diff --git a/cpp/ql/src/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql b/cpp/ql/src/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql index 36024ddbc70..eb90719a123 100644 --- a/cpp/ql/src/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql +++ b/cpp/ql/src/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql @@ -5,6 +5,7 @@ * @kind problem * @id cpp/offset-use-before-range-check * @problem.severity warning + * @problem.security-severity 8.1 * @precision medium * @tags reliability * security diff --git a/cpp/ql/src/Critical/DescriptorMayNotBeClosed.ql b/cpp/ql/src/Critical/DescriptorMayNotBeClosed.ql index 135b9a644d1..11486035d5f 100644 --- a/cpp/ql/src/Critical/DescriptorMayNotBeClosed.ql +++ b/cpp/ql/src/Critical/DescriptorMayNotBeClosed.ql @@ -4,6 +4,7 @@ * @kind problem * @id cpp/descriptor-may-not-be-closed * @problem.severity warning + * @problem.security-severity 7.8 * @tags efficiency * security * external/cwe/cwe-775 diff --git a/cpp/ql/src/Critical/DescriptorNeverClosed.ql b/cpp/ql/src/Critical/DescriptorNeverClosed.ql index ae50e625602..06c469506a3 100644 --- a/cpp/ql/src/Critical/DescriptorNeverClosed.ql +++ b/cpp/ql/src/Critical/DescriptorNeverClosed.ql @@ -4,6 +4,7 @@ * @kind problem * @id cpp/descriptor-never-closed * @problem.severity warning + * @problem.security-severity 7.8 * @tags efficiency * security * external/cwe/cwe-775 diff --git a/cpp/ql/src/Critical/FileMayNotBeClosed.ql b/cpp/ql/src/Critical/FileMayNotBeClosed.ql index c97e7cacca3..fe6938537b1 100644 --- a/cpp/ql/src/Critical/FileMayNotBeClosed.ql +++ b/cpp/ql/src/Critical/FileMayNotBeClosed.ql @@ -4,6 +4,7 @@ * @kind problem * @id cpp/file-may-not-be-closed * @problem.severity warning + * @problem.security-severity 7.8 * @tags efficiency * security * external/cwe/cwe-775 diff --git a/cpp/ql/src/Critical/FileNeverClosed.ql b/cpp/ql/src/Critical/FileNeverClosed.ql index 0286c78437f..e45191a7a07 100644 --- a/cpp/ql/src/Critical/FileNeverClosed.ql +++ b/cpp/ql/src/Critical/FileNeverClosed.ql @@ -4,6 +4,7 @@ * @kind problem * @id cpp/file-never-closed * @problem.severity warning + * @problem.security-severity 7.8 * @tags efficiency * security * external/cwe/cwe-775 diff --git a/cpp/ql/src/Critical/InconsistentNullnessTesting.ql b/cpp/ql/src/Critical/InconsistentNullnessTesting.ql index 86e2cb4fb29..537dd6b1132 100644 --- a/cpp/ql/src/Critical/InconsistentNullnessTesting.ql +++ b/cpp/ql/src/Critical/InconsistentNullnessTesting.ql @@ -4,6 +4,7 @@ * @kind problem * @id cpp/inconsistent-nullness-testing * @problem.severity warning + * @problem.security-severity 7.5 * @tags reliability * security * external/cwe/cwe-476 diff --git a/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql b/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql index 9c09ec4c5f3..c9f06efd36c 100644 --- a/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql +++ b/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql @@ -4,6 +4,7 @@ * @kind problem * @id cpp/memory-may-not-be-freed * @problem.severity warning + * @problem.security-severity 7.5 * @tags efficiency * security * external/cwe/cwe-401 diff --git a/cpp/ql/src/Critical/MemoryNeverFreed.ql b/cpp/ql/src/Critical/MemoryNeverFreed.ql index 59f6f1da4df..067419a9830 100644 --- a/cpp/ql/src/Critical/MemoryNeverFreed.ql +++ b/cpp/ql/src/Critical/MemoryNeverFreed.ql @@ -4,6 +4,7 @@ * @kind problem * @id cpp/memory-never-freed * @problem.severity warning + * @problem.security-severity 7.5 * @tags efficiency * security * external/cwe/cwe-401 diff --git a/cpp/ql/src/Critical/MissingNullTest.ql b/cpp/ql/src/Critical/MissingNullTest.ql index ea81eee8eb6..ce846ee9436 100644 --- a/cpp/ql/src/Critical/MissingNullTest.ql +++ b/cpp/ql/src/Critical/MissingNullTest.ql @@ -4,6 +4,7 @@ * @kind problem * @id cpp/missing-null-test * @problem.severity recommendation + * @problem.security-severity 7.5 * @tags reliability * security * external/cwe/cwe-476 diff --git a/cpp/ql/src/Critical/NewFreeMismatch.ql b/cpp/ql/src/Critical/NewFreeMismatch.ql index 68e58b3acaf..6bb0d2ce95d 100644 --- a/cpp/ql/src/Critical/NewFreeMismatch.ql +++ b/cpp/ql/src/Critical/NewFreeMismatch.ql @@ -3,6 +3,7 @@ * @description An object that was allocated with 'malloc' or 'new' is being freed using a mismatching 'free' or 'delete'. * @kind problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision high * @id cpp/new-free-mismatch * @tags reliability diff --git a/cpp/ql/src/Critical/OverflowCalculated.ql b/cpp/ql/src/Critical/OverflowCalculated.ql index a52e0d82670..901948f747e 100644 --- a/cpp/ql/src/Critical/OverflowCalculated.ql +++ b/cpp/ql/src/Critical/OverflowCalculated.ql @@ -4,6 +4,7 @@ * @kind problem * @id cpp/overflow-calculated * @problem.severity warning + * @problem.security-severity 9.8 * @tags reliability * security * external/cwe/cwe-131 diff --git a/cpp/ql/src/Critical/OverflowDestination.ql b/cpp/ql/src/Critical/OverflowDestination.ql index bff3cac9326..61248f4b4e2 100644 --- a/cpp/ql/src/Critical/OverflowDestination.ql +++ b/cpp/ql/src/Critical/OverflowDestination.ql @@ -5,6 +5,7 @@ * @kind problem * @id cpp/overflow-destination * @problem.severity warning + * @problem.security-severity 8.8 * @precision low * @tags reliability * security diff --git a/cpp/ql/src/Critical/OverflowStatic.ql b/cpp/ql/src/Critical/OverflowStatic.ql index 833ee45499e..e54969acc5a 100644 --- a/cpp/ql/src/Critical/OverflowStatic.ql +++ b/cpp/ql/src/Critical/OverflowStatic.ql @@ -4,6 +4,7 @@ * may result in a buffer overflow. * @kind problem * @problem.severity warning + * @problem.security-severity 8.8 * @precision medium * @id cpp/static-buffer-overflow * @tags reliability diff --git a/cpp/ql/src/Critical/SizeCheck.ql b/cpp/ql/src/Critical/SizeCheck.ql index 849b4ba5f77..00b6928bee8 100644 --- a/cpp/ql/src/Critical/SizeCheck.ql +++ b/cpp/ql/src/Critical/SizeCheck.ql @@ -4,6 +4,7 @@ * an instance of the type of the pointer may result in a buffer overflow * @kind problem * @problem.severity warning + * @problem.security-severity 8.1 * @precision medium * @id cpp/allocation-too-small * @tags reliability diff --git a/cpp/ql/src/Critical/SizeCheck2.ql b/cpp/ql/src/Critical/SizeCheck2.ql index 31364cbfe2d..8bc3acdd8d0 100644 --- a/cpp/ql/src/Critical/SizeCheck2.ql +++ b/cpp/ql/src/Critical/SizeCheck2.ql @@ -4,6 +4,7 @@ * multiple instances of the type of the pointer may result in a buffer overflow * @kind problem * @problem.severity warning + * @problem.security-severity 8.1 * @precision medium * @id cpp/suspicious-allocation-size * @tags reliability diff --git a/cpp/ql/src/Critical/UseAfterFree.ql b/cpp/ql/src/Critical/UseAfterFree.ql index 8fd228ca7e4..f5bd6d245e7 100644 --- a/cpp/ql/src/Critical/UseAfterFree.ql +++ b/cpp/ql/src/Critical/UseAfterFree.ql @@ -4,6 +4,7 @@ * @kind problem * @id cpp/use-after-free * @problem.severity warning + * @problem.security-severity 8.8 * @tags reliability * security * external/cwe/cwe-416 diff --git a/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql b/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql index c503a8f3ee2..e0b398bcdef 100644 --- a/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql +++ b/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql @@ -6,6 +6,7 @@ * to a larger type. * @kind problem * @problem.severity error + * @problem.security-severity 8.1 * @precision very-high * @id cpp/bad-addition-overflow-check * @tags reliability diff --git a/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql b/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql index 76ff682f7e5..3cc511af276 100644 --- a/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql +++ b/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql @@ -4,6 +4,7 @@ * be a sign that the result can overflow the type converted from. * @kind problem * @problem.severity warning + * @problem.security-severity 8.1 * @precision high * @id cpp/integer-multiplication-cast-to-long * @tags reliability diff --git a/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql b/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql index ff9afff9e7f..513521d369d 100644 --- a/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql +++ b/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql @@ -6,6 +6,7 @@ * use the width of the base type, leading to misaligned reads. * @kind path-problem * @problem.severity warning + * @problem.security-severity 8.8 * @precision high * @tags correctness * reliability diff --git a/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql b/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql index 324c9128ba5..7d46d44471d 100644 --- a/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql +++ b/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql @@ -6,6 +6,7 @@ * from an untrusted source, this can be used for exploits. * @kind problem * @problem.severity recommendation + * @problem.security-severity 9.8 * @precision high * @id cpp/non-constant-format * @tags maintainability diff --git a/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql b/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql index e684cb525e7..249396aac96 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql @@ -3,6 +3,7 @@ * @description Using alloca in a loop can lead to a stack overflow * @kind problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision high * @id cpp/alloca-in-loop * @tags reliability diff --git a/cpp/ql/src/Likely Bugs/Memory Management/ImproperNullTermination.ql b/cpp/ql/src/Likely Bugs/Memory Management/ImproperNullTermination.ql index 2a4b2d16507..82a2413d1fb 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/ImproperNullTermination.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/ImproperNullTermination.ql @@ -5,6 +5,7 @@ * @kind problem * @id cpp/improper-null-termination * @problem.severity warning + * @problem.security-severity 7.8 * @tags security * external/cwe/cwe-170 * external/cwe/cwe-665 diff --git a/cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql b/cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql index 87120de0603..754688336f5 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql @@ -4,6 +4,7 @@ * as the third argument may result in a buffer overflow. * @kind problem * @problem.severity warning + * @problem.security-severity 8.8 * @precision medium * @id cpp/bad-strncpy-size * @tags reliability diff --git a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql index eae20876e35..0b0451f3ca1 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql @@ -4,6 +4,7 @@ * as the third argument may result in a buffer overflow. * @kind problem * @problem.severity warning + * @problem.security-severity 8.8 * @precision medium * @id cpp/unsafe-strncat * @tags reliability diff --git a/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql b/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql index 57dac90c850..7c4540a4ea0 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql @@ -5,6 +5,7 @@ * @kind problem * @id cpp/uninitialized-local * @problem.severity warning + * @problem.security-severity 7.8 * @precision medium * @tags security * external/cwe/cwe-665 diff --git a/cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql b/cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql index 2d595c0c050..a9f0925f97c 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql @@ -4,6 +4,7 @@ * may result in a buffer overflow * @kind problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision medium * @id cpp/unsafe-strcat * @tags reliability diff --git a/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql b/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql index e4f0cc7883d..25b7b7c61b2 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql +++ b/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql @@ -5,6 +5,7 @@ * @kind path-problem * @precision low * @problem.severity error + * @problem.security-severity 8.6 * @tags security external/cwe/cwe-20 */ diff --git a/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql b/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql index ca6d2d00e8c..9cd8b3e2cd1 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql +++ b/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql @@ -5,6 +5,7 @@ * @kind path-problem * @precision low * @problem.severity error + * @problem.security-severity 8.6 * @tags security external/cwe/cwe-20 */ diff --git a/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql b/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql index 496b957cca3..39902150c9c 100644 --- a/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql +++ b/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql @@ -4,6 +4,7 @@ * attacker to access unexpected resources. * @kind path-problem * @problem.severity warning + * @problem.security-severity 8.8 * @precision medium * @id cpp/path-injection * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql b/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql index 69d6ce9b98f..a825fd6e25d 100644 --- a/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql +++ b/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql @@ -5,6 +5,7 @@ * to command injection. * @kind problem * @problem.severity error + * @problem.security-severity 9.8 * @precision low * @id cpp/command-line-injection * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql b/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql index d1e2fa12913..e5cd8812c6d 100644 --- a/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql +++ b/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql @@ -4,6 +4,7 @@ * allows for a cross-site scripting vulnerability. * @kind path-problem * @problem.severity error + * @problem.security-severity 6.1 * @precision high * @id cpp/cgi-xss * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql b/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql index 5ed84f45250..846c4e83218 100644 --- a/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql +++ b/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql @@ -5,6 +5,7 @@ * to SQL Injection. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id cpp/sql-injection * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql b/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql index 943c13f9c5d..b824d946617 100644 --- a/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql +++ b/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql @@ -5,6 +5,7 @@ * commands. * @kind path-problem * @problem.severity warning + * @problem.security-severity 8.2 * @precision medium * @id cpp/uncontrolled-process-operation * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql b/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql index 00dc569c2f2..bd6d3e1d1f4 100644 --- a/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql +++ b/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql @@ -6,6 +6,7 @@ * @kind problem * @id cpp/overflow-buffer * @problem.severity recommendation + * @problem.security-severity 8.8 * @tags security * external/cwe/cwe-119 * external/cwe/cwe-121 diff --git a/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql b/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql index 77d514bc7b6..ecaa81afc2c 100644 --- a/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql +++ b/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql @@ -5,6 +5,7 @@ * overflow. * @kind problem * @problem.severity error + * @problem.security-severity 9.1 * @precision high * @id cpp/badly-bounded-write * @tags reliability diff --git a/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql b/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql index 4ee20508e45..961b699b2e6 100644 --- a/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql +++ b/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql @@ -4,6 +4,7 @@ * of data written may overflow. * @kind problem * @problem.severity error + * @problem.security-severity 9.1 * @precision medium * @id cpp/overrunning-write * @tags reliability diff --git a/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql b/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql index 79ba1e17df2..512f2a49f5d 100644 --- a/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql +++ b/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql @@ -5,6 +5,7 @@ * take extreme values. * @kind problem * @problem.severity error + * @problem.security-severity 9.1 * @precision medium * @id cpp/overrunning-write-with-float * @tags reliability diff --git a/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql b/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql index f1a8b4e8544..51bb192edf8 100644 --- a/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql +++ b/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql @@ -4,6 +4,7 @@ * of data written may overflow. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.1 * @precision medium * @id cpp/unbounded-write * @tags reliability diff --git a/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql b/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql index bfb3a2fbb81..6231e435cae 100644 --- a/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql +++ b/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql @@ -5,6 +5,7 @@ * a specific value to terminate the argument list. * @kind problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision medium * @id cpp/unterminated-variadic-call * @tags reliability diff --git a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql index c073cf37af8..6b0dc108bfb 100644 --- a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql +++ b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql @@ -6,6 +6,7 @@ * @kind problem * @id cpp/unclear-array-index-validation * @problem.severity warning + * @problem.security-severity 9.8 * @tags security * external/cwe/cwe-129 */ diff --git a/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql b/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql index 7ee6acdcd59..af05f7c7ec6 100644 --- a/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql +++ b/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql @@ -5,6 +5,7 @@ * terminator can cause a buffer overrun. * @kind problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id cpp/no-space-for-terminator * @tags reliability diff --git a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql index b64091263e0..1040517c727 100644 --- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql +++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql @@ -5,6 +5,7 @@ * or data representation problems. * @kind path-problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision high * @id cpp/tainted-format-string * @tags reliability diff --git a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql index d38f3eb24c2..333b5bf3c77 100644 --- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql +++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql @@ -5,6 +5,7 @@ * or data representation problems. * @kind path-problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision high * @id cpp/tainted-format-string-through-global * @tags reliability diff --git a/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql b/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql index 511c7a1d79f..0d3615322ab 100644 --- a/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql +++ b/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql @@ -5,6 +5,7 @@ * @kind problem * @id cpp/user-controlled-null-termination-tainted * @problem.severity warning + * @problem.security-severity 5.5 * @tags security * external/cwe/cwe-170 */ diff --git a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql index 7416af15865..a2a96b64f41 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql +++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql @@ -4,6 +4,7 @@ * not validated can cause overflows. * @kind problem * @problem.severity warning + * @problem.security-severity 8.1 * @precision low * @id cpp/tainted-arithmetic * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql index a4b0f131d14..21961cd9597 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql +++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql @@ -4,6 +4,7 @@ * validated can cause overflows. * @kind path-problem * @problem.severity warning + * @problem.security-severity 8.1 * @precision medium * @id cpp/uncontrolled-arithmetic * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql index 668b07d72af..90678375cd9 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql +++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql @@ -6,6 +6,7 @@ * @kind problem * @id cpp/arithmetic-with-extreme-values * @problem.severity warning + * @problem.security-severity 8.1 * @precision low * @tags security * reliability diff --git a/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql b/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql index 3303316cede..26eba292084 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql +++ b/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql @@ -5,6 +5,7 @@ * @id cpp/comparison-with-wider-type * @kind problem * @problem.severity warning + * @problem.security-severity 7.8 * @precision high * @tags reliability * security diff --git a/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql b/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql index 0adb600dbda..662d946dc8a 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql +++ b/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql @@ -5,6 +5,7 @@ * @kind problem * @id cpp/integer-overflow-tainted * @problem.severity warning + * @problem.security-severity 8.1 * @precision low * @tags security * external/cwe/cwe-190 diff --git a/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql b/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql index cc2d52385c7..77262a8c41a 100644 --- a/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql +++ b/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql @@ -4,6 +4,7 @@ * user can result in integer overflow. * @kind path-problem * @problem.severity error + * @problem.security-severity 8.1 * @precision medium * @id cpp/uncontrolled-allocation-size * @tags reliability diff --git a/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql b/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql index 007a4fd746d..c82b7519aea 100644 --- a/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql +++ b/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql @@ -4,6 +4,7 @@ * @kind problem * @id cpp/unsigned-difference-expression-compared-zero * @problem.severity warning + * @problem.security-severity 8.2 * @precision medium * @tags security * correctness diff --git a/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql b/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql index 80b5ee49e97..e9ea9ce35ef 100644 --- a/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql +++ b/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql @@ -5,6 +5,7 @@ * vulnerable to spoofing attacks. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.7 * @precision medium * @id cpp/user-controlled-bypass * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql b/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql index 3e84c0a87d9..27ad8e23f06 100644 --- a/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql +++ b/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql @@ -4,6 +4,7 @@ * to an attacker. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision medium * @id cpp/cleartext-storage-buffer * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql b/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql index 8e447bafd90..1b4c242886a 100644 --- a/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql +++ b/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql @@ -4,6 +4,7 @@ * to an attacker. * @kind problem * @problem.severity warning + * @problem.security-severity 6.5 * @precision medium * @id cpp/cleartext-storage-file * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql b/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql index fb5454d523e..17ecb9bf325 100644 --- a/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql +++ b/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql @@ -4,6 +4,7 @@ * database can expose it to an attacker. * @kind path-problem * @problem.severity warning + * @problem.security-severity 6.5 * @precision medium * @id cpp/cleartext-storage-database * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql b/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql index af64a1789c3..c8b73172794 100644 --- a/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql +++ b/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql @@ -4,6 +4,7 @@ * an attacker to compromise security. * @kind problem * @problem.severity error + * @problem.security-severity 7.5 * @precision medium * @id cpp/weak-cryptographic-algorithm * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql b/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql index a7ffadc07be..addcde420b1 100644 --- a/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql +++ b/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql @@ -4,6 +4,7 @@ * attackers to retrieve portions of memory. * @kind problem * @problem.severity error + * @problem.security-severity 7.5 * @precision very-high * @id cpp/openssl-heartbleed * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql b/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql index 052cce56198..20b36305132 100644 --- a/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql +++ b/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql @@ -5,6 +5,7 @@ * the two operations. * @kind problem * @problem.severity warning + * @problem.security-severity 7.0 * @precision medium * @id cpp/toctou-race-condition * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql b/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql index c0f44a0c3d6..41a6ea153bd 100644 --- a/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql +++ b/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql @@ -4,6 +4,7 @@ * @id cpp/unsafe-create-process-call * @kind problem * @problem.severity error + * @problem.security-severity 7.8 * @precision medium * @msrc.severity important * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql b/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql index 0d866ff1196..080d5db6588 100644 --- a/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql +++ b/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql @@ -6,6 +6,7 @@ * @kind problem * @id cpp/incorrect-string-type-conversion * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @tags security * external/cwe/cwe-704 diff --git a/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql b/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql index 95790298347..06f0dac303d 100644 --- a/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql +++ b/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql @@ -3,6 +3,7 @@ * @description Creating a file that is world-writable can allow an attacker to write to the file. * @kind problem * @problem.severity warning + * @problem.security-severity 7.8 * @precision medium * @id cpp/world-writable-file-creation * @tags security diff --git a/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql b/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql index 3e4ebfadac9..fd41235febe 100644 --- a/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql +++ b/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql @@ -7,6 +7,7 @@ * @id cpp/unsafe-dacl-security-descriptor * @kind problem * @problem.severity error + * @problem.security-severity 7.8 * @precision high * @tags security * external/cwe/cwe-732 diff --git a/cpp/ql/src/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql b/cpp/ql/src/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql index e088b9a666d..df011911794 100644 --- a/cpp/ql/src/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql +++ b/cpp/ql/src/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql @@ -6,6 +6,7 @@ * @kind problem * @id cpp/infinite-loop-with-unsatisfiable-exit-condition * @problem.severity warning + * @problem.security-severity 7.5 * @tags security * external/cwe/cwe-835 */ diff --git a/cpp/ql/src/experimental/Likely Bugs/RedundantNullCheckParam.ql b/cpp/ql/src/experimental/Likely Bugs/RedundantNullCheckParam.ql index f1a3663bb96..7b16669084a 100644 --- a/cpp/ql/src/experimental/Likely Bugs/RedundantNullCheckParam.ql +++ b/cpp/ql/src/experimental/Likely Bugs/RedundantNullCheckParam.ql @@ -6,6 +6,7 @@ * @kind problem * @id cpp/redundant-null-check-param * @problem.severity recommendation + * @problem.security-severity 7.5 * @tags reliability * security * external/cwe/cwe-476 diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql b/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql index 3ef5bf3405e..a428daf55eb 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql @@ -6,6 +6,7 @@ * @kind problem * @id cpp/late-check-of-function-argument * @problem.severity warning + * @problem.security-severity 8.6 * @precision medium * @tags correctness * security diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql b/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql index dd5c389fdaf..01bb79995b9 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql @@ -3,6 +3,7 @@ * @description Use of one of the scanf functions without a specified length. * @kind problem * @problem.severity warning + * @problem.security-severity 9.8 * @id cpp/memory-unsafe-function-scan * @tags reliability * security diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql b/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql index 3a253854679..4b3fd3da297 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql @@ -3,6 +3,7 @@ * @description Using a multiplication result that may overflow in the size of an allocation may lead to buffer overflows when the allocated memory is used. * @kind path-problem * @problem.severity warning + * @problem.security-severity 8.1 * @precision low * @tags security * correctness diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql b/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql index 7798203205a..05eaea93d54 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql @@ -6,6 +6,7 @@ * from these methods is not checked. * @kind problem * @problem.severity recommendation + * @problem.security-severity 9.8 * @id cpp/drop-linux-privileges-outoforder * @tags security * external/cwe/cwe-273 diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql b/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql index cf0afc64013..e49ffbc8a98 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql @@ -5,6 +5,7 @@ * @kind problem * @id cpp/memory-leak-on-failed-call-to-realloc * @problem.severity warning + * @problem.security-severity 7.5 * @precision medium * @tags correctness * security diff --git a/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql b/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql index 315e5e084bd..785d4772ceb 100644 --- a/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql +++ b/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql @@ -3,6 +3,7 @@ * @description Finds empty passwords in configuration files. * @kind problem * @problem.severity warning + * @problem.security-severity 8.1 * @precision medium * @id cs/empty-password-in-configuration * @tags security diff --git a/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql b/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql index 85c332345d6..95912c46789 100644 --- a/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql +++ b/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql @@ -3,6 +3,7 @@ * @description Finds passwords in configuration files. * @kind problem * @problem.severity warning + * @problem.security-severity 6.5 * @precision medium * @id cs/password-in-configuration * @tags security diff --git a/csharp/ql/src/Input Validation/UseOfFileUpload.ql b/csharp/ql/src/Input Validation/UseOfFileUpload.ql index f3a3b0aeffa..07ada04cf2b 100644 --- a/csharp/ql/src/Input Validation/UseOfFileUpload.ql +++ b/csharp/ql/src/Input Validation/UseOfFileUpload.ql @@ -3,6 +3,7 @@ * @description Finds uses of file upload * @kind problem * @problem.severity recommendation + * @problem.security-severity 8.8 * @precision high * @id cs/web/file-upload * @tags security diff --git a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql index 4f7e83b8be0..041c2c80a6d 100644 --- a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql +++ b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql @@ -5,6 +5,7 @@ * but under some circumstances may also result in incorrect results. * @kind problem * @problem.severity warning + * @problem.security-severity 7.0 * @precision medium * @id cs/thread-unsafe-icryptotransform-field-in-class * @tags concurrency diff --git a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql index 1c8018e3b27..cb88a59d928 100644 --- a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql +++ b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql @@ -6,6 +6,7 @@ * but under some circumstances may also result in incorrect results. * @kind problem * @problem.severity warning + * @problem.security-severity 7.0 * @precision medium * @id cs/thread-unsafe-icryptotransform-captured-in-lambda * @tags concurrency diff --git a/csharp/ql/src/Security Features/CWE-016/ASPNetMaxRequestLength.ql b/csharp/ql/src/Security Features/CWE-016/ASPNetMaxRequestLength.ql index d2c232b3bd3..12051fd6cb2 100644 --- a/csharp/ql/src/Security Features/CWE-016/ASPNetMaxRequestLength.ql +++ b/csharp/ql/src/Security Features/CWE-016/ASPNetMaxRequestLength.ql @@ -4,6 +4,7 @@ * denial-of-service attacks. * @kind problem * @problem.severity warning + * @problem.security-severity 7.1 * @id cs/web/large-max-request-length * @tags security * frameworks/asp.net diff --git a/csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql b/csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql index 7985cec592a..272c292ade9 100644 --- a/csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql +++ b/csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql @@ -3,6 +3,7 @@ * @description ASP.NET pages should not disable the built-in request validation. * @kind problem * @problem.severity warning + * @problem.security-severity 7.1 * @id cs/web/request-validation-disabled * @tags security * frameworks/asp.net diff --git a/csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.ql b/csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.ql index 0e3e92fa821..5801527ccd4 100644 --- a/csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.ql +++ b/csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.ql @@ -6,6 +6,7 @@ * @kind problem * @id cs/insecure-request-validation-mode * @problem.severity warning + * @problem.security-severity 7.1 * @tags security * external/cwe/cwe-016 */ diff --git a/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql b/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql index 24de3f11075..9aec49bbdda 100644 --- a/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql +++ b/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql @@ -4,6 +4,7 @@ * @kind problem * @id cs/serialization-check-bypass * @problem.severity warning + * @problem.security-severity 8.6 * @precision medium * @tags security * external/cwe/cwe-20 diff --git a/csharp/ql/src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql b/csharp/ql/src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql index a1183b7392d..f283a243134 100644 --- a/csharp/ql/src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql +++ b/csharp/ql/src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql @@ -5,6 +5,7 @@ * @kind path-problem * @precision low * @problem.severity error + * @problem.security-severity 8.6 * @tags security external/cwe/cwe-20 */ diff --git a/csharp/ql/src/Security Features/CWE-022/TaintedPath.ql b/csharp/ql/src/Security Features/CWE-022/TaintedPath.ql index f25dd129f0c..6d66eed969c 100644 --- a/csharp/ql/src/Security Features/CWE-022/TaintedPath.ql +++ b/csharp/ql/src/Security Features/CWE-022/TaintedPath.ql @@ -3,6 +3,7 @@ * @description Accessing paths influenced by users can allow an attacker to access unexpected resources. * @kind path-problem * @problem.severity error + * @problem.security-severity 8.8 * @precision high * @id cs/path-injection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-022/ZipSlip.ql b/csharp/ql/src/Security Features/CWE-022/ZipSlip.ql index 57a39e39d6c..722b5c6bb84 100644 --- a/csharp/ql/src/Security Features/CWE-022/ZipSlip.ql +++ b/csharp/ql/src/Security Features/CWE-022/ZipSlip.ql @@ -6,6 +6,7 @@ * @kind path-problem * @id cs/zipslip * @problem.severity error + * @problem.security-severity 8.8 * @precision high * @tags security * external/cwe/cwe-022 diff --git a/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql b/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql index ece6dc5a0db..f3a5c63fbf6 100644 --- a/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql +++ b/csharp/ql/src/Security Features/CWE-078/CommandInjection.ql @@ -4,6 +4,7 @@ * user to change the meaning of the command. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id cs/command-line-injection * @tags correctness diff --git a/csharp/ql/src/Security Features/CWE-078/StoredCommandInjection.ql b/csharp/ql/src/Security Features/CWE-078/StoredCommandInjection.ql index b7a3c724d02..83fd776128c 100644 --- a/csharp/ql/src/Security Features/CWE-078/StoredCommandInjection.ql +++ b/csharp/ql/src/Security Features/CWE-078/StoredCommandInjection.ql @@ -4,6 +4,7 @@ * user to change the meaning of the command. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision medium * @id cs/stored-command-line-injection * @tags correctness diff --git a/csharp/ql/src/Security Features/CWE-079/StoredXSS.ql b/csharp/ql/src/Security Features/CWE-079/StoredXSS.ql index 3c9b22583a8..1b032820a10 100644 --- a/csharp/ql/src/Security Features/CWE-079/StoredXSS.ql +++ b/csharp/ql/src/Security Features/CWE-079/StoredXSS.ql @@ -4,6 +4,7 @@ * scripting vulnerability if the data was originally user-provided. * @kind path-problem * @problem.severity error + * @problem.security-severity 6.1 * @precision medium * @id cs/web/stored-xss * @tags security diff --git a/csharp/ql/src/Security Features/CWE-079/XSS.ql b/csharp/ql/src/Security Features/CWE-079/XSS.ql index 77543c3c244..7eba50bb46b 100644 --- a/csharp/ql/src/Security Features/CWE-079/XSS.ql +++ b/csharp/ql/src/Security Features/CWE-079/XSS.ql @@ -4,6 +4,7 @@ * allows for a cross-site scripting vulnerability. * @kind path-problem * @problem.severity error + * @problem.security-severity 6.1 * @precision high * @id cs/web/xss * @tags security diff --git a/csharp/ql/src/Security Features/CWE-089/SecondOrderSqlInjection.ql b/csharp/ql/src/Security Features/CWE-089/SecondOrderSqlInjection.ql index d13702cc9ad..011be2d4ec2 100644 --- a/csharp/ql/src/Security Features/CWE-089/SecondOrderSqlInjection.ql +++ b/csharp/ql/src/Security Features/CWE-089/SecondOrderSqlInjection.ql @@ -4,6 +4,7 @@ * of malicious SQL code by the user. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision medium * @id cs/second-order-sql-injection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-089/SqlInjection.ql b/csharp/ql/src/Security Features/CWE-089/SqlInjection.ql index 3214b34792e..a70dc78e946 100644 --- a/csharp/ql/src/Security Features/CWE-089/SqlInjection.ql +++ b/csharp/ql/src/Security Features/CWE-089/SqlInjection.ql @@ -4,6 +4,7 @@ * malicious SQL code by the user. