Add security-severity tags

2025-12-17 01:03:14 +01:00 · 2021-04-20 21:57:47 +01:00
parent ef0ea247c4
commit 6c1337791e
318 changed files with 320 additions and 0 deletions
--- a/Errors/OffsetUseBeforeRangeCheck.ql
+++ b/Errors/OffsetUseBeforeRangeCheck.ql
@@ -10,6 +10,7 @@
 *       security
 *       external/cwe/cwe-120
 *       external/cwe/cwe-125
+ *       security-severity/8.1
 */

 import cpp
--- a/cpp/ql/src/Critical/InconsistentNullnessTesting.ql
+++ b/cpp/ql/src/Critical/InconsistentNullnessTesting.ql
@@ -7,6 +7,7 @@
 * @tags reliability
 *       security
 *       external/cwe/cwe-476
+ *       security-severity/7.5
 */

 import cpp
--- a/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql
+++ b/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql
@@ -7,6 +7,7 @@
 * @tags efficiency
 *       security
 *       external/cwe/cwe-401
+ *       security-severity/7.5
 */

 import MemoryFreed
--- a/cpp/ql/src/Critical/MemoryNeverFreed.ql
+++ b/cpp/ql/src/Critical/MemoryNeverFreed.ql
@@ -7,6 +7,7 @@
 * @tags efficiency
 *       security
 *       external/cwe/cwe-401
+ *       security-severity/7.5
 */

 import MemoryFreed
--- a/cpp/ql/src/Critical/MissingNullTest.ql
+++ b/cpp/ql/src/Critical/MissingNullTest.ql
@@ -7,6 +7,7 @@
 * @tags reliability
 *       security
 *       external/cwe/cwe-476
+ *       security-severity/7.5
 */

 import cpp
--- a/cpp/ql/src/Critical/NewFreeMismatch.ql
+++ b/cpp/ql/src/Critical/NewFreeMismatch.ql
@@ -8,6 +8,7 @@
 * @tags reliability
 *       security
 *       external/cwe/cwe-401
+ *       security-severity/7.5
 */

 import NewDelete
--- a/cpp/ql/src/Critical/OverflowCalculated.ql
+++ b/cpp/ql/src/Critical/OverflowCalculated.ql
@@ -8,6 +8,7 @@
 *       security
 *       external/cwe/cwe-131
 *       external/cwe/cwe-120
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Critical/OverflowDestination.ql
+++ b/cpp/ql/src/Critical/OverflowDestination.ql
@@ -10,6 +10,7 @@
 *       security
 *       external/cwe/cwe-119
 *       external/cwe/cwe-131
+ *       security-severity/8.8
 */

 import cpp
--- a/cpp/ql/src/Critical/OverflowStatic.ql
+++ b/cpp/ql/src/Critical/OverflowStatic.ql
@@ -10,6 +10,7 @@
 *       security
 *       external/cwe/cwe-119
 *       external/cwe/cwe-131
+ *       security-severity/8.8
 */

 import cpp
--- a/cpp/ql/src/Critical/SizeCheck.ql
+++ b/cpp/ql/src/Critical/SizeCheck.ql
@@ -10,6 +10,7 @@
 *       security
 *       external/cwe/cwe-131
 *       external/cwe/cwe-122
+ *       security-severity/8.1
 */

 import cpp
--- a/cpp/ql/src/Critical/SizeCheck2.ql
+++ b/cpp/ql/src/Critical/SizeCheck2.ql
@@ -10,6 +10,7 @@
 *       security
 *       external/cwe/cwe-131
 *       external/cwe/cwe-122
+ *       security-severity/8.1
 */

 import cpp
--- a/cpp/ql/src/Critical/UseAfterFree.ql
+++ b/cpp/ql/src/Critical/UseAfterFree.ql
@@ -7,6 +7,7 @@
 * @tags reliability
 *       security
 *       external/cwe/cwe-416
+ *       security-severity/8.8
 */

 import cpp
--- a/Bugs/Arithmetic/BadAdditionOverflowCheck.ql
+++ b/Bugs/Arithmetic/BadAdditionOverflowCheck.ql
@@ -13,6 +13,7 @@
 *       security
 *       external/cwe/cwe-190
 *       external/cwe/cwe-192
+ *       security-severity/8.1
 */

 import cpp
--- a/Bugs/Arithmetic/IntMultToLong.ql
+++ b/Bugs/Arithmetic/IntMultToLong.ql
@@ -14,6 +14,7 @@
 *       external/cwe/cwe-192
 *       external/cwe/cwe-197
 *       external/cwe/cwe-681
+ *       security-severity/8.1
 */

 import cpp
--- a/Bugs/Conversion/CastArrayPointerArithmetic.ql
+++ b/Bugs/Conversion/CastArrayPointerArithmetic.ql
@@ -12,6 +12,7 @@
 *       security
 *       external/cwe/cwe-119
 *       external/cwe/cwe-843
+ *       security-severity/8.8
 * @id cpp/upcast-array-pointer-arithmetic
 */

