Add security-severity metadata

2026-05-02 12:15:17 +02:00 · 2021-05-24 17:16:22 +01:00
parent e7b9603c5b
commit a594afb828
352 changed files with 364 additions and 0 deletions
--- a/Practices/UseOfHtmlInputHidden.ql
+++ b/Practices/UseOfHtmlInputHidden.ql
@@ -3,6 +3,7 @@
 * @description Finds uses of hidden fields on forms
 * @kind problem
 * @problem.severity recommendation
+ * @security-severity 6.4
 * @precision medium
 * @id cs/web/html-hidden-input
 * @tags security
--- a/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql
+++ b/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql
@@ -3,6 +3,7 @@
 * @description Finds empty passwords in configuration files.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 5.9
 * @precision medium
 * @id cs/empty-password-in-configuration
 * @tags security
--- a/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql
+++ b/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql
@@ -3,6 +3,7 @@
 * @description Finds passwords in configuration files.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 3.6
 * @precision medium
 * @id cs/password-in-configuration
 * @tags security
--- a/Validation/UseOfFileUpload.ql
+++ b/Validation/UseOfFileUpload.ql
@@ -3,6 +3,7 @@
 * @description Finds uses of file upload
 * @kind problem
 * @problem.severity recommendation
+ * @security-severity 5.9
 * @precision high
 * @id cs/web/file-upload
 * @tags security
--- a/Bugs/ThreadUnsafeICryptoTransform.ql
+++ b/Bugs/ThreadUnsafeICryptoTransform.ql
@@ -5,6 +5,7 @@
 *              but under some circumstances may also result in incorrect results.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 6.9
 * @precision medium
 * @id cs/thread-unsafe-icryptotransform-field-in-class
 * @tags concurrency
--- a/Bugs/ThreadUnsafeICryptoTransformLambda.ql
+++ b/Bugs/ThreadUnsafeICryptoTransformLambda.ql
@@ -6,6 +6,7 @@
 *              but under some circumstances may also result in incorrect results.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 6.9
 * @precision medium
 * @id cs/thread-unsafe-icryptotransform-captured-in-lambda
 * @tags concurrency
--