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id cs/sql-injection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-090/LDAPInjection.ql b/csharp/ql/src/Security Features/CWE-090/LDAPInjection.ql index cbe927fd7dd..5054bf6feb8 100644 --- a/csharp/ql/src/Security Features/CWE-090/LDAPInjection.ql +++ b/csharp/ql/src/Security Features/CWE-090/LDAPInjection.ql @@ -4,6 +4,7 @@ * malicious LDAP code by the user. * @kind path-problem * @problem.severity error + * @problem.security-severity 5.4 * @precision high * @id cs/ldap-injection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-090/StoredLDAPInjection.ql b/csharp/ql/src/Security Features/CWE-090/StoredLDAPInjection.ql index 2618ab3f146..8477c6eb71d 100644 --- a/csharp/ql/src/Security Features/CWE-090/StoredLDAPInjection.ql +++ b/csharp/ql/src/Security Features/CWE-090/StoredLDAPInjection.ql @@ -4,6 +4,7 @@ * insertion of malicious LDAP code by the user. * @kind path-problem * @problem.severity error + * @problem.security-severity 5.4 * @precision medium * @id cs/stored-ldap-injection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql b/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql index f06485e43a1..70a57efe13e 100644 --- a/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql +++ b/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql @@ -5,6 +5,7 @@ * @kind problem * @id cs/xml-injection * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @tags security * external/cwe/cwe-091 diff --git a/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql b/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql index 486328bdf3c..f7ae0d658c7 100644 --- a/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql +++ b/csharp/ql/src/Security Features/CWE-094/CodeInjection.ql @@ -4,6 +4,7 @@ * malicious code. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id cs/code-injection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-099/ResourceInjection.ql b/csharp/ql/src/Security Features/CWE-099/ResourceInjection.ql index d6960ef735e..ff12c992e5d 100644 --- a/csharp/ql/src/Security Features/CWE-099/ResourceInjection.ql +++ b/csharp/ql/src/Security Features/CWE-099/ResourceInjection.ql @@ -4,6 +4,7 @@ * malicious user providing an unintended resource. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id cs/resource-injection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-112/MissingXMLValidation.ql b/csharp/ql/src/Security Features/CWE-112/MissingXMLValidation.ql index ab629d1f4d5..b95277832fc 100644 --- a/csharp/ql/src/Security Features/CWE-112/MissingXMLValidation.ql +++ b/csharp/ql/src/Security Features/CWE-112/MissingXMLValidation.ql @@ -4,6 +4,7 @@ * schema. * @kind path-problem * @problem.severity recommendation + * @problem.security-severity 4.3 * @precision high * @id cs/xml/missing-validation * @tags security diff --git a/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql b/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql index 9b1f1fd20a9..c2ade9d3a14 100644 --- a/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql +++ b/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql @@ -6,6 +6,7 @@ * @kind problem * @id cs/assembly-path-injection * @problem.severity error + * @problem.security-severity 8.2 * @precision high * @tags security * external/cwe/cwe-114 diff --git a/csharp/ql/src/Security Features/CWE-117/LogForging.ql b/csharp/ql/src/Security Features/CWE-117/LogForging.ql index 400beef0daf..d704a0d8f5f 100644 --- a/csharp/ql/src/Security Features/CWE-117/LogForging.ql +++ b/csharp/ql/src/Security Features/CWE-117/LogForging.ql @@ -4,6 +4,7 @@ * insertion of forged log entries by a malicious user. * @kind path-problem * @problem.severity error + * @problem.security-severity 5.3 * @precision high * @id cs/log-forging * @tags security diff --git a/csharp/ql/src/Security Features/CWE-119/LocalUnvalidatedArithmetic.ql b/csharp/ql/src/Security Features/CWE-119/LocalUnvalidatedArithmetic.ql index 9f88c2a4eac..1ad7676a71f 100644 --- a/csharp/ql/src/Security Features/CWE-119/LocalUnvalidatedArithmetic.ql +++ b/csharp/ql/src/Security Features/CWE-119/LocalUnvalidatedArithmetic.ql @@ -5,6 +5,7 @@ * to return any value. * @kind problem * @problem.severity warning + * @problem.security-severity 8.8 * @precision high * @id cs/unvalidated-local-pointer-arithmetic * @tags security diff --git a/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql b/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql index a22c13bbb97..74ceb60f75d 100644 --- a/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql +++ b/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql @@ -4,6 +4,7 @@ * and cause a denial of service. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id cs/uncontrolled-format-string * @tags security diff --git a/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql b/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql index b8b18c6b56d..a3339223505 100644 --- a/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql +++ b/csharp/ql/src/Security Features/CWE-201/ExposureInTransmittedData.ql @@ -3,6 +3,7 @@ * @description Transmitting sensitive information to the user is a potential security risk. * @kind path-problem * @problem.severity error + * @problem.security-severity 4.3 * @precision high * @id cs/sensitive-data-transmission * @tags security diff --git a/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql b/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql index d9db652c8d8..83ce6141ecd 100644 --- a/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql +++ b/csharp/ql/src/Security Features/CWE-209/ExceptionInformationExposure.ql @@ -5,6 +5,7 @@ * developing a subsequent exploit. * @kind path-problem * @problem.severity error + * @problem.security-severity 5.3 * @precision high * @id cs/information-exposure-through-exception * @tags security diff --git a/csharp/ql/src/Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql b/csharp/ql/src/Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql index 33e791feb42..af85925bcf2 100644 --- a/csharp/ql/src/Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql +++ b/csharp/ql/src/Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql @@ -4,6 +4,7 @@ * a global error handler, otherwise they may leak exception information. * @kind problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision high * @id cs/web/missing-global-error-handler * @tags security diff --git a/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql b/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql index 44209db60cb..fa9c047ed66 100644 --- a/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql +++ b/csharp/ql/src/Security Features/CWE-312/CleartextStorage.ql @@ -4,6 +4,7 @@ * attacker. * @kind path-problem * @problem.severity error + * @problem.security-severity 7.5 * @precision high * @id cs/cleartext-storage-of-sensitive-information * @tags security diff --git a/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql b/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql index dbd400b3a95..af62f89be3e 100644 --- a/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql +++ b/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql @@ -5,6 +5,7 @@ * @kind path-problem * @id cs/adding-cert-to-root-store * @problem.severity error + * @problem.security-severity 7.5 * @tags security * external/cwe/cwe-327 */ diff --git a/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql b/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql index ffdbc531ade..0c831ea18cd 100644 --- a/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql +++ b/csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql @@ -4,6 +4,7 @@ * @kind path-problem * @id cs/insecure-sql-connection * @problem.severity error + * @problem.security-severity 7.5 * @precision medium * @tags security * external/cwe/cwe-327 diff --git a/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql b/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql index 134031adf43..194a8435aff 100644 --- a/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql +++ b/csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql @@ -4,6 +4,7 @@ * allows a malicious attacker to submit a request on behalf of the user. * @kind problem * @problem.severity error + * @problem.security-severity 8.8 * @precision high * @id cs/web/missing-token-validation * @tags security diff --git a/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql b/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql index c9a397c02c6..ccaa8e86c2d 100644 --- a/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql +++ b/csharp/ql/src/Security Features/CWE-384/AbandonSession.ql @@ -5,6 +5,7 @@ * their session. * @kind problem * @problem.severity error + * @problem.security-severity 8.8 * @precision high * @id cs/session-reuse * @tags security diff --git a/csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.ql b/csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.ql index abf3f0a55ad..bea1d0f2f74 100644 --- a/csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.ql +++ b/csharp/ql/src/Security Features/CWE-451/MissingXFrameOptions.ql @@ -4,6 +4,7 @@ * overlay their own UI on top of the site by using an iframe. * @kind problem * @problem.severity error + * @problem.security-severity 8.1 * @precision high * @id cs/web/missing-x-frame-options * @tags security diff --git a/csharp/ql/src/Security Features/CWE-502/DeserializedDelegate.ql b/csharp/ql/src/Security Features/CWE-502/DeserializedDelegate.ql index 31d28311908..7997f100596 100644 --- a/csharp/ql/src/Security Features/CWE-502/DeserializedDelegate.ql +++ b/csharp/ql/src/Security Features/CWE-502/DeserializedDelegate.ql @@ -5,6 +5,7 @@ * @kind problem * @id cs/deserialized-delegate * @problem.severity warning + * @problem.security-severity 9.8 * @precision high * @tags security * external/cwe/cwe-502 diff --git a/csharp/ql/src/Security Features/CWE-502/UnsafeDeserialization.ql b/csharp/ql/src/Security Features/CWE-502/UnsafeDeserialization.ql index 40022d40573..b5d7fd76a4b 100644 --- a/csharp/ql/src/Security Features/CWE-502/UnsafeDeserialization.ql +++ b/csharp/ql/src/Security Features/CWE-502/UnsafeDeserialization.ql @@ -5,6 +5,7 @@ * @kind problem * @id cs/unsafe-deserialization * @problem.severity warning + * @problem.security-severity 9.8 * @precision low * @tags security * external/cwe/cwe-502 diff --git a/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql b/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql index 80a3762a8bc..71f1efa4263 100644 --- a/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql +++ b/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql @@ -5,6 +5,7 @@ * @kind path-problem * @id cs/unsafe-deserialization-untrusted-input * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @tags security * external/cwe/cwe-502 diff --git a/csharp/ql/src/Security Features/CWE-601/UrlRedirect.ql b/csharp/ql/src/Security Features/CWE-601/UrlRedirect.ql index a3ece934561..ca401798f82 100644 --- a/csharp/ql/src/Security Features/CWE-601/UrlRedirect.ql +++ b/csharp/ql/src/Security Features/CWE-601/UrlRedirect.ql @@ -4,6 +4,7 @@ * may cause redirection to malicious web sites. * @kind path-problem * @problem.severity error + * @problem.security-severity 6.1 * @precision high * @id cs/web/unvalidated-url-redirection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-611/UntrustedDataInsecureXml.ql b/csharp/ql/src/Security Features/CWE-611/UntrustedDataInsecureXml.ql index 9acb765252f..1c9efaa0753 100644 --- a/csharp/ql/src/Security Features/CWE-611/UntrustedDataInsecureXml.ql +++ b/csharp/ql/src/Security Features/CWE-611/UntrustedDataInsecureXml.ql @@ -3,6 +3,7 @@ * @description Untrusted XML is read with an insecure resolver and DTD processing enabled. * @kind path-problem * @problem.severity error + * @problem.security-severity 8.8 * @precision high * @id cs/xml/insecure-dtd-handling * @tags security diff --git a/csharp/ql/src/Security Features/CWE-611/UseXmlSecureResolver.ql b/csharp/ql/src/Security Features/CWE-611/UseXmlSecureResolver.ql index d1159a39f99..30d1bf6a729 100644 --- a/csharp/ql/src/Security Features/CWE-611/UseXmlSecureResolver.ql +++ b/csharp/ql/src/Security Features/CWE-611/UseXmlSecureResolver.ql @@ -4,6 +4,7 @@ * be restricted using a secure resolver or disabling DTD processing. * @kind problem * @problem.severity warning + * @problem.security-severity 8.8 * @precision low * @id cs/insecure-xml-read * @tags security diff --git a/csharp/ql/src/Security Features/CWE-614/RequireSSL.ql b/csharp/ql/src/Security Features/CWE-614/RequireSSL.ql index 0cfd4868c29..b8b6c082330 100644 --- a/csharp/ql/src/Security Features/CWE-614/RequireSSL.ql +++ b/csharp/ql/src/Security Features/CWE-614/RequireSSL.ql @@ -5,6 +5,7 @@ * is used at all times. * @kind problem * @problem.severity error + * @problem.security-severity 7.5 * @precision high * @id cs/web/requiressl-not-set * @tags security diff --git a/csharp/ql/src/Security Features/CWE-730/ReDoS.ql b/csharp/ql/src/Security Features/CWE-730/ReDoS.ql index 94db79a0693..cf2d45c4750 100644 --- a/csharp/ql/src/Security Features/CWE-730/ReDoS.ql +++ b/csharp/ql/src/Security Features/CWE-730/ReDoS.ql @@ -4,6 +4,7 @@ * exponential time on certain input. * @kind path-problem * @problem.severity error + * @problem.security-severity 7.5 * @precision high * @id cs/redos * @tags security diff --git a/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql b/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql index ad0974235e9..04e2aec2487 100644 --- a/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql +++ b/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql @@ -5,6 +5,7 @@ * exponential time on certain inputs. * @kind path-problem * @problem.severity error + * @problem.security-severity 7.5 * @precision high * @id cs/regex-injection * @tags security diff --git a/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql b/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql index b9e2ee248cc..2ee8b03d7a7 100644 --- a/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql +++ b/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql @@ -3,6 +3,7 @@ * @description Credentials are hard-coded in a connection string in the source code of the application. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id cs/hardcoded-connection-string-credentials * @tags security diff --git a/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql b/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql index 06b69d95b5f..b2b49dc3a97 100644 --- a/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql +++ b/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql @@ -3,6 +3,7 @@ * @description Credentials are hard coded in the source code of the application. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id cs/hardcoded-credentials * @tags security diff --git a/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql b/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql index e3ba8463b76..1a20fddc5e7 100644 --- a/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql +++ b/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql @@ -4,6 +4,7 @@ * passing through authentication systems. * @kind path-problem * @problem.severity error + * @problem.security-severity 5.8 * @precision high * @id cs/user-controlled-bypass * @tags security diff --git a/csharp/ql/src/Security Features/CWE-838/InappropriateEncoding.ql b/csharp/ql/src/Security Features/CWE-838/InappropriateEncoding.ql index 88a0b970a7a..6c032d40384 100644 --- a/csharp/ql/src/Security Features/CWE-838/InappropriateEncoding.ql +++ b/csharp/ql/src/Security Features/CWE-838/InappropriateEncoding.ql @@ -4,6 +4,7 @@ * pose a security risk. * @kind path-problem * @problem.severity error + * @problem.security-severity 4.3 * @precision low * @id cs/inappropriate-encoding * @tags security diff --git a/csharp/ql/src/Security Features/CookieWithOverlyBroadDomain.ql b/csharp/ql/src/Security Features/CookieWithOverlyBroadDomain.ql index f3cce1c36f5..d08a1745422 100644 --- a/csharp/ql/src/Security Features/CookieWithOverlyBroadDomain.ql +++ b/csharp/ql/src/Security Features/CookieWithOverlyBroadDomain.ql @@ -3,6 +3,7 @@ * @description Finds cookies with an overly broad domain. * @kind problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision high * @id cs/web/broad-cookie-domain * @tags security diff --git a/csharp/ql/src/Security Features/CookieWithOverlyBroadPath.ql b/csharp/ql/src/Security Features/CookieWithOverlyBroadPath.ql index a75b41794dd..9c794ed07dc 100644 --- a/csharp/ql/src/Security Features/CookieWithOverlyBroadPath.ql +++ b/csharp/ql/src/Security Features/CookieWithOverlyBroadPath.ql @@ -3,6 +3,7 @@ * @description Finds cookies with an overly broad path. * @kind problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision high * @id cs/web/broad-cookie-path * @tags security diff --git a/csharp/ql/src/Security Features/Encryption using ECB.ql b/csharp/ql/src/Security Features/Encryption using ECB.ql index 2d36bd99306..84d0a10bea1 100644 --- a/csharp/ql/src/Security Features/Encryption using ECB.ql +++ b/csharp/ql/src/Security Features/Encryption using ECB.ql @@ -3,6 +3,7 @@ * @description Highlights uses of the encryption mode 'CipherMode.ECB'. This mode should normally not be used because it is vulnerable to replay attacks. * @kind problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision high * @id cs/ecb-encryption * @tags security diff --git a/csharp/ql/src/Security Features/HeaderCheckingDisabled.ql b/csharp/ql/src/Security Features/HeaderCheckingDisabled.ql index 85793c0a730..c8431c11a94 100644 --- a/csharp/ql/src/Security Features/HeaderCheckingDisabled.ql +++ b/csharp/ql/src/Security Features/HeaderCheckingDisabled.ql @@ -3,6 +3,7 @@ * @description Finds places where header checking is disabled. * @kind problem * @problem.severity warning + * @problem.security-severity 8.8 * @precision high * @id cs/web/disabled-header-checking * @tags security diff --git a/csharp/ql/src/Security Features/InadequateRSAPadding.ql b/csharp/ql/src/Security Features/InadequateRSAPadding.ql index 6176e4ac74e..5ed496007a7 100644 --- a/csharp/ql/src/Security Features/InadequateRSAPadding.ql +++ b/csharp/ql/src/Security Features/InadequateRSAPadding.ql @@ -3,6 +3,7 @@ * @description Finds uses of RSA encryption with inadequate padding. * @kind problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision high * @id cs/inadequate-rsa-padding * @tags security diff --git a/csharp/ql/src/Security Features/InsecureRandomness.ql b/csharp/ql/src/Security Features/InsecureRandomness.ql index ef1665819f7..7f97e73401f 100644 --- a/csharp/ql/src/Security Features/InsecureRandomness.ql +++ b/csharp/ql/src/Security Features/InsecureRandomness.ql @@ -5,6 +5,7 @@ * be generated. * @kind path-problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision high * @id cs/insecure-randomness * @tags security diff --git a/csharp/ql/src/Security Features/InsufficientKeySize.ql b/csharp/ql/src/Security Features/InsufficientKeySize.ql index d5e50a60d7f..6e0f77c3096 100644 --- a/csharp/ql/src/Security Features/InsufficientKeySize.ql +++ b/csharp/ql/src/Security Features/InsufficientKeySize.ql @@ -3,6 +3,7 @@ * @description Finds uses of encryption algorithms with too small a key size * @kind problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision high * @id cs/insufficient-key-size * @tags security diff --git a/csharp/ql/src/Security Features/WeakEncryption.ql b/csharp/ql/src/Security Features/WeakEncryption.ql index e0666d48d19..d0a36cbb458 100644 --- a/csharp/ql/src/Security Features/WeakEncryption.ql +++ b/csharp/ql/src/Security Features/WeakEncryption.ql @@ -3,6 +3,7 @@ * @description Finds uses of encryption algorithms that are weak and obsolete * @kind problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision high * @id cs/weak-encryption * @tags security diff --git a/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql b/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql index 513c658cf92..7a64fa99c0a 100644 --- a/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql +++ b/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql @@ -4,6 +4,7 @@ * accessing resources influenced by users can allow an attacker to access local files. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id cs/webclient-path-injection * @tags security diff --git a/java/ql/src/Frameworks/JavaEE/EJB/EjbNative.ql b/java/ql/src/Frameworks/JavaEE/EJB/EjbNative.ql index 16736a1669e..300e4919d83 100644 --- a/java/ql/src/Frameworks/JavaEE/EJB/EjbNative.ql +++ b/java/ql/src/Frameworks/JavaEE/EJB/EjbNative.ql @@ -4,6 +4,7 @@ * Such use could compromise security and system stability. * @kind problem * @problem.severity error + * @problem.security-severity 4.3 * @precision low * @id java/ejb/native-code * @tags reliability diff --git a/java/ql/src/Frameworks/JavaEE/EJB/EjbReflection.ql b/java/ql/src/Frameworks/JavaEE/EJB/EjbReflection.ql index fa28edc7393..746bf627076 100644 --- a/java/ql/src/Frameworks/JavaEE/EJB/EjbReflection.ql +++ b/java/ql/src/Frameworks/JavaEE/EJB/EjbReflection.ql @@ -4,6 +4,7 @@ * as this could compromise security. * @kind problem * @problem.severity error + * @problem.security-severity 4.3 * @precision low * @id java/ejb/reflection * @tags external/cwe/cwe-573 diff --git a/java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.ql b/java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.ql index eb08dcb8060..6567f4a3805 100644 --- a/java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.ql +++ b/java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.ql @@ -5,6 +5,7 @@ * This functionality is reserved for the EJB container for security reasons. * @kind problem * @problem.severity error + * @problem.security-severity 4.3 * @precision low * @id java/ejb/security-configuration-access * @tags external/cwe/cwe-573 diff --git a/java/ql/src/Frameworks/JavaEE/EJB/EjbSerialization.ql b/java/ql/src/Frameworks/JavaEE/EJB/EjbSerialization.ql index d6e5c1fc9b1..4a7859292c8 100644 --- a/java/ql/src/Frameworks/JavaEE/EJB/EjbSerialization.ql +++ b/java/ql/src/Frameworks/JavaEE/EJB/EjbSerialization.ql @@ -4,6 +4,7 @@ * the Java serialization protocol, since their use could compromise security. * @kind problem * @problem.severity error + * @problem.security-severity 4.3 * @precision low * @id java/ejb/substitution-in-serialization * @tags external/cwe/cwe-573 diff --git a/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql b/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql index aec8e9bc94c..58d72351607 100644 --- a/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql +++ b/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql @@ -5,6 +5,7 @@ * numeric errors such as overflows. * @kind problem * @problem.severity warning + * @problem.security-severity 8.1 * @precision very-high * @id java/implicit-cast-in-compound-assignment * @tags reliability diff --git a/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql b/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql index 7f87d6bd062..86246307d64 100644 --- a/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql +++ b/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql @@ -4,6 +4,7 @@ * guarantee an evenly distributed sequence of random numbers. * @kind problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision medium * @id java/random-used-once * @tags reliability diff --git a/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql b/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql index 35c6a69c022..d4dd24461e4 100644 --- a/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql +++ b/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql @@ -5,6 +5,7 @@ * @kind path-problem * @precision low * @problem.severity error + * @problem.security-severity 8.6 * @tags security external/cwe/cwe-20 */ diff --git a/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql b/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql index 01d89cc8e06..29f4bc8ef52 100644 --- a/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql +++ b/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql @@ -3,6 +3,7 @@ * @description Accessing paths influenced by users can allow an attacker to access unexpected resources. * @kind path-problem * @problem.severity error + * @problem.security-severity 8.8 * @precision high * @id java/path-injection * @tags security diff --git a/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql b/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql index a64f88997e8..f10e4266cc4 100644 --- a/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql +++ b/java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql @@ -3,6 +3,7 @@ * @description Accessing paths influenced by users can allow an attacker to access unexpected resources. * @kind path-problem * @problem.severity recommendation + * @problem.security-severity 8.8 * @precision medium * @id java/path-injection-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql b/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql index 7d74f8b79ac..47115bcf049 100644 --- a/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql +++ b/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql @@ -6,6 +6,7 @@ * @kind path-problem * @id java/zipslip * @problem.severity error + * @problem.security-severity 8.8 * @precision high * @tags security * external/cwe/cwe-022 diff --git a/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql b/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql index 80cd9c0dee3..ee2df08cf42 100644 --- a/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql +++ b/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql @@ -4,6 +4,7 @@ * malicious changes in the PATH environment variable. * @kind problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision medium * @id java/relative-path-command * @tags security diff --git a/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql b/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql index 7b191e76241..3c4ac0abace 100644 --- a/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql +++ b/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql @@ -4,6 +4,7 @@ * changes in the strings. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/command-line-injection * @tags security diff --git a/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql b/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql index f7c49dbd4f6..3bd007ef153 100644 --- a/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql +++ b/java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql @@ -4,6 +4,7 @@ * changes in the strings. * @kind path-problem * @problem.severity recommendation + * @problem.security-severity 9.8 * @precision medium * @id java/command-line-injection-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql b/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql index a0fa793872f..b3eadf96f62 100644 --- a/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql +++ b/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql @@ -4,6 +4,7 @@ * insertion of special characters in the strings. * @kind problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/concatenated-command-line * @tags security diff --git a/java/ql/src/Security/CWE/CWE-079/XSS.ql b/java/ql/src/Security/CWE/CWE-079/XSS.ql index ae7cec3277d..3ba70aa6f79 100644 --- a/java/ql/src/Security/CWE/CWE-079/XSS.ql +++ b/java/ql/src/Security/CWE/CWE-079/XSS.ql @@ -4,6 +4,7 @@ * allows for a cross-site scripting vulnerability. * @kind path-problem * @problem.severity error + * @problem.security-severity 6.1 * @precision high * @id java/xss * @tags security diff --git a/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql b/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql index a11a3ade0fd..062f5a21f08 100644 --- a/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql +++ b/java/ql/src/Security/CWE/CWE-079/XSSLocal.ql @@ -4,6 +4,7 @@ * allows for a cross-site scripting vulnerability. * @kind path-problem * @problem.severity recommendation + * @problem.security-severity 6.1 * @precision medium * @id java/xss-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql b/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql index 86e98754c14..3a0c5551df5 100644 --- a/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql +++ b/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql @@ -4,6 +4,7 @@ * malicious code by the user. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/sql-injection * @tags security diff --git a/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql b/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql index 56c052e7b1b..938a704d4f2 100644 --- a/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql +++ b/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql @@ -4,6 +4,7 @@ * malicious code by the user. * @kind path-problem * @problem.severity recommendation + * @problem.security-severity 9.8 * @precision medium * @id java/sql-injection-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql b/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql index c6fd810b74c..16965d6d1f8 100644 --- a/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql +++ b/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql @@ -4,6 +4,7 @@ * characters is vulnerable to insertion of malicious code. * @kind problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/concatenated-sql-query * @tags security diff --git a/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql b/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql index 6b5b37f1093..aa63d2c01db 100644 --- a/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql +++ b/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql @@ -4,6 +4,7 @@ * malicious LDAP code by the user. * @kind path-problem * @problem.severity error + * @problem.security-severity 5.4 * @precision high * @id java/ldap-injection * @tags security diff --git a/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql b/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql index 6b8ab085132..3ad73c28381 100644 --- a/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql +++ b/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql @@ -3,6 +3,7 @@ * @description User-controlled data may be evaluated as a Java EL expression, leading to arbitrary code execution. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/insecure-bean-validation * @tags security diff --git a/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql b/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql index 0193093e72c..8d6f4c2cd20 100644 --- a/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql +++ b/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql @@ -5,6 +5,7 @@ * an HTTP header. * @kind problem * @problem.severity error + * @problem.security-severity 8.8 * @precision high * @id java/netty-http-response-splitting * @tags security diff --git a/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql b/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql index add36e91963..e5ec5d466fe 100644 --- a/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql +++ b/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql @@ -4,6 +4,7 @@ * makes code vulnerable to attack by header splitting. * @kind path-problem * @problem.severity error + * @problem.security-severity 8.8 * @precision high * @id java/http-response-splitting * @tags security diff --git a/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql b/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql index 7a748276aba..0056e3c9f82 100644 --- a/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql +++ b/java/ql/src/Security/CWE/CWE-113/ResponseSplittingLocal.ql @@ -4,6 +4,7 @@ * makes code vulnerable to attack by header splitting. * @kind path-problem * @problem.severity recommendation + * @problem.security-severity 8.8 * @precision medium * @id java/http-response-splitting-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql index b3d9b9f1884..4f48c8cb759 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql @@ -3,6 +3,7 @@ * @description Using unvalidated external input as the argument to a construction of an array can lead to index out of bound exceptions. * @kind path-problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision medium * @id java/improper-validation-of-array-construction * @tags security diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql index 16519955c6d..89a22674851 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql @@ -4,6 +4,7 @@ * a construction of an array can lead to index out of bound exceptions. * @kind path-problem * @problem.severity recommendation + * @problem.security-severity 9.8 * @precision medium * @id java/improper-validation-of-array-construction-code-specified * @tags security diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql index 6938946ce0c..7b8fcf4d4fc 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionLocal.ql @@ -4,6 +4,7 @@ * a construction of an array can lead to index out of bound exceptions. * @kind path-problem * @problem.severity recommendation + * @problem.security-severity 9.8 * @precision medium * @id java/improper-validation-of-array-construction-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql index 9f0d9fa92a2..8fd94d6fe95 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql @@ -3,6 +3,7 @@ * @description Using external input as an index to an array, without proper validation, can lead to index out of bound exceptions. * @kind path-problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision medium * @id java/improper-validation-of-array-index * @tags security diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql index 9d0098cab63..c55045b2091 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql @@ -4,6 +4,7 @@ * proper validation, can lead to index out of bound exceptions. * @kind path-problem * @problem.severity recommendation + * @problem.security-severity 9.8 * @precision medium * @id java/improper-validation-of-array-index-code-specified * @tags security diff --git a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql index 37e68292f66..1390ecabfbd 100644 --- a/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql +++ b/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexLocal.ql @@ -4,6 +4,7 @@ * proper validation, can lead to index out of bound exceptions. * @kind path-problem * @problem.severity recommendation + * @problem.security-severity 9.8 * @precision medium * @id java/improper-validation-of-array-index-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql index 7a9e3a2baab..4f80e05484a 100644 --- a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql +++ b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql @@ -3,6 +3,7 @@ * @description Using external input in format strings can lead to exceptions or information leaks. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/tainted-format-string * @tags security diff --git a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql index 72f2c4e4bd7..822a0e5ae2e 100644 --- a/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql +++ b/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatStringLocal.ql @@ -3,6 +3,7 @@ * @description Using external input in format strings can lead to exceptions or information leaks. * @kind path-problem * @problem.severity recommendation + * @problem.security-severity 9.8 * @precision medium * @id java/tainted-format-string-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql b/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql index 958698d46eb..0d74e841565 100644 --- a/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql +++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql @@ -4,6 +4,7 @@ * overflows. * @kind path-problem * @problem.severity warning + * @problem.security-severity 8.1 * @precision medium * @id java/tainted-arithmetic * @tags security diff --git a/java/ql/src/Security/CWE/CWE-190/ArithmeticTaintedLocal.ql b/java/ql/src/Security/CWE/CWE-190/ArithmeticTaintedLocal.ql index 3b6da268508..a9cb4f6ec90 100644 --- a/java/ql/src/Security/CWE/CWE-190/ArithmeticTaintedLocal.ql +++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticTaintedLocal.ql @@ -4,6 +4,7 @@ * overflows. * @kind path-problem * @problem.severity recommendation + * @problem.security-severity 8.1 * @precision medium * @id java/tainted-arithmetic-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql b/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql index c0814e42ef7..3701c53bd57 100644 --- a/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql +++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql @@ -4,6 +4,7 @@ * overflows. * @kind path-problem * @problem.severity warning + * @problem.security-severity 8.1 * @precision medium * @id java/uncontrolled-arithmetic * @tags security diff --git a/java/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql b/java/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql index 0264b9d9b27..400cb42647c 100644 --- a/java/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql +++ b/java/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql @@ -4,6 +4,7 @@ * is then used in an arithmetic expression, this may result in an overflow. * @kind path-problem * @problem.severity recommendation + * @problem.security-severity 8.1 * @precision medium * @id java/extreme-value-arithmetic * @tags security diff --git a/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql b/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql index 03138948178..411bb93d6a4 100644 --- a/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql +++ b/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql @@ -4,6 +4,7 @@ * to behave unexpectedly. * @kind problem * @problem.severity warning + * @problem.security-severity 8.1 * @precision medium * @id java/comparison-with-wider-type * @tags reliability diff --git a/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql b/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql index 3426d9f6f62..aad03bb1816 100644 --- a/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql +++ b/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql @@ -5,6 +5,7 @@ * that are useful to an attacker for developing a subsequent exploit. * @kind problem * @problem.severity error + * @problem.security-severity 5.3 * @precision high * @id java/stack-trace-exposure * @tags security diff --git a/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql b/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql index 9c060565f28..0d1e2933a31 100644 --- a/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql +++ b/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql @@ -3,6 +3,7 @@ * @description Marking a certificate as valid for a host without checking the certificate hostname allows an attacker to perform a machine-in-the-middle attack. * @kind path-problem * @problem.severity error + * @problem.security-severity 6.8 * @precision high * @id java/unsafe-hostname-verification * @tags security diff --git a/java/ql/src/Security/CWE/CWE-312/CleartextStorageClass.ql b/java/ql/src/Security/CWE/CWE-312/CleartextStorageClass.ql index 41919152c6a..0c6f321d20b 100644 --- a/java/ql/src/Security/CWE/CWE-312/CleartextStorageClass.ql +++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorageClass.ql @@ -3,6 +3,7 @@ * @description Storing sensitive information in cleartext can expose it to an attacker. * @kind problem * @problem.severity recommendation + * @problem.security-severity 7.5 * @precision medium * @id java/cleartext-storage-in-class * @tags security diff --git a/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql b/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql index 7a9626f94dd..457ed1d8b31 100644 --- a/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql +++ b/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql @@ -3,6 +3,7 @@ * @description Storing sensitive information in cleartext can expose it to an attacker. * @kind problem * @problem.severity warning + * @problem.security-severity 6.5 * @precision medium * @id java/cleartext-storage-in-properties * @tags security diff --git a/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql b/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql index 306bf27ab9c..9b2b787be59 100644 --- a/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql +++ b/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql @@ -3,6 +3,7 @@ * @description Non-HTTPS connections can be intercepted by third parties. * @kind path-problem * @problem.severity recommendation + * @problem.security-severity 7.5 * @precision medium * @id java/non-https-url * @tags security diff --git a/java/ql/src/Security/CWE/CWE-319/UseSSL.ql b/java/ql/src/Security/CWE/CWE-319/UseSSL.ql index 070c766ba10..d0a498dcacc 100644 --- a/java/ql/src/Security/CWE/CWE-319/UseSSL.ql +++ b/java/ql/src/Security/CWE/CWE-319/UseSSL.ql @@ -3,6 +3,7 @@ * @description Non-SSL connections can be intercepted by third parties. * @kind problem * @problem.severity recommendation + * @problem.security-severity 7.5 * @precision medium * @id java/non-ssl-connection * @tags security diff --git a/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql b/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql index b594f9d8fc1..5520bb012da 100644 --- a/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql +++ b/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql @@ -4,6 +4,7 @@ * third parties. * @kind problem * @problem.severity recommendation + * @problem.security-severity 7.5 * @precision medium * @id java/non-ssl-socket-factory * @tags security diff --git a/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql b/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql index d67637b0a48..e5cbe755580 100644 --- a/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql +++ b/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql @@ -3,6 +3,7 @@ * @description Using broken or weak cryptographic algorithms can allow an attacker to compromise security. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision high * @id java/weak-cryptographic-algorithm * @tags security diff --git a/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql b/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql index 7b026efb7ae..a0c370d7eb4 100644 --- a/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql +++ b/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql @@ -3,6 +3,7 @@ * @description Using broken or weak cryptographic algorithms can allow an attacker to compromise security. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision medium * @id java/potentially-weak-cryptographic-algorithm * @tags security diff --git a/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql b/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql index 8eda68ebe70..7300c257e5a 100644 --- a/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql +++ b/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql @@ -3,6 +3,7 @@ * @description Using a vulnerable version of JHipster to generate random numbers makes it easier for attackers to take over accounts. * @kind problem * @problem.severity error + * @problem.security-severity 9.8 * @precision very-high * @id java/jhipster-prng * @tags security diff --git a/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql b/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql index 354dee75d83..225095a47e3 100644 --- a/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql +++ b/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql @@ -4,6 +4,7 @@ * a Cross-Site Request Forgery (CSRF) attack. * @kind problem * @problem.severity error + * @problem.security-severity 8.8 * @precision high * @id java/spring-disabled-csrf-protection * @tags security diff --git a/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql b/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql index d88b946e44d..c87cf52eb8c 100644 --- a/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql +++ b/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql @@ -4,6 +4,7 @@ * if the state may be changed between the check and use. * @kind problem * @problem.severity warning + * @problem.security-severity 7.0 * @precision medium * @id java/toctou-race-condition * @tags security diff --git a/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql b/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql index bb4df03cd4f..93544060d9d 100644 --- a/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql +++ b/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql @@ -4,6 +4,7 @@ * execute arbitrary code. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/unsafe-deserialization * @tags security diff --git a/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql b/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql index 455f6add626..308e096be3e 100644 --- a/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql +++ b/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql @@ -4,6 +4,7 @@ * may cause redirection to malicious web sites. * @kind path-problem * @problem.severity error + * @problem.security-severity 6.1 * @precision high * @id java/unvalidated-url-redirection * @tags security diff --git a/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql b/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql index e060d15ab9f..81135dc6668 100644 --- a/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql +++ b/java/ql/src/Security/CWE/CWE-601/UrlRedirectLocal.ql @@ -4,6 +4,7 @@ * may cause redirection to malicious web sites. * @kind path-problem * @problem.severity recommendation + * @problem.security-severity 6.1 * @precision medium * @id java/unvalidated-url-redirection-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-611/XXE.ql b/java/ql/src/Security/CWE/CWE-611/XXE.ql index 432cc6d38d7..934af879d98 100644 --- a/java/ql/src/Security/CWE/CWE-611/XXE.ql +++ b/java/ql/src/Security/CWE/CWE-611/XXE.ql @@ -4,6 +4,7 @@ * references may lead to disclosure of confidential data or denial of service. * @kind path-problem * @problem.severity error + * @problem.security-severity 8.8 * @precision high * @id java/xxe * @tags security diff --git a/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql b/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql index 1f54800a091..64adf03eb8a 100644 --- a/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql +++ b/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql @@ -4,6 +4,7 @@ * can cause unexpected truncation. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.0 * @precision high * @id java/tainted-numeric-cast * @tags security diff --git a/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql b/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql index 9dadb0ae443..746290761e0 100644 --- a/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql +++ b/java/ql/src/Security/CWE/CWE-681/NumericCastTaintedLocal.ql @@ -4,6 +4,7 @@ * can cause unexpected truncation. * @kind path-problem * @problem.severity recommendation + * @problem.security-severity 9.0 * @precision medium * @id java/tainted-numeric-cast-local * @tags security diff --git a/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql b/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql index f87733f0e9f..66b4f0ecc6a 100644 --- a/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql +++ b/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql @@ -4,6 +4,7 @@ * the file may be modified or removed by external actors. * @kind problem * @problem.severity error + * @problem.security-severity 7.8 * @precision high * @id java/world-writable-file-read * @tags security diff --git a/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql b/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql index c76527bc538..5c6cd48fb87 100644 --- a/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql +++ b/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql @@ -3,6 +3,7 @@ * @description Using a hard-coded credential in a call to a sensitive Java API may compromise security. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision medium * @id java/hardcoded-credential-api-call * @tags security diff --git a/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsComparison.ql b/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsComparison.ql index 0d955b4ed08..38de6015506 100644 --- a/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsComparison.ql +++ b/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsComparison.ql @@ -3,6 +3,7 @@ * @description Comparing a parameter to a hard-coded credential may compromise security. * @kind problem * @problem.severity error + * @problem.security-severity 9.8 * @precision low * @id java/hardcoded-credential-comparison * @tags security diff --git a/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsSourceCall.ql b/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsSourceCall.ql index 93d0dde665a..94a9958391d 100644 --- a/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsSourceCall.ql +++ b/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsSourceCall.ql @@ -3,6 +3,7 @@ * @description Using a hard-coded credential in a sensitive call may compromise security. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision low * @id java/hardcoded-credential-sensitive-call * @tags security diff --git a/java/ql/src/Security/CWE/CWE-798/HardcodedPasswordField.ql b/java/ql/src/Security/CWE/CWE-798/HardcodedPasswordField.ql index 7c0ca38263e..7f0a47fafce 100644 --- a/java/ql/src/Security/CWE/CWE-798/HardcodedPasswordField.ql +++ b/java/ql/src/Security/CWE/CWE-798/HardcodedPasswordField.ql @@ -3,6 +3,7 @@ * @description Hard-coding a password string may compromise security. * @kind problem * @problem.severity error + * @problem.security-severity 9.8 * @precision low * @id java/hardcoded-password-field * @tags security diff --git a/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql b/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql index fd813dd3dd8..fff9522754d 100644 --- a/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql +++ b/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql @@ -4,6 +4,7 @@ * passing through authentication systems. * @kind path-problem * @problem.severity error + * @problem.security-severity 7.7 * @precision medium * @id java/user-controlled-bypass * @tags security diff --git a/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql b/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql index 542b98b157d..a1b32e17d88 100644 --- a/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql +++ b/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql @@ -4,6 +4,7 @@ * permissions being granted. * @kind path-problem * @problem.severity error + * @problem.security-severity 7.7 * @precision high * @id java/tainted-permissions-check * @tags security diff --git a/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql b/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql index 50c2dc1e05e..758c1b6af0e 100644 --- a/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql +++ b/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql @@ -3,6 +3,7 @@ * @description Non-HTTPS connections can be intercepted by third parties. * @kind problem * @problem.severity error + * @problem.security-severity 8.8 * @precision very-high * @id java/maven/non-https-url * @tags security diff --git a/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql b/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql index cc02dfb3f09..026753fabcf 100644 --- a/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql +++ b/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql @@ -5,6 +5,7 @@ * looping. * @kind problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision medium * @id java/unreachable-exit-in-loop * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql b/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql index 85daa77cc56..9da05a9e61f 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql @@ -4,6 +4,7 @@ * or even to remote code execution. * @kind problem * @problem.severity error + * @problem.security-severity 7.1 * @precision high * @id java/spring-boot-exposed-actuators * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-074/JndiInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-074/JndiInjection.ql index 2b1af37dcae..8bbba3f813a 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-074/JndiInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-074/JndiInjection.ql @@ -4,6 +4,7 @@ * object and to execution of arbitrary code. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/jndi-injection * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-074/XsltInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-074/XsltInjection.ql index 1403573e4b1..795a6ab49e4 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-074/XsltInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-074/XsltInjection.ql @@ -4,6 +4,7 @@ * information disclosure or execution of arbitrary code. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/xslt-injection * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/InsecureDexLoading.ql b/java/ql/src/experimental/Security/CWE/CWE-094/InsecureDexLoading.ql index bae3ed63d70..91492adddef 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/InsecureDexLoading.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/InsecureDexLoading.ql @@ -4,6 +4,7 @@ * an SD card can lead to arbitrary code execution vulnerabilities. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/android-insecure-dex-loading * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.ql index 8190ec3d61f..a4b205e0f9e 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.ql @@ -4,6 +4,7 @@ * may lead to arbitrary code execution. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/javaee-expression-injection * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.ql index 2a23dd7368d..f1807676ac3 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.ql @@ -4,6 +4,7 @@ * may lead to arbitrary code execution. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/jexl-expression-injection * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/MvelInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/MvelInjection.ql index d32c33c343c..84644848196 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/MvelInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/MvelInjection.ql @@ -4,6 +4,7 @@ * may lead to remote code execution. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/mvel-expression-injection * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/ScriptEngine.ql b/java/ql/src/experimental/Security/CWE/CWE-094/ScriptEngine.ql index 5e52a61b5c3..1efc857167e 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/ScriptEngine.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/ScriptEngine.ql @@ -3,6 +3,7 @@ * @description Malicious Javascript code could cause arbitrary command execution at the OS level * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/unsafe-eval * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SpelInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/SpelInjection.ql index d9914c4d512..cd357c53b2f 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/SpelInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpelInjection.ql @@ -4,6 +4,7 @@ * may lead to remote code execution. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/spel-expression-injection * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql b/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql index e4ec03ed956..091b15dd80e 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql @@ -3,6 +3,7 @@ * @description Untrusted input in a Spring View Controller can lead to RCE. * @kind problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/spring-view-manipulation-implicit * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.ql b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.ql index 3c490e6bf68..f3d6c493395 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.ql @@ -3,6 +3,7 @@ * @description Untrusted input in a Spring View can lead to RCE. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/spring-view-manipulation * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-117/LogInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-117/LogInjection.ql index 7183c74b5bf..367deaa5708 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-117/LogInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-117/LogInjection.ql @@ -4,6 +4,7 @@ * insertion of forged log entries by a malicious user. * @kind path-problem * @problem.severity error + * @problem.security-severity 5.3 * @precision high * @id java/log-injection * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-273/UnsafeCertTrust.ql b/java/ql/src/experimental/Security/CWE/CWE-273/UnsafeCertTrust.ql index 9efdcbf4c6e..3c7e8c306b1 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-273/UnsafeCertTrust.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-273/UnsafeCertTrust.ql @@ -6,6 +6,7 @@ * the app vulnerable to man-in-the-middle attacks. * @kind problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision medium * @id java/unsafe-cert-trust * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql b/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql index f664f4ce953..429a667f579 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql @@ -5,6 +5,7 @@ * attacks. * @kind problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision medium * @id java/jxbrowser/disabled-certificate-validation * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-297/InsecureJavaMail.ql b/java/ql/src/experimental/Security/CWE/CWE-297/InsecureJavaMail.ql index c17c83448cb..c102020aca7 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-297/InsecureJavaMail.