--- a/Bugs/Format/NonConstantFormat.ql
+++ b/Bugs/Format/NonConstantFormat.ql
@@ -12,6 +12,7 @@
 *       correctness
 *       security
 *       external/cwe/cwe-134
+ *       security-severity/9.8
 */

 import semmle.code.cpp.dataflow.TaintTracking
--- a/Management/AllocaInLoop.ql
+++ b/Management/AllocaInLoop.ql
@@ -9,6 +9,7 @@
 *       correctness
 *       security
 *       external/cwe/cwe-770
+ *       security-severity/7.5
 */

 import cpp
--- a/Management/ImproperNullTermination.ql
+++ b/Management/ImproperNullTermination.ql
@@ -8,6 +8,7 @@
 * @tags security
 *       external/cwe/cwe-170
 *       external/cwe/cwe-665
+ *       security-severity/7.8
 */

 import cpp
--- a/Management/StrncpyFlippedArgs.ql
+++ b/Management/StrncpyFlippedArgs.ql
@@ -12,6 +12,7 @@
 *       external/cwe/cwe-676
 *       external/cwe/cwe-119
 *       external/cwe/cwe-251
+ *       security-severity/8.8
 */

 import cpp
--- a/Management/SuspiciousCallToStrncat.ql
+++ b/Management/SuspiciousCallToStrncat.ql
@@ -12,6 +12,7 @@
 *       external/cwe/cwe-676
 *       external/cwe/cwe-119
 *       external/cwe/cwe-251
+ *       security-severity/8.8
 */

 import cpp
--- a/Management/UninitializedLocal.ql
+++ b/Management/UninitializedLocal.ql
@@ -9,6 +9,7 @@
 * @tags security
 *       external/cwe/cwe-665
 *       external/cwe/cwe-457
+ *       security-severity/7.8
 */

 import cpp
--- a/Management/UnsafeUseOfStrcat.ql
+++ b/Management/UnsafeUseOfStrcat.ql
@@ -12,6 +12,7 @@
 *       external/cwe/cwe-676
 *       external/cwe/cwe-120
 *       external/cwe/cwe-251
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-020/CountUntrustedDataToExternalAPI.ql
+++ b/cpp/ql/src/Security/CWE/CWE-020/CountUntrustedDataToExternalAPI.ql
@@ -6,6 +6,7 @@
 * @id cpp/count-untrusted-data-external-api
 * @kind table
 * @tags security external/cwe/cwe-20
+ *       security-severity/8.6
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.ql
+++ b/cpp/ql/src/Security/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.ql
@@ -6,6 +6,7 @@
 * @id cpp/count-untrusted-data-external-api-ir
 * @kind table
 * @tags security external/cwe/cwe-20
+ *       security-severity/8.6
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql
+++ b/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql
@@ -6,6 +6,7 @@
 * @precision low
 * @problem.severity error
 * @tags security external/cwe/cwe-20
+ *       security-severity/8.6
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql
+++ b/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql
@@ -6,6 +6,7 @@
 * @precision low
 * @problem.severity error
 * @tags security external/cwe/cwe-20
+ *       security-severity/8.6
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
+++ b/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
@@ -11,6 +11,7 @@
 *       external/cwe/cwe-023
 *       external/cwe/cwe-036
 *       external/cwe/cwe-073
+ *       security-severity/8.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
@@ -10,6 +10,7 @@
 * @tags security
 *       external/cwe/cwe-078
 *       external/cwe/cwe-088
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
+++ b/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
@@ -8,6 +8,7 @@
 * @id cpp/cgi-xss
 * @tags security
 *       external/cwe/cwe-079
+ *       security-severity/6.1
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
@@ -9,6 +9,7 @@
 * @id cpp/sql-injection
 * @tags security
 *       external/cwe/cwe-089
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
+++ b/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
@@ -9,6 +9,7 @@
 * @id cpp/uncontrolled-process-operation
 * @tags security
 *       external/cwe/cwe-114
+ *       security-severity/8.2
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql
+++ b/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql
@@ -11,6 +11,7 @@
 *       external/cwe/cwe-121
 *       external/cwe/cwe-122
 *       external/cwe/cwe-126
+ *       security-severity/8.8
 */

