/Security/CWE-776/XmlBomb.ql +++ b/javascript/ql/src/Security/CWE-776/XmlBomb.ql @@ -2,7 +2,7 @@ * @name XML internal entity expansion * @description Parsing user input as an XML document with arbitrary internal * entity expansion is vulnerable to denial-of-service attacks. - * @kind problem + * @kind path-problem * @problem.severity warning * @precision high * @id js/xml-bomb diff --git a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql index e7da4f592f5..e61f42b9686 100644 --- a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql +++ b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql @@ -2,7 +2,7 @@ * @name Hard-coded credentials * @description Hard-coding credentials in source code may enable an attacker * to gain unauthorized access. - * @kind problem + * @kind path-problem * @problem.severity warning * @precision high * @id js/hardcoded-credentials diff --git a/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql b/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql index b66609cc9fa..454621a7e03 100644 --- a/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql +++ b/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql @@ -1,7 +1,7 @@ /** * @name User-controlled bypass of security check * @description Conditions that the user controls are not suited for making security-related decisions. - * @kind problem + * @kind path-problem * @problem.severity error * @precision medium * @id js/user-controlled-bypass diff --git a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql index fccb209a698..420c3141899 100644 --- a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql +++ b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql @@ -1,7 +1,7 @@ /** * @name Type confusion through parameter tampering * @description Sanitizing an HTTP request parameter may be ineffective if the user controls its type. - * @kind problem + * @kind path-problem * @problem.severity error * @precision high * @id js/type-confusion-through-parameter-tampering diff --git a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql index cf6144c440b..6cb12582601 100644 --- a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql +++ b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql @@ -1,7 +1,7 @@ /** * @name User-controlled data written to file * @description Writing user-controlled data directly to the file system allows arbitrary file upload and might indicate a backdoor. - * @kind problem + * @kind path-problem * @problem.severity warning * @id js/http-to-file-access * @tags security diff --git a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql index 3b5c03e5fab..ad7e3c77dd2 100644 --- a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql +++ b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql @@ -1,7 +1,7 @@ /** * @name Use of password hash with insufficient computational effort * @description Creating a hash of a password with low computational effort makes the hash vulnerable to password cracking attacks. - * @kind problem + * @kind path-problem * @problem.severity warning * @precision high * @id js/insufficient-password-hash diff --git a/javascript/ql/src/Security/CWE-918/RequestForgery.ql b/javascript/ql/src/Security/CWE-918/RequestForgery.ql index 95f8f348422..29c07985e83 100644 --- a/javascript/ql/src/Security/CWE-918/RequestForgery.ql +++ b/javascript/ql/src/Security/CWE-918/RequestForgery.ql @@ -1,7 +1,7 @@ /** * @name Uncontrolled data used in network request * @description Sending network requests with user-controlled data allows for request forgery attacks. - * @kind problem + * @kind path-problem * @problem.severity error * @precision medium * @id js/request-forgery