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-297/InsecureJavaMail.ql @@ -5,6 +5,7 @@ * ensure that it is actually associated with that host. * @kind problem * @problem.severity warning + * @problem.security-severity 6.8 * @precision medium * @id java/insecure-smtp-ssl * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql b/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql index 9fa2fe596fd..d2642ba992b 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql @@ -5,6 +5,7 @@ * properly ensure that it is actually associated with that host. * @kind problem * @problem.severity warning + * @problem.security-severity 6.8 * @precision medium * @id java/insecure-ldaps-endpoint * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql b/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql index c38cc39b126..32f566e3743 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql @@ -4,6 +4,7 @@ * Therefore, revocation status of certificates in a chain should be checked. * @kind path-problem * @problem.severity error + * @problem.security-severity 6.4 * @precision high * @id java/disabled-certificate-revocation-checking * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql b/java/ql/src/experimental/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql index b10741c2048..44559f9e7b5 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql @@ -5,6 +5,7 @@ * privileges or unexpected exposure from chained vulnerabilities. * @kind problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision medium * @id java/android/cleartext-storage-shared-prefs * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql index 155d05abfae..c35bd7c45cc 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql @@ -3,6 +3,7 @@ * @description Finds uses of encryption algorithms with too small a key size * @kind problem * @problem.severity warning + * @problem.security-severity 8.4 * @precision medium * @id java/insufficient-key-size * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql b/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql index 38d7144049d..0b8c68cf2a3 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql @@ -4,6 +4,7 @@ * TLS 1.3 or at least TLS 1.2 should be used. * @kind path-problem * @problem.severity error + * @problem.security-severity 7.5 * @precision high * @id java/unsafe-tls-version * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql b/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql index c5a6c36d6a6..1ab495f0e5a 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql @@ -3,6 +3,7 @@ * @description CORS header is derived from untrusted input, allowing a remote user to control which origins are trusted. * @kind path-problem * @problem.severity error + * @problem.security-severity 7.8 * @precision high * @id java/unvalidated-cors-origin-set * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql index 71ee842f162..1dd5f34e38f 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql @@ -4,6 +4,7 @@ * to jsonp injection attacks. * @kind path-problem * @problem.severity error + * @problem.security-severity 8.8 * @precision high * @id java/jsonp-injection * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql index 81b56ce0e52..999f7423809 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql @@ -5,6 +5,7 @@ * incoming data. In the worst case, that may lead to remote code execution. * @kind problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/unsafe-deserialization-spring-exporter-in-configuration-class * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql index d7606587df3..afe9db037d3 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql @@ -5,6 +5,7 @@ * incoming data. In the worst case, that may lead to remote code execution. * @kind problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/unsafe-deserialization-spring-exporter-in-xml-configuration * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-522/InsecureBasicAuth.ql b/java/ql/src/experimental/Security/CWE/CWE-522/InsecureBasicAuth.ql index 97d2f6dad33..b919c86526c 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-522/InsecureBasicAuth.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-522/InsecureBasicAuth.ql @@ -6,6 +6,7 @@ * vulnerable to packet sniffing. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.8 * @precision medium * @id java/insecure-basic-auth * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql b/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql index 4ce2b8b7134..2d61425888b 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql @@ -3,6 +3,7 @@ * @description LDAP authentication with credentials sent in cleartext. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.8 * @precision medium * @id java/insecure-ldap-auth * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-532/SensitiveInfoLog.ql b/java/ql/src/experimental/Security/CWE/CWE-532/SensitiveInfoLog.ql index 968009d6fa1..c3d4a723955 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-532/SensitiveInfoLog.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-532/SensitiveInfoLog.ql @@ -4,6 +4,7 @@ * guidance to an attacker or expose sensitive user information. * @kind path-problem * @problem.severity warning + * @problem.security-severity 6.5 * @precision medium * @id java/sensitiveinfo-in-logfile * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.ql b/java/ql/src/experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.ql index a50b02a908f..b1a2f447839 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.ql @@ -3,6 +3,7 @@ * @description Finds passwords in configuration files. * @kind problem * @problem.severity warning + * @problem.security-severity 6.5 * @precision medium * @id java/password-in-configuration * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-749/UnsafeAndroidAccess.ql b/java/ql/src/experimental/Security/CWE/CWE-749/UnsafeAndroidAccess.ql index 24755e64f13..33ea57583fa 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-749/UnsafeAndroidAccess.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-749/UnsafeAndroidAccess.ql @@ -4,6 +4,7 @@ * application file and web resource from any origin * @kind path-problem * @problem.severity warning + * @problem.security-severity 6.1 * @precision medium * @id java/android/unsafe-android-webview-fetch * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql b/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql index b737c460fa9..b18e9e355eb 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql @@ -6,6 +6,7 @@ * attack. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision medium * @id java/android/nfe-local-android-dos * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql b/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql index 736fe100c39..6ed7d16f7e5 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql @@ -3,6 +3,7 @@ * @description Hashed passwords without a salt are vulnerable to dictionary attacks. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.2 * @precision low * @id java/hash-without-salt * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.ql index e8a75591b98..4f4ffc65783 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-917/OgnlInjection.ql @@ -4,6 +4,7 @@ * lead to execution of arbitrary code. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id java/ognl-injection * @tags security diff --git a/java/ql/src/experimental/Security/CWE/CWE-918/RequestForgery.ql b/java/ql/src/experimental/Security/CWE/CWE-918/RequestForgery.ql index c3bf787881f..633805a77a6 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-918/RequestForgery.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-918/RequestForgery.ql @@ -4,6 +4,7 @@ * may cause server to communicate with malicious servers. * @kind path-problem * @problem.severity error + * @problem.security-severity 8.2 * @precision high * @id java/ssrf * @tags security diff --git a/javascript/ql/src/AngularJS/InsecureUrlWhitelist.ql b/javascript/ql/src/AngularJS/InsecureUrlWhitelist.ql index 0e5a48ba8a9..1344d6bef42 100644 --- a/javascript/ql/src/AngularJS/InsecureUrlWhitelist.ql +++ b/javascript/ql/src/AngularJS/InsecureUrlWhitelist.ql @@ -3,6 +3,7 @@ * @description URL whitelists that are too permissive can cause security vulnerabilities. * @kind problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision very-high * @id js/angular/insecure-url-whitelist * @tags security diff --git a/javascript/ql/src/DOM/TargetBlank.ql b/javascript/ql/src/DOM/TargetBlank.ql index 82885c1d63c..8b10c0e76be 100644 --- a/javascript/ql/src/DOM/TargetBlank.ql +++ b/javascript/ql/src/DOM/TargetBlank.ql @@ -4,6 +4,7 @@ * link type 'noopener' or 'noreferrer' are a potential security risk. * @kind problem * @problem.severity warning + * @problem.security-severity 6.8 * @id js/unsafe-external-link * @tags maintainability * security diff --git a/javascript/ql/src/Electron/EnablingNodeIntegration.ql b/javascript/ql/src/Electron/EnablingNodeIntegration.ql index e0ef84a2015..a6a3e2cc164 100644 --- a/javascript/ql/src/Electron/EnablingNodeIntegration.ql +++ b/javascript/ql/src/Electron/EnablingNodeIntegration.ql @@ -3,6 +3,7 @@ * @description Enabling `nodeIntegration` or `nodeIntegrationInWorker` can expose the application to remote code execution. * @kind problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision low * @id js/enabling-electron-renderer-node-integration * @tags security diff --git a/javascript/ql/src/Performance/PolynomialReDoS.ql b/javascript/ql/src/Performance/PolynomialReDoS.ql index 616bf66c719..6a826770b77 100644 --- a/javascript/ql/src/Performance/PolynomialReDoS.ql +++ b/javascript/ql/src/Performance/PolynomialReDoS.ql @@ -4,6 +4,7 @@ * to match may be vulnerable to denial-of-service attacks. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision high * @id js/polynomial-redos * @tags security diff --git a/javascript/ql/src/Performance/ReDoS.ql b/javascript/ql/src/Performance/ReDoS.ql index 8d33e7bc507..fd72ab77fa5 100644 --- a/javascript/ql/src/Performance/ReDoS.ql +++ b/javascript/ql/src/Performance/ReDoS.ql @@ -5,6 +5,7 @@ * attacks. * @kind problem * @problem.severity error + * @problem.security-severity 7.5 * @precision high * @id js/redos * @tags security diff --git a/javascript/ql/src/RegExp/IdentityReplacement.ql b/javascript/ql/src/RegExp/IdentityReplacement.ql index 2a6e354cc9c..7c0a281dd66 100644 --- a/javascript/ql/src/RegExp/IdentityReplacement.ql +++ b/javascript/ql/src/RegExp/IdentityReplacement.ql @@ -3,6 +3,7 @@ * @description Replacing a substring with itself has no effect and may indicate a mistake. * @kind problem * @problem.severity warning + * @problem.security-severity 7.8 * @id js/identity-replacement * @precision very-high * @tags correctness diff --git a/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql b/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql index 68b0200ebed..214f9027c0c 100644 --- a/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql +++ b/javascript/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql @@ -3,6 +3,7 @@ * @description Matching a URL or hostname against a regular expression that contains an unescaped dot as part of the hostname might match more hostnames than expected. * @kind problem * @problem.severity warning + * @problem.security-severity 8.6 * @precision high * @id js/incomplete-hostname-regexp * @tags correctness diff --git a/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql b/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql index 0675b189cd1..c20bb6e1ece 100644 --- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql +++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSchemeCheck.ql @@ -4,6 +4,7 @@ * and "data:" suggests a logic error or even a security vulnerability. * @kind problem * @problem.severity warning + * @problem.security-severity 8.6 * @precision high * @id js/incomplete-url-scheme-check * @tags security diff --git a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql index 554cf7759d2..7fc65d7c992 100644 --- a/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql +++ b/javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql @@ -3,6 +3,7 @@ * @description Security checks on the substrings of an unparsed URL are often vulnerable to bypassing. * @kind problem * @problem.severity warning + * @problem.security-severity 8.6 * @precision high * @id js/incomplete-url-substring-sanitization * @tags correctness diff --git a/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql b/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql index 8aa706c4952..4bef462567e 100644 --- a/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql +++ b/javascript/ql/src/Security/CWE-020/IncorrectSuffixCheck.ql @@ -3,6 +3,7 @@ * @description Using indexOf to implement endsWith functionality is error-prone if the -1 case is not explicitly handled. * @kind problem * @problem.severity error + * @problem.security-severity 8.6 * @precision high * @id js/incorrect-suffix-check * @tags security diff --git a/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql b/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql index 916edfb4f02..395aea7d215 100644 --- a/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql +++ b/javascript/ql/src/Security/CWE-020/MissingRegExpAnchor.ql @@ -3,6 +3,7 @@ * @description Regular expressions without anchors can be vulnerable to bypassing. * @kind problem * @problem.severity warning + * @problem.security-severity 8.6 * @precision medium * @id js/regex/missing-regexp-anchor * @tags correctness diff --git a/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql b/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql index a35c2e57f22..75267eea746 100644 --- a/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql +++ b/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql @@ -5,6 +5,7 @@ * @kind path-problem * @precision low * @problem.severity error + * @problem.security-severity 8.6 * @tags security external/cwe/cwe-20 */ diff --git a/javascript/ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql b/javascript/ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql index 7c3365a0434..0e86970c294 100644 --- a/javascript/ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql +++ b/javascript/ql/src/Security/CWE-020/UselessRegExpCharacterEscape.ql @@ -5,6 +5,7 @@ * behave unexpectedly. * @kind problem * @problem.severity error + * @problem.security-severity 8.6 * @precision high * @id js/useless-regexp-character-escape * @tags correctness diff --git a/javascript/ql/src/Security/CWE-022/TaintedPath.ql b/javascript/ql/src/Security/CWE-022/TaintedPath.ql index f7f79c63042..859e647f64d 100644 --- a/javascript/ql/src/Security/CWE-022/TaintedPath.ql +++ b/javascript/ql/src/Security/CWE-022/TaintedPath.ql @@ -4,6 +4,7 @@ * unexpected resources. * @kind path-problem * @problem.severity error + * @problem.security-severity 8.8 * @precision high * @id js/path-injection * @tags security diff --git a/javascript/ql/src/Security/CWE-022/ZipSlip.ql b/javascript/ql/src/Security/CWE-022/ZipSlip.ql index e9c92163d05..53cbb279ca0 100644 --- a/javascript/ql/src/Security/CWE-022/ZipSlip.ql +++ b/javascript/ql/src/Security/CWE-022/ZipSlip.ql @@ -6,6 +6,7 @@ * @kind path-problem * @id js/zipslip * @problem.severity error + * @problem.security-severity 8.8 * @precision high * @tags security * external/cwe/cwe-022 diff --git a/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql b/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql index 33b5b4211a6..29aa79bedab 100644 --- a/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql +++ b/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql @@ -3,6 +3,7 @@ * @description Instantiating a template using a user-controlled object is vulnerable to local file read and potential remote code execution. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id js/template-object-injection * @tags security diff --git a/javascript/ql/src/Security/CWE-078/CommandInjection.ql b/javascript/ql/src/Security/CWE-078/CommandInjection.ql index d1c22e33989..817e1faf413 100644 --- a/javascript/ql/src/Security/CWE-078/CommandInjection.ql +++ b/javascript/ql/src/Security/CWE-078/CommandInjection.ql @@ -4,6 +4,7 @@ * user to change the meaning of the command. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id js/command-line-injection * @tags correctness diff --git a/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql b/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql index 1a22af72b27..8af5700c2bf 100644 --- a/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql +++ b/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql @@ -5,6 +5,7 @@ * command-line injection vulnerabilities. * @kind path-problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision medium * @id js/indirect-command-line-injection * @tags correctness diff --git a/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql b/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql index a5e51b1c71d..285c404163e 100644 --- a/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql +++ b/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql @@ -4,6 +4,7 @@ * environment may cause subtle bugs or vulnerabilities. * @kind path-problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision high * @id js/shell-command-injection-from-environment * @tags correctness diff --git a/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql b/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql index 1b4d5523ba4..b6dd76b1580 100644 --- a/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql +++ b/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql @@ -4,6 +4,7 @@ * user to change the meaning of the command. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id js/shell-command-constructed-from-input * @tags correctness diff --git a/javascript/ql/src/Security/CWE-079/ExceptionXss.ql b/javascript/ql/src/Security/CWE-079/ExceptionXss.ql index 7c9cedc1705..ea917cb7d34 100644 --- a/javascript/ql/src/Security/CWE-079/ExceptionXss.ql +++ b/javascript/ql/src/Security/CWE-079/ExceptionXss.ql @@ -4,6 +4,7 @@ * can lead to a cross-site scripting vulnerability. * @kind path-problem * @problem.severity warning + * @problem.security-severity 6.1 * @precision high * @id js/xss-through-exception * @tags security diff --git a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql index 79ff3ce4a92..0fd2d24207a 100644 --- a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql +++ b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql @@ -4,6 +4,7 @@ * a cross-site scripting vulnerability. * @kind path-problem * @problem.severity error + * @problem.security-severity 6.1 * @precision high * @id js/reflected-xss * @tags security diff --git a/javascript/ql/src/Security/CWE-079/StoredXss.ql b/javascript/ql/src/Security/CWE-079/StoredXss.ql index fd7331fd0cc..aa334c35a04 100644 --- a/javascript/ql/src/Security/CWE-079/StoredXss.ql +++ b/javascript/ql/src/Security/CWE-079/StoredXss.ql @@ -4,6 +4,7 @@ * a stored cross-site scripting vulnerability. * @kind path-problem * @problem.severity error + * @problem.security-severity 6.1 * @precision high * @id js/stored-xss * @tags security diff --git a/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql b/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql index 922d0c681e8..efc3943a0b3 100644 --- a/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql +++ b/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql @@ -3,6 +3,7 @@ * @description A jQuery plugin that unintentionally constructs HTML from some of its options may be unsafe to use for clients. * @kind path-problem * @problem.severity warning + * @problem.security-severity 6.1 * @precision high * @id js/unsafe-jquery-plugin * @tags security diff --git a/javascript/ql/src/Security/CWE-079/Xss.ql b/javascript/ql/src/Security/CWE-079/Xss.ql index 3925febb008..8555b87739f 100644 --- a/javascript/ql/src/Security/CWE-079/Xss.ql +++ b/javascript/ql/src/Security/CWE-079/Xss.ql @@ -4,6 +4,7 @@ * a cross-site scripting vulnerability. * @kind path-problem * @problem.severity error + * @problem.security-severity 6.1 * @precision high * @id js/xss * @tags security diff --git a/javascript/ql/src/Security/CWE-079/XssThroughDom.ql b/javascript/ql/src/Security/CWE-079/XssThroughDom.ql index 5c6bdd11815..f90884707fe 100644 --- a/javascript/ql/src/Security/CWE-079/XssThroughDom.ql +++ b/javascript/ql/src/Security/CWE-079/XssThroughDom.ql @@ -4,6 +4,7 @@ * can lead to a cross-site scripting vulnerability. * @kind path-problem * @problem.severity warning + * @problem.security-severity 6.1 * @precision high * @id js/xss-through-dom * @tags security diff --git a/javascript/ql/src/Security/CWE-089/SqlInjection.ql b/javascript/ql/src/Security/CWE-089/SqlInjection.ql index f33376fcf58..1719f23f5cb 100644 --- a/javascript/ql/src/Security/CWE-089/SqlInjection.ql +++ b/javascript/ql/src/Security/CWE-089/SqlInjection.ql @@ -4,6 +4,7 @@ * malicious code by the user. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id js/sql-injection * @tags security diff --git a/javascript/ql/src/Security/CWE-094/CodeInjection.ql b/javascript/ql/src/Security/CWE-094/CodeInjection.ql index 0f2f1b24186..50cefb97289 100644 --- a/javascript/ql/src/Security/CWE-094/CodeInjection.ql +++ b/javascript/ql/src/Security/CWE-094/CodeInjection.ql @@ -4,6 +4,7 @@ * code execution. * @kind path-problem * @problem.severity error + * @problem.security-severity 6.1 * @precision high * @id js/code-injection * @tags security diff --git a/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql b/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql index 6dbfb9c37e3..93502b099c5 100644 --- a/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql +++ b/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql @@ -3,6 +3,7 @@ * @description Escaping code as HTML does not provide protection against code injection. * @kind path-problem * @problem.severity error + * @problem.security-severity 6.1 * @precision high * @id js/bad-code-sanitization * @tags security diff --git a/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql b/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql index f28ce03c554..89300cdf960 100644 --- a/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql +++ b/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql @@ -3,6 +3,7 @@ * @description Invoking user-controlled methods on certain objects can lead to remote code execution. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id js/unsafe-dynamic-method-access * @tags security diff --git a/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql b/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql index 7e79b21c7fd..d8658a0a466 100644 --- a/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql +++ b/javascript/ql/src/Security/CWE-116/DoubleEscaping.ql @@ -5,6 +5,7 @@ * and conversely it has to be unescaped last to avoid double-unescaping. * @kind problem * @problem.severity warning + * @problem.security-severity 8.6 * @precision high * @id js/double-escaping * @tags correctness diff --git a/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql b/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql index 7e3688a9386..0193b3ec503 100644 --- a/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql +++ b/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql @@ -5,6 +5,7 @@ * scripting vulnerability. * @kind path-problem * @problem.severity warning + * @problem.security-severity 6.5 * @precision high * @id js/incomplete-html-attribute-sanitization * @tags security diff --git a/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql b/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql index d19cb2716c2..2cf725df0c5 100644 --- a/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql +++ b/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.ql @@ -3,6 +3,7 @@ * @description A sanitizer that removes a sequence of characters may reintroduce the dangerous sequence. * @kind problem * @problem.severity warning + * @problem.security-severity 8.6 * @precision high * @id js/incomplete-multi-character-sanitization * @tags correctness diff --git a/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql b/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql index 612f7a4f97d..e911ff8eb57 100644 --- a/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql +++ b/javascript/ql/src/Security/CWE-116/IncompleteSanitization.ql @@ -4,6 +4,7 @@ * meta-character may be ineffective. * @kind problem * @problem.severity warning + * @problem.security-severity 8.6 * @precision high * @id js/incomplete-sanitization * @tags correctness diff --git a/javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql b/javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql index cdb97396a89..075d610155c 100644 --- a/javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql +++ b/javascript/ql/src/Security/CWE-116/UnsafeHtmlExpansion.ql @@ -4,6 +4,7 @@ * tags may lead to cross-site scripting vulnerabilities. * @kind problem * @problem.severity warning + * @problem.security-severity 6.1 * @precision very-high * @id js/unsafe-html-expansion * @tags correctness diff --git a/javascript/ql/src/Security/CWE-117/LogInjection.ql b/javascript/ql/src/Security/CWE-117/LogInjection.ql index ac475373f93..acd82e2a37b 100644 --- a/javascript/ql/src/Security/CWE-117/LogInjection.ql +++ b/javascript/ql/src/Security/CWE-117/LogInjection.ql @@ -4,6 +4,7 @@ * insertion of forged log entries by a malicious user. * @kind path-problem * @problem.severity error + * @problem.security-severity 5.3 * @precision medium * @id js/log-injection * @tags security diff --git a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql index 3c12cc1d3f9..e8e1f9f4911 100644 --- a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql +++ b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql @@ -3,6 +3,7 @@ * @description Using external input in format strings can lead to garbled output. * @kind path-problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision high * @id js/tainted-format-string * @tags security diff --git a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql index 0d8b39e4aca..77baa6057f9 100644 --- a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql +++ b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql @@ -3,6 +3,7 @@ * @description Directly sending file data in an outbound network request can indicate unauthorized information disclosure. * @kind path-problem * @problem.severity warning + * @problem.security-severity 6.8 * @precision medium * @id js/file-access-to-http * @tags security diff --git a/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql b/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql index 981d6210715..e44c4ec1122 100644 --- a/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql +++ b/javascript/ql/src/Security/CWE-200/PrivateFileExposure.ql @@ -4,6 +4,7 @@ * of private information. * @kind problem * @problem.severity warning + * @problem.security-severity 6.8 * @id js/exposure-of-private-files * @tags security * external/cwe/cwe-200 diff --git a/javascript/ql/src/Security/CWE-201/PostMessageStar.ql b/javascript/ql/src/Security/CWE-201/PostMessageStar.ql index e746b28a3d4..353e4cfb54b 100644 --- a/javascript/ql/src/Security/CWE-201/PostMessageStar.ql +++ b/javascript/ql/src/Security/CWE-201/PostMessageStar.ql @@ -5,6 +5,7 @@ * information leaks. * @kind path-problem * @problem.severity error + * @problem.security-severity 4.3 * @precision high * @id js/cross-window-information-leak * @tags security diff --git a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql index 1a4a2613675..d4c46db53fd 100644 --- a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql +++ b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql @@ -5,6 +5,7 @@ * to an attacker for developing a subsequent exploit. * @kind path-problem * @problem.severity warning + * @problem.security-severity 5.3 * @precision very-high * @id js/stack-trace-exposure * @tags security diff --git a/javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql b/javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql index f18ff4a3535..4e8d4f428fe 100644 --- a/javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql +++ b/javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql @@ -3,6 +3,7 @@ * @description Disabling cryptographic certificate validation can cause security vulnerabilities. * @kind problem * @problem.severity error + * @problem.security-severity 7.5 * @precision very-high * @id js/disabling-certificate-validation * @tags security diff --git a/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql b/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql index a9bf66506f1..fb5446878ff 100644 --- a/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql +++ b/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql @@ -4,6 +4,7 @@ * expose it to an attacker. * @kind path-problem * @problem.severity error + * @problem.security-severity 7.5 * @precision high * @id js/build-artifact-leak * @tags security diff --git a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql index 2d65ae9c471..a102dbc5160 100644 --- a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql +++ b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql @@ -4,6 +4,7 @@ * expose it to an attacker. * @kind path-problem * @problem.severity error + * @problem.security-severity 7.5 * @precision high * @id js/clear-text-logging * @tags security diff --git a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql index b59f8e74844..d7f6e8b53fb 100644 --- a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql +++ b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql @@ -4,6 +4,7 @@ * attacker. * @kind path-problem * @problem.severity error + * @problem.security-severity 7.5 * @precision high * @id js/clear-text-storage-of-sensitive-data * @tags security diff --git a/javascript/ql/src/Security/CWE-313/PasswordInConfigurationFile.ql b/javascript/ql/src/Security/CWE-313/PasswordInConfigurationFile.ql index a6a8f746758..8efb59ed185 100644 --- a/javascript/ql/src/Security/CWE-313/PasswordInConfigurationFile.ql +++ b/javascript/ql/src/Security/CWE-313/PasswordInConfigurationFile.ql @@ -3,6 +3,7 @@ * @description Storing unencrypted passwords in configuration files is unsafe. * @kind problem * @problem.severity warning + * @problem.security-severity 6.5 * @precision medium * @id js/password-in-configuration-file * @tags security diff --git a/javascript/ql/src/Security/CWE-327/BadRandomness.ql b/javascript/ql/src/Security/CWE-327/BadRandomness.ql index 1168af1d448..5a4608b3c5d 100644 --- a/javascript/ql/src/Security/CWE-327/BadRandomness.ql +++ b/javascript/ql/src/Security/CWE-327/BadRandomness.ql @@ -4,6 +4,7 @@ * the results and compromise security. * @kind problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision high * @id js/biased-cryptographic-random * @tags security diff --git a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql index efc5714c8f6..e6994a97555 100644 --- a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql +++ b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql @@ -3,6 +3,7 @@ * @description Using broken or weak cryptographic algorithms can compromise security. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision high * @id js/weak-cryptographic-algorithm * @tags security diff --git a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql index 6db8ea0054e..f3190bdd46c 100644 --- a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql +++ b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql @@ -5,6 +5,7 @@ * be generated. * @kind path-problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision high * @id js/insecure-randomness * @tags security diff --git a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql index 2df657b59f7..ae1b10d9636 100644 --- a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql +++ b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql @@ -3,6 +3,7 @@ * @description Misconfiguration of CORS HTTP headers allows for leaks of secret credentials. * @kind path-problem * @problem.severity error + * @problem.security-severity 7.8 * @precision high * @id js/cors-misconfiguration-for-credentials * @tags security diff --git a/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql b/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql index ceb88ea0496..f7ce02d1f11 100644 --- a/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql +++ b/javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.ql @@ -4,6 +4,7 @@ * submit requests on behalf of the user. * @kind problem * @problem.severity error + * @problem.security-severity 8.8 * @precision high * @id js/missing-token-validation * @tags security diff --git a/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql b/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql index 69ce56fd17f..cb4b3494fa5 100644 --- a/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql +++ b/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql @@ -3,6 +3,7 @@ * @description Processing user-controlled object hierarchies inefficiently can lead to denial of service. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision high * @id js/resource-exhaustion-from-deep-object-traversal * @tags security diff --git a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql index 818d3ab6af1..c62408befb6 100644 --- a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql +++ b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql @@ -4,6 +4,7 @@ * denial-of-service attacks. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision medium * @id js/remote-property-injection * @tags security diff --git a/javascript/ql/src/Security/CWE-451/MissingXFrameOptions.ql b/javascript/ql/src/Security/CWE-451/MissingXFrameOptions.ql index c4da7f68fc8..ad6623ad82c 100644 --- a/javascript/ql/src/Security/CWE-451/MissingXFrameOptions.ql +++ b/javascript/ql/src/Security/CWE-451/MissingXFrameOptions.ql @@ -4,6 +4,7 @@ * overlay their own UI on top of the site by using an iframe. * @kind problem * @problem.severity error + * @problem.security-severity 8.1 * @precision low * @id js/missing-x-frame-options * @tags security diff --git a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql index 29251e1c5e6..25f01bb8dc2 100644 --- a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql +++ b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql @@ -4,6 +4,7 @@ * execute arbitrary code. * @kind path-problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision high * @id js/unsafe-deserialization * @tags security diff --git a/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql b/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql index 9c5bca8dc0e..dd7f8dca1ed 100644 --- a/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql +++ b/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql @@ -5,6 +5,7 @@ * be avoided. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.1 * @precision medium * @id js/hardcoded-data-interpreted-as-code * @tags security diff --git a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql index c6748b82074..e62b2728e90 100644 --- a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql +++ b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql @@ -4,6 +4,7 @@ * may cause redirection to malicious web sites. * @kind path-problem * @problem.severity error + * @problem.security-severity 6.1 * @precision high * @id js/client-side-unvalidated-url-redirection * @tags security diff --git a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql index a39144d2478..15c9f692f5a 100644 --- a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql +++ b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql @@ -4,6 +4,7 @@ * may cause redirection to malicious web sites. * @kind path-problem * @problem.severity warning + * @problem.security-severity 6.1 * @id js/server-side-unvalidated-url-redirection * @tags security * external/cwe/cwe-601 diff --git a/javascript/ql/src/Security/CWE-611/Xxe.ql b/javascript/ql/src/Security/CWE-611/Xxe.ql index 3334a0db498..b07c6dc52c2 100644 --- a/javascript/ql/src/Security/CWE-611/Xxe.ql +++ b/javascript/ql/src/Security/CWE-611/Xxe.ql @@ -4,6 +4,7 @@ * entity expansion is vulnerable to XXE attacks. * @kind path-problem * @problem.severity error + * @problem.security-severity 8.8 * @precision high * @id js/xxe * @tags security diff --git a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql index c8e581bacf9..ed2db04f5f7 100644 --- a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql +++ b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql @@ -4,6 +4,7 @@ * attacks and leak password reset tokens. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id js/host-header-forgery-in-email-generation * @tags security diff --git a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql index ccff952e095..d52975888c2 100644 --- a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql +++ b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql @@ -5,6 +5,7 @@ * exponential time on certain inputs. * @kind path-problem * @problem.severity error + * @problem.security-severity 7.5 * @precision high * @id js/regex-injection * @tags security diff --git a/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql b/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql index a4726566451..1c775dbdc35 100644 --- a/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql +++ b/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql @@ -4,6 +4,7 @@ * an unexpected target, which could cause an exception. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.8 * @precision high * @id js/unvalidated-dynamic-method-call * @tags security diff --git a/javascript/ql/src/Security/CWE-770/MissingRateLimiting.ql b/javascript/ql/src/Security/CWE-770/MissingRateLimiting.ql index 5e011a0ca7e..64b4403a59f 100644 --- a/javascript/ql/src/Security/CWE-770/MissingRateLimiting.ql +++ b/javascript/ql/src/Security/CWE-770/MissingRateLimiting.ql @@ -5,6 +5,7 @@ * to denial-of-service attacks. * @kind problem * @problem.severity error + * @problem.security-severity 7.5 * @precision high * @id js/missing-rate-limiting * @tags security diff --git a/javascript/ql/src/Security/CWE-776/XmlBomb.ql b/javascript/ql/src/Security/CWE-776/XmlBomb.ql index a9f9647ca35..ce7965004dc 100644 --- a/javascript/ql/src/Security/CWE-776/XmlBomb.ql +++ b/javascript/ql/src/Security/CWE-776/XmlBomb.ql @@ -4,6 +4,7 @@ * entity expansion is vulnerable to denial-of-service attacks. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision high * @id js/xml-bomb * @tags security diff --git a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql index 39b5365e609..a3f4b2f787d 100644 --- a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql +++ b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql @@ -4,6 +4,7 @@ * to gain unauthorized access. * @kind path-problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision high * @id js/hardcoded-credentials * @tags security diff --git a/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql b/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql index e6359281614..f434107db02 100644 --- a/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql +++ b/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql @@ -3,6 +3,7 @@ * @description Conditions that the user controls are not suited for making security-related decisions. * @kind path-problem * @problem.severity error + * @problem.security-severity 7.7 * @precision medium * @id js/user-controlled-bypass * @tags security diff --git a/javascript/ql/src/Security/CWE-807/DifferentKindsComparisonBypass.ql b/javascript/ql/src/Security/CWE-807/DifferentKindsComparisonBypass.ql index 95ed134251b..ebb14b2eb83 100644 --- a/javascript/ql/src/Security/CWE-807/DifferentKindsComparisonBypass.ql +++ b/javascript/ql/src/Security/CWE-807/DifferentKindsComparisonBypass.ql @@ -3,6 +3,7 @@ * @description Comparing different kinds of HTTP request data may be a symptom of an insufficient security check. * @kind problem * @problem.severity error + * @problem.security-severity 7.7 * @precision low * @id js/different-kinds-comparison-bypass * @tags security diff --git a/javascript/ql/src/Security/CWE-829/InsecureDownload.ql b/javascript/ql/src/Security/CWE-829/InsecureDownload.ql index ce764d627a1..bd73ef1cf50 100644 --- a/javascript/ql/src/Security/CWE-829/InsecureDownload.ql +++ b/javascript/ql/src/Security/CWE-829/InsecureDownload.ql @@ -4,6 +4,7 @@ * opens up for potential man-in-the-middle attacks. * @kind path-problem * @problem.severity error + * @problem.security-severity 8.1 * @precision high * @id js/insecure-download * @tags security diff --git a/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql b/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql index 36576c8adde..c2d42ef61cc 100644 --- a/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql +++ b/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql @@ -4,6 +4,7 @@ * property can cause indefinite looping. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.5 * @id js/loop-bound-injection * @tags security * external/cwe/cwe-834 diff --git a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql index 6a065c9735b..9cc5f240648 100644 --- a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql +++ b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql @@ -3,6 +3,7 @@ * @description Sanitizing an HTTP request parameter may be ineffective if the user controls its type. * @kind path-problem * @problem.severity error + * @problem.security-severity 8.8 * @precision high * @id js/type-confusion-through-parameter-tampering * @tags security diff --git a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql index b3b8d52a869..7264e59ce2d 100644 --- a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql +++ b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql @@ -3,6 +3,7 @@ * @description Writing network data directly to the file system allows arbitrary file upload and might indicate a backdoor. * @kind path-problem * @problem.severity warning + * @problem.security-severity 9.1 * @precision medium * @id js/http-to-file-access * @tags security diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql index cc611640527..a3a1de4f62d 100644 --- a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql +++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql @@ -5,6 +5,7 @@ * and possibly escalate to remote code execution or cross-site scripting. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.2 * @precision high * @id js/prototype-polluting-assignment * @tags security diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql b/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql index 2ca0fdb2724..78f16b7ee0f 100644 --- a/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql +++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql @@ -4,6 +4,7 @@ * the cause of accidental modification of a built-in prototype object. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.2 * @precision high * @id js/prototype-pollution-utility * @tags security diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql b/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql index 80a99563918..35999c6d6d4 100644 --- a/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql +++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql @@ -5,6 +5,7 @@ * and possibly escalate to remote code execution or cross-site scripting. * @kind path-problem * @problem.severity error + * @problem.security-severity 7.2 * @precision high * @id js/prototype-pollution * @tags security diff --git a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql index 2f1df96f3ec..b490827da2e 100644 --- a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql +++ b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql @@ -3,6 +3,7 @@ * @description Creating a hash of a password with low computational effort makes the hash vulnerable to password cracking attacks. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision high * @id js/insufficient-password-hash * @tags security diff --git a/javascript/ql/src/Security/CWE-918/RequestForgery.ql b/javascript/ql/src/Security/CWE-918/RequestForgery.ql index 43096ea6240..d615cd6e983 100644 --- a/javascript/ql/src/Security/CWE-918/RequestForgery.ql +++ b/javascript/ql/src/Security/CWE-918/RequestForgery.ql @@ -3,6 +3,7 @@ * @description Sending network requests with user-controlled data allows for request forgery attacks. * @kind path-problem * @problem.severity error + * @problem.security-severity 8.2 * @precision medium * @id js/request-forgery * @tags security diff --git a/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql b/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql index ce2a11e3910..0a09bdf3ee0 100644 --- a/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql +++ b/javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.ql @@ -4,6 +4,7 @@ * This could lead to unexpected behaviour, especially when `MessageEvent.data` is used in an unsafe way. * @kind problem * @problem.severity warning + * @problem.security-severity 8.6 * @precision high * @id js/missing-postmessageorigin-verification * @tags correctness diff --git a/javascript/ql/src/experimental/Security/CWE-090/LdapInjection.ql b/javascript/ql/src/experimental/Security/CWE-090/LdapInjection.ql index f19d1ac6125..6a3ea00a628 100644 --- a/javascript/ql/src/experimental/Security/CWE-090/LdapInjection.ql +++ b/javascript/ql/src/experimental/Security/CWE-090/LdapInjection.ql @@ -4,6 +4,7 @@ * malicious LDAP code by the user. * @kind path-problem * @problem.severity error + * @problem.security-severity 5.4 * @precision high * @id javascript/ldap-injection * @tags security diff --git a/javascript/ql/src/experimental/Security/CWE-094/ExpressionInjection.ql b/javascript/ql/src/experimental/Security/CWE-094/ExpressionInjection.ql index a015c5f5147..3e4a4ef2c07 100644 --- a/javascript/ql/src/experimental/Security/CWE-094/ExpressionInjection.ql +++ b/javascript/ql/src/experimental/Security/CWE-094/ExpressionInjection.ql @@ -4,6 +4,7 @@ * user to inject code into the GitHub action. * @kind problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id js/actions/injection * @tags actions diff --git a/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql b/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql index 5227d433088..9c63a54f816 100644 --- a/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql +++ b/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql @@ -5,6 +5,7 @@ * that is able to push to the base repository and to access secrets. * @kind problem * @problem.severity warning + * @problem.security-severity 9.8 * @precision low * @id js/actions/pull-request-target * @tags actions diff --git a/javascript/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql b/javascript/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql index 56d312f792b..bee4c11c742 100644 --- a/javascript/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql +++ b/javascript/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql @@ -3,6 +3,7 @@ * @description The application does not verify the JWT payload with a cryptographic secret or public key. * @kind problem * @problem.severity warning + * @problem.security-severity 7.8 * @precision high * @id js/jwt-missing-verification * @tags security diff --git a/javascript/ql/src/experimental/Security/CWE-770/ResourceExhaustion.ql b/javascript/ql/src/experimental/Security/CWE-770/ResourceExhaustion.ql index 473522f6a86..df566c7019c 100644 --- a/javascript/ql/src/experimental/Security/CWE-770/ResourceExhaustion.ql +++ b/javascript/ql/src/experimental/Security/CWE-770/ResourceExhaustion.ql @@ -4,6 +4,7 @@ * sizes or durations can cause resource exhaustion. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.5 * @id js/resource-exhaustion * @precision high * @tags security diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.ql b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.ql index b532f0b8a75..cd8b5989957 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.ql +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.ql @@ -4,6 +4,7 @@ * a cross-site scripting vulnerability. * @kind path-problem * @problem.severity error + * @problem.security-severity 6.1 * @precision high * @id js/xss * @tags security diff --git a/python/ql/src/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql b/python/ql/src/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql index dfa1b1d7864..96ae9a3ab3b 100644 --- a/python/ql/src/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql +++ b/python/ql/src/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql @@ -5,6 +5,7 @@ * @kind path-problem * @precision low * @problem.severity error + * @problem.security-severity 8.6 * @tags security external/cwe/cwe-20 */ diff --git a/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql b/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql index cebaa4fdd2e..69c19b1e4ea 100644 --- a/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql +++ b/python/ql/src/Security/CWE-020/IncompleteHostnameRegExp.ql @@ -3,6 +3,7 @@ * @description Matching a URL or hostname against a regular expression that contains an unescaped dot as part of the hostname might match more hostnames than expected. * @kind problem * @problem.severity warning + * @problem.security-severity 8.6 * @precision high * @id py/incomplete-hostname-regexp * @tags correctness diff --git a/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql b/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql index 839ed358c3b..17558ca85c3 100644 --- a/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql +++ b/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql @@ -3,6 +3,7 @@ * @description Security checks on the substrings of an unparsed URL are often vulnerable to bypassing. * @kind problem * @problem.severity warning + * @problem.security-severity 8.6 * @precision high * @id py/incomplete-url-substring-sanitization * @tags correctness diff --git a/python/ql/src/Security/CWE-022/PathInjection.ql b/python/ql/src/Security/CWE-022/PathInjection.ql index 9d67d9b734c..fe2f7b62a95 100644 --- a/python/ql/src/Security/CWE-022/PathInjection.ql +++ b/python/ql/src/Security/CWE-022/PathInjection.ql @@ -3,6 +3,7 @@ * @description Accessing paths influenced by users can allow an attacker to access unexpected resources. * @kind path-problem * @problem.severity error + * @problem.security-severity 8.8 * @sub-severity high * @precision high * @id py/path-injection diff --git a/python/ql/src/Security/CWE-022/TarSlip.ql b/python/ql/src/Security/CWE-022/TarSlip.ql index 98bbdba7139..7fe391c6cec 100644 --- a/python/ql/src/Security/CWE-022/TarSlip.ql +++ b/python/ql/src/Security/CWE-022/TarSlip.ql @@ -6,6 +6,7 @@ * @kind path-problem * @id py/tarslip * @problem.severity error + * @problem.security-severity 8.8 * @precision medium * @tags security * external/cwe/cwe-022 diff --git a/python/ql/src/Security/CWE-078/CommandInjection.ql b/python/ql/src/Security/CWE-078/CommandInjection.ql index 25375cd691b..1c167c9ba1e 100755 --- a/python/ql/src/Security/CWE-078/CommandInjection.ql +++ b/python/ql/src/Security/CWE-078/CommandInjection.ql @@ -4,6 +4,7 @@ * user to change the meaning of the command. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @sub-severity high * @precision high * @id py/command-line-injection diff --git a/python/ql/src/Security/CWE-079/Jinja2WithoutEscaping.ql b/python/ql/src/Security/CWE-079/Jinja2WithoutEscaping.ql index ff3870678d8..8a6ee205e20 100644 --- a/python/ql/src/Security/CWE-079/Jinja2WithoutEscaping.ql +++ b/python/ql/src/Security/CWE-079/Jinja2WithoutEscaping.ql @@ -4,6 +4,7 @@ * cause a cross-site scripting vulnerability. * @kind problem * @problem.severity error + * @problem.security-severity 6.1 * @precision medium * @id py/jinja2/autoescape-false * @tags security diff --git a/python/ql/src/Security/CWE-079/ReflectedXss.ql b/python/ql/src/Security/CWE-079/ReflectedXss.ql index a1af18e7a8a..e66fd418f90 100644 --- a/python/ql/src/Security/CWE-079/ReflectedXss.ql +++ b/python/ql/src/Security/CWE-079/ReflectedXss.ql @@ -4,6 +4,7 @@ * allows for a cross-site scripting vulnerability. * @kind path-problem * @problem.severity error + * @problem.security-severity 6.1 * @sub-severity high * @precision high * @id py/reflective-xss diff --git a/python/ql/src/Security/CWE-089/SqlInjection.ql b/python/ql/src/Security/CWE-089/SqlInjection.ql index 849041dd658..3898422faf9 100644 --- a/python/ql/src/Security/CWE-089/SqlInjection.ql +++ b/python/ql/src/Security/CWE-089/SqlInjection.ql @@ -4,6 +4,7 @@ * malicious SQL code by the user. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id py/sql-injection * @tags security diff --git a/python/ql/src/Security/CWE-094/CodeInjection.ql b/python/ql/src/Security/CWE-094/CodeInjection.ql index a81889ee619..161ff511a7e 100644 --- a/python/ql/src/Security/CWE-094/CodeInjection.ql +++ b/python/ql/src/Security/CWE-094/CodeInjection.ql @@ -4,6 +4,7 @@ * code execution. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @sub-severity high * @precision high * @id py/code-injection diff --git a/python/ql/src/Security/CWE-209/StackTraceExposure.ql b/python/ql/src/Security/CWE-209/StackTraceExposure.ql index a2f3b7540fd..999660c5ea0 100644 --- a/python/ql/src/Security/CWE-209/StackTraceExposure.ql +++ b/python/ql/src/Security/CWE-209/StackTraceExposure.ql @@ -5,6 +5,7 @@ * developing a subsequent exploit. * @kind path-problem * @problem.severity error + * @problem.security-severity 5.3 * @precision high * @id py/stack-trace-exposure * @tags security diff --git a/python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql b/python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql index ee39c198475..f0177349661 100644 --- a/python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql +++ b/python/ql/src/Security/CWE-295/MissingHostKeyValidation.ql @@ -3,6 +3,7 @@ * @description Accepting unknown host keys can allow man-in-the-middle attacks. * @kind problem * @problem.severity error + * @problem.security-severity 7.5 * @precision high * @id py/paramiko-missing-host-key-validation * @tags security diff --git a/python/ql/src/Security/CWE-295/RequestWithoutValidation.ql b/python/ql/src/Security/CWE-295/RequestWithoutValidation.ql index 173ffbe7671..012bc08f34f 100644 --- a/python/ql/src/Security/CWE-295/RequestWithoutValidation.ql +++ b/python/ql/src/Security/CWE-295/RequestWithoutValidation.ql @@ -3,6 +3,7 @@ * @description Making a request without certificate validation can allow man-in-the-middle attacks. * @kind problem * @problem.severity error + * @problem.security-severity 7.5 * @precision medium * @id py/request-without-cert-validation * @tags security diff --git a/python/ql/src/Security/CWE-312/CleartextLogging.ql b/python/ql/src/Security/CWE-312/CleartextLogging.ql index 071ab9db141..b44f88dd71f 100644 --- a/python/ql/src/Security/CWE-312/CleartextLogging.ql +++ b/python/ql/src/Security/CWE-312/CleartextLogging.ql @@ -4,6 +4,7 @@ * expose it to an attacker. * @kind path-problem * @problem.severity error + * @problem.security-severity 7.5 * @precision high * @id py/clear-text-logging-sensitive-data * @tags security diff --git a/python/ql/src/Security/CWE-312/CleartextStorage.ql b/python/ql/src/Security/CWE-312/CleartextStorage.ql index 2c33837b464..c8312884f81 100644 --- a/python/ql/src/Security/CWE-312/CleartextStorage.ql +++ b/python/ql/src/Security/CWE-312/CleartextStorage.ql @@ -4,6 +4,7 @@ * attacker. * @kind path-problem * @problem.severity error + * @problem.security-severity 7.5 * @precision high * @id py/clear-text-storage-sensitive-data * @tags security diff --git a/python/ql/src/Security/CWE-326/WeakCryptoKey.ql b/python/ql/src/Security/CWE-326/WeakCryptoKey.ql index 67f94640506..460602e1966 100644 --- a/python/ql/src/Security/CWE-326/WeakCryptoKey.ql +++ b/python/ql/src/Security/CWE-326/WeakCryptoKey.ql @@ -3,6 +3,7 @@ * @description Use of a cryptographic key that is too small may allow the encryption to be broken. * @kind problem * @problem.severity error + * @problem.security-severity 8.4 * @precision high * @id py/weak-crypto-key * @tags security diff --git a/python/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql b/python/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql index 36064dc0386..273ba364bb3 100644 --- a/python/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql +++ b/python/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql @@ -3,6 +3,7 @@ * @description Using broken or weak cryptographic algorithms can compromise security. * @kind path-problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision high * @id py/weak-cryptographic-algorithm * @tags security diff --git a/python/ql/src/Security/CWE-327/InsecureDefaultProtocol.ql b/python/ql/src/Security/CWE-327/InsecureDefaultProtocol.ql index d58049fadae..02ddc4323c6 100644 --- a/python/ql/src/Security/CWE-327/InsecureDefaultProtocol.ql +++ b/python/ql/src/Security/CWE-327/InsecureDefaultProtocol.ql @@ -5,6 +5,7 @@ * @id py/insecure-default-protocol * @kind problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision high * @tags security * external/cwe/cwe-327 diff --git a/python/ql/src/Security/CWE-327/InsecureProtocol.ql b/python/ql/src/Security/CWE-327/InsecureProtocol.ql index d1ae714b6be..0816dd97f24 100644 --- a/python/ql/src/Security/CWE-327/InsecureProtocol.ql +++ b/python/ql/src/Security/CWE-327/InsecureProtocol.ql @@ -4,6 +4,7 @@ * @id py/insecure-protocol * @kind problem * @problem.severity warning + * @problem.security-severity 7.5 * @precision high * @tags security * external/cwe/cwe-327 diff --git a/python/ql/src/Security/CWE-377/InsecureTemporaryFile.ql b/python/ql/src/Security/CWE-377/InsecureTemporaryFile.ql index 174a841598c..875eb3f3a2a 100644 --- a/python/ql/src/Security/CWE-377/InsecureTemporaryFile.ql +++ b/python/ql/src/Security/CWE-377/InsecureTemporaryFile.ql @@ -4,6 +4,7 @@ * @kind problem * @id py/insecure-temporary-file * @problem.severity error + * @problem.security-severity 7.0 * @sub-severity high * @precision high * @tags external/cwe/cwe-377 diff --git a/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql b/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql index 9035b9be959..1ea862c0525 100644 --- a/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql +++ b/python/ql/src/Security/CWE-502/UnsafeDeserialization.ql @@ -4,6 +4,7 @@ * @kind path-problem * @id py/unsafe-deserialization * @problem.severity error + * @problem.security-severity 9.8 * @sub-severity high * @precision high * @tags external/cwe/cwe-502 diff --git a/python/ql/src/Security/CWE-601/UrlRedirect.ql b/python/ql/src/Security/CWE-601/UrlRedirect.ql index 944726e1c98..23424e4debd 100644 --- a/python/ql/src/Security/CWE-601/UrlRedirect.ql +++ b/python/ql/src/Security/CWE-601/UrlRedirect.ql @@ -4,6 +4,7 @@ * may cause redirection to malicious web sites. * @kind path-problem * @problem.severity error + * @problem.security-severity 6.1 * @sub-severity low * @id py/url-redirection * @tags security diff --git a/python/ql/src/Security/CWE-732/WeakFilePermissions.ql b/python/ql/src/Security/CWE-732/WeakFilePermissions.ql index 7163d02b530..65db9ecad02 100644 --- a/python/ql/src/Security/CWE-732/WeakFilePermissions.ql +++ b/python/ql/src/Security/CWE-732/WeakFilePermissions.ql @@ -4,6 +4,7 @@ * @kind problem * @id py/overly-permissive-file * @problem.severity warning + * @problem.security-severity 7.8 * @sub-severity high * @precision medium * @tags external/cwe/cwe-732 diff --git a/python/ql/src/Security/CWE-798/HardcodedCredentials.ql b/python/ql/src/Security/CWE-798/HardcodedCredentials.ql index f62e89abcf7..e676d1f1bcf 100644 --- a/python/ql/src/Security/CWE-798/HardcodedCredentials.ql +++ b/python/ql/src/Security/CWE-798/HardcodedCredentials.ql @@ -3,6 +3,7 @@ * @description Credentials are hard coded in the source code of the application. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision medium * @id py/hardcoded-credentials * @tags security diff --git a/python/ql/src/experimental/Security/CWE-074/TemplateInjection.ql b/python/ql/src/experimental/Security/CWE-074/TemplateInjection.ql index 68d90c0d9f3..dcbff69bb88 100644 --- a/python/ql/src/experimental/Security/CWE-074/TemplateInjection.ql +++ b/python/ql/src/experimental/Security/CWE-074/TemplateInjection.ql @@ -3,6 +3,7 @@ * @description Using user-controlled data to create a template can cause security issues. * @kind path-problem * @problem.severity error + * @problem.security-severity 9.8 * @precision high * @id py/template-injection * @tags security