 import semmle.code.cpp.security.BufferWrite
--- a/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
@@ -12,6 +12,7 @@
 *       external/cwe/cwe-120
 *       external/cwe/cwe-787
 *       external/cwe/cwe-805
+ *       security-severity/9.1
 */

 import semmle.code.cpp.security.BufferWrite
--- a/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql
@@ -11,6 +11,7 @@
 *       external/cwe/cwe-120
 *       external/cwe/cwe-787
 *       external/cwe/cwe-805
+ *       security-severity/9.1
 */

 import semmle.code.cpp.security.BufferWrite
--- a/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql
+++ b/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql
@@ -12,6 +12,7 @@
 *       external/cwe/cwe-120
 *       external/cwe/cwe-787
 *       external/cwe/cwe-805
+ *       security-severity/9.1
 */

 import semmle.code.cpp.security.BufferWrite
--- a/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
@@ -11,6 +11,7 @@
 *       external/cwe/cwe-120
 *       external/cwe/cwe-787
 *       external/cwe/cwe-805
+ *       security-severity/9.1
 */

 import semmle.code.cpp.security.BufferWrite
--- a/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql
+++ b/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql
@@ -10,6 +10,7 @@
 * @tags reliability
 *       security
 *       external/cwe/cwe-121
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
+++ b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
@@ -8,6 +8,7 @@
 * @problem.severity warning
 * @tags security
 *       external/cwe/cwe-129
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
+++ b/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
@@ -12,6 +12,7 @@
 *       external/cwe/cwe-131
 *       external/cwe/cwe-120
 *       external/cwe/cwe-122
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
+++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
@@ -10,6 +10,7 @@
 * @tags reliability
 *       security
 *       external/cwe/cwe-134
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql
+++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql
@@ -10,6 +10,7 @@
 * @tags reliability
 *       security
 *       external/cwe/cwe-134
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
@@ -7,6 +7,7 @@
 * @problem.severity warning
 * @tags security
 *       external/cwe/cwe-170
+ *       security-severity/5.5
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
@@ -9,6 +9,7 @@
 * @tags security
 *       external/cwe/cwe-190
 *       external/cwe/cwe-191
+ *       security-severity/8.1
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
@@ -9,6 +9,7 @@
 * @tags security
 *       external/cwe/cwe-190
 *       external/cwe/cwe-191
+ *       security-severity/8.1
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql
@@ -11,6 +11,7 @@
 *       reliability
 *       external/cwe/cwe-190
 *       external/cwe/cwe-191
+ *       security-severity/8.1
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
@@ -11,6 +11,7 @@
 *       external/cwe/cwe-190
 *       external/cwe/cwe-197
 *       external/cwe/cwe-835
+ *       security-severity/7.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql
@@ -10,6 +10,7 @@
 *       external/cwe/cwe-190
 *       external/cwe/cwe-197
 *       external/cwe/cwe-681
+ *       security-severity/8.1
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql
@@ -9,6 +9,7 @@
 * @tags reliability
 *       security
 *       external/cwe/cwe-190
+ *       security-severity/8.1
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
+++ b/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
@@ -8,6 +8,7 @@
 * @tags security
 *       correctness
 *       external/cwe/cwe-191
+ *       security-severity/8.2
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql
+++ b/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql
@@ -9,6 +9,7 @@
 * @id cpp/user-controlled-bypass
 * @tags security
 *       external/cwe/cwe-290
+ *       security-severity/7.7
 */

 import semmle.code.cpp.security.TaintTracking
--- a/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
@@ -8,6 +8,7 @@
 * @id cpp/cleartext-storage-buffer
 * @tags security
 *       external/cwe/cwe-312
+ *       security-severity/7.5
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
+++ b/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
@@ -8,6 +8,7 @@
 * @id cpp/weak-cryptographic-algorithm
 * @tags security
 *       external/cwe/cwe-327
+ *       security-severity/7.5
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql
+++ b/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql
@@ -9,6 +9,7 @@
 * @tags security
 *       external/cwe/cwe-327
 *       external/cwe/cwe-788
+ *       security-severity/7.5
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql
+++ b/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql
@@ -9,6 +9,7 @@
 * @id cpp/toctou-race-condition
 * @tags security
 *       external/cwe/cwe-367
+ *       security-severity/7.0
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql
+++ b/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql
@@ -9,6 +9,7 @@
 * @tags security
 *       external/cwe/cwe-428
 *       external/microsoft/C6277
+ *       security-severity/7.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql
+++ b/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql
@@ -10,6 +10,7 @@
 * @tags security
 *       external/cwe/cwe-704
 *       external/microsoft/c/c6276
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql
+++ b/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql
@@ -7,6 +7,7 @@
 * @id cpp/world-writable-file-creation
 * @tags security
 *       external/cwe/cwe-732
+ *       security-severity/7.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql
+++ b/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql
@@ -11,6 +11,7 @@
 * @tags security
 *       external/cwe/cwe-732
 *       external/microsoft/C6248
+ *       security-severity/7.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql
+++ b/cpp/ql/src/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql
@@ -8,6 +8,7 @@
 * @problem.severity warning
 * @tags security
 *       external/cwe/cwe-835
+ *       security-severity/7.5
 */

 import cpp
--- a/Bugs/RedundantNullCheckParam.ql
+++ b/Bugs/RedundantNullCheckParam.ql
@@ -9,6 +9,7 @@
 * @tags reliability
 *       security
 *       external/cwe/cwe-476
+ *       security-severity/7.5
 */

 import cpp
--- a/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql
@@ -10,6 +10,7 @@
 * @tags correctness
 *       security
 *       external/cwe/cwe-20
+ *       security-severity/8.6
 */

 import cpp
--- a/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
@@ -7,6 +7,7 @@
 * @tags reliability
 *       security
 *       external/cwe/cwe-120
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
@@ -8,6 +8,7 @@
 *       correctness
 *       external/cwe/cwe-190
 *       external/cwe/cwe-128
+ *       security-severity/8.1
 * @id cpp/multiplication-overflow-in-alloc
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql
@@ -9,6 +9,7 @@
 * @id cpp/drop-linux-privileges-outoforder
 * @tags security
 *       external/cwe/cwe-273
+ *       security-severity/9.8
 * @precision medium
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
@@ -9,6 +9,7 @@
 * @tags correctness
 *       security
 *       external/cwe/cwe-401
+ *       security-severity/7.5
 */

 import cpp
--- a/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql
+++ b/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql
@@ -8,6 +8,7 @@
 * @tags security
 *       external/cwe/cwe-258
 *       external/cwe/cwe-862
+ *       security-severity/8.1
 */

 import csharp
--- a/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql
+++ b/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql
@@ -9,6 +9,7 @@
 *       external/cwe/cwe-13
 *       external/cwe/cwe-256
 *       external/cwe/cwe-313
+ *       security-severity/6.5
 */

 import csharp
--- a/Validation/UseOfFileUpload.ql
+++ b/Validation/UseOfFileUpload.ql
@@ -9,6 +9,7 @@
 *       maintainability
 *       frameworks/asp.net
 *       external/cwe/cwe-434
+ *       security-severity/8.8
 */

 import csharp
--- a/Bugs/ThreadUnsafeICryptoTransform.ql
+++ b/Bugs/ThreadUnsafeICryptoTransform.ql
@@ -10,6 +10,7 @@
 * @tags concurrency
 *       security
 *       external/cwe/cwe-362
+ *       security-severity/7.0
 */

 import csharp
--- a/Bugs/ThreadUnsafeICryptoTransformLambda.ql
+++ b/Bugs/ThreadUnsafeICryptoTransformLambda.ql
@@ -11,6 +11,7 @@
 * @tags concurrency
 *       security
 *       external/cwe/cwe-362
+ *       security-severity/7.0
 */

 import csharp
--- a/Features/CWE-016/ASPNetMaxRequestLength.ql
+++ b/Features/CWE-016/ASPNetMaxRequestLength.ql
@@ -8,6 +8,7 @@
 * @tags security
 *       frameworks/asp.net
 *       external/cwe/cwe-16
+ *       security-severity/7.1
 */

 import csharp
--- a/Features/CWE-016/ASPNetPagesValidateRequest.ql
+++ b/Features/CWE-016/ASPNetPagesValidateRequest.ql
@@ -7,6 +7,7 @@
 * @tags security
 *       frameworks/asp.net
 *       external/cwe/cwe-16
+ *       security-severity/7.1
 */

 import csharp
--- a/Features/CWE-016/ASPNetRequestValidationMode.ql
+++ b/Features/CWE-016/ASPNetRequestValidationMode.ql
@@ -8,6 +8,7 @@
 * @problem.severity warning
 * @tags security
 *       external/cwe/cwe-016
+ *       security-severity/7.1
 */

 import csharp
--- a/Features/CWE-020/ExternalAPIsUsedWithUntrustedData.ql
+++ b/Features/CWE-020/ExternalAPIsUsedWithUntrustedData.ql
@@ -6,6 +6,7 @@
 * @id csharp/count-untrusted-data-external-api
 * @kind table
 * @tags security external/cwe/cwe-20
+ *       security-severity/8.6
 */

 import csharp
--- a/Features/CWE-020/RuntimeChecksBypass.ql
+++ b/Features/CWE-020/RuntimeChecksBypass.ql
@@ -7,6 +7,7 @@
 * @precision medium
 * @tags security
 *       external/cwe/cwe-20
+ *       security-severity/8.6
 */

 import semmle.code.csharp.serialization.Serialization
--- a/Features/CWE-020/UntrustedDataToExternalAPI.ql
+++ b/Features/CWE-020/UntrustedDataToExternalAPI.ql
@@ -6,6 +6,7 @@
 * @precision low
 * @problem.severity error
 * @tags security external/cwe/cwe-20
+ *       security-severity/8.6
 */

 import csharp
--- a/Features/CWE-022/TaintedPath.ql
+++ b/Features/CWE-022/TaintedPath.ql
@@ -11,6 +11,7 @@
 *       external/cwe/cwe-036
 *       external/cwe/cwe-073
 *       external/cwe/cwe-099
+ *       security-severity/8.8
 */

 import csharp
--- a/Features/CWE-022/ZipSlip.ql
+++ b/Features/CWE-022/ZipSlip.ql
@@ -9,6 +9,7 @@
 * @precision high
 * @tags security
 *       external/cwe/cwe-022
+ *       security-severity/8.8
 */

 import csharp
--- a/Features/CWE-078/CommandInjection.ql
+++ b/Features/CWE-078/CommandInjection.ql
@@ -10,6 +10,7 @@
 *       security
 *       external/cwe/cwe-078
 *       external/cwe/cwe-088
+ *       security-severity/9.8
 */

 import csharp
--- a/Features/CWE-078/StoredCommandInjection.ql
+++ b/Features/CWE-078/StoredCommandInjection.ql
@@ -10,6 +10,7 @@
 *       security
 *       external/cwe/cwe-078
 *       external/cwe/cwe-088
+ *       security-severity/9.8
 */

 import csharp
--- a/Features/CWE-079/StoredXSS.ql
+++ b/Features/CWE-079/StoredXSS.ql
@@ -9,6 +9,7 @@
 * @tags security
 *       external/cwe/cwe-079
 *       external/cwe/cwe-116
+ *       security-severity/6.1
 */

 import csharp
--- a/Features/CWE-079/XSS.ql
+++ b/Features/CWE-079/XSS.ql
@@ -9,6 +9,7 @@
 * @tags security
 *       external/cwe/cwe-079
 *       external/cwe/cwe-116
+ *       security-severity/6.1
 */

 import csharp
--- a/Features/CWE-089/SecondOrderSqlInjection.ql
+++ b/Features/CWE-089/SecondOrderSqlInjection.ql
@@ -8,6 +8,7 @@
 * @id cs/second-order-sql-injection
 * @tags security
 *       external/cwe/cwe-089
+ *       security-severity/9.8
 */

 import csharp
--- a/Features/CWE-089/SqlInjection.ql
+++ b/Features/CWE-089/SqlInjection.ql
@@ -8,6 +8,7 @@
 * @id cs/sql-injection
 * @tags security
 *       external/cwe/cwe-089
+ *       security-severity/9.8
 */

 import csharp
--- a/Features/CWE-091/XMLInjection.ql
+++ b/Features/CWE-091/XMLInjection.ql
@@ -8,6 +8,7 @@
 * @precision high
 * @tags security
 *       external/cwe/cwe-091
+ *       security-severity/9.8
 */

 import csharp
--- a/Features/CWE-094/CodeInjection.ql
+++ b/Features/CWE-094/CodeInjection.ql
@@ -10,6 +10,7 @@
 *       external/cwe/cwe-094
 *       external/cwe/cwe-095
 *       external/cwe/cwe-096
+ *       security-severity/9.8
 */

 import csharp
--- a/Features/CWE-112/MissingXMLValidation.ql
+++ b/Features/CWE-112/MissingXMLValidation.ql
@@ -8,6 +8,7 @@
 * @id cs/xml/missing-validation
 * @tags security
 *       external/cwe/cwe-112
+ *       security-severity/4.3
 */

 import csharp
--- a/Features/CWE-114/AssemblyPathInjection.ql
+++ b/Features/CWE-114/AssemblyPathInjection.ql
@@ -9,6 +9,7 @@
 * @precision high
 * @tags security
 *       external/cwe/cwe-114
+ *       security-severity/8.2
 */

 import csharp
--- a/Features/CWE-117/LogForging.ql
+++ b/Features/CWE-117/LogForging.ql
@@ -8,6 +8,7 @@
 * @id cs/log-forging
 * @tags security
 *       external/cwe/cwe-117
+ *       security-severity/5.3
 */

 import csharp
--- a/Features/CWE-119/LocalUnvalidatedArithmetic.ql
+++ b/Features/CWE-119/LocalUnvalidatedArithmetic.ql
@@ -12,6 +12,7 @@
 *       external/cwe/cwe-120
 *       external/cwe/cwe-122
 *       external/cwe/cwe-788
+ *       security-severity/8.8
 */

 import csharp
--- a/Features/CWE-134/UncontrolledFormatString.ql
+++ b/Features/CWE-134/UncontrolledFormatString.ql
@@ -8,6 +8,7 @@
 * @id cs/uncontrolled-format-string
 * @tags security
 *       external/cwe/cwe-134
+ *       security-severity/9.8
 */

 import csharp
--- a/Features/CWE-201/ExposureInTransmittedData.ql
+++ b/Features/CWE-201/ExposureInTransmittedData.ql
@@ -7,6 +7,7 @@
 * @id cs/sensitive-data-transmission
 * @tags security
 *       external/cwe/cwe-201
+ *       security-severity/4.3
 */

 import csharp
--- a/Features/CWE-209/ExceptionInformationExposure.ql
+++ b/Features/CWE-209/ExceptionInformationExposure.ql
@@ -10,6 +10,7 @@
 * @tags security
 *       external/cwe/cwe-209
 *       external/cwe/cwe-497
+ *       security-severity/5.3
 */

 import csharp
--- a/Features/CWE-248/MissingASPNETGlobalErrorHandler.ql
+++ b/Features/CWE-248/MissingASPNETGlobalErrorHandler.ql
@@ -9,6 +9,7 @@
 * @tags security
 *       external/cwe/cwe-12
 *       external/cwe/cwe-248
+ *       security-severity/7.5
 */

 import csharp
--- a/Features/CWE-312/CleartextStorage.ql
+++ b/Features/CWE-312/CleartextStorage.ql
@@ -10,6 +10,7 @@
 *       external/cwe/cwe-312
 *       external/cwe/cwe-315
 *       external/cwe/cwe-359
+ *       security-severity/7.5
 */

 import csharp
--- a/Features/CWE-327/DontInstallRootCert.ql
+++ b/Features/CWE-327/DontInstallRootCert.ql
@@ -7,6 +7,7 @@
 * @problem.severity error
 * @tags security
 *       external/cwe/cwe-327
+ *       security-severity/7.5
 */

 import csharp
--- a/Features/CWE-327/InsecureSQLConnection.ql
+++ b/Features/CWE-327/InsecureSQLConnection.ql
@@ -7,6 +7,7 @@
 * @precision medium
 * @tags security
 *       external/cwe/cwe-327
+ *       security-severity/7.5
 */

 import csharp
--- a/Features/CWE-352/MissingAntiForgeryTokenValidation.ql
+++ b/Features/CWE-352/MissingAntiForgeryTokenValidation.ql
@@ -8,6 +8,7 @@
 * @id cs/web/missing-token-validation
 * @tags security
 *       external/cwe/cwe-352
+ *       security-severity/8.8
 */

 import csharp
--- a/Features/CWE-384/AbandonSession.ql
+++ b/Features/CWE-384/AbandonSession.ql
@@ -9,6 +9,7 @@
 * @id cs/session-reuse
 * @tags security
 *       external/cwe/cwe-384
+ *       security-severity/8.8
 */

 import csharp
--- a/Features/CWE-451/MissingXFrameOptions.ql
+++ b/Features/CWE-451/MissingXFrameOptions.ql
@@ -9,6 +9,7 @@
 * @tags security
 *       external/cwe/cwe-451
 *       external/cwe/cwe-829
+ *       security-severity/8.1
 */

 import csharp
--- a/Show More
+++ b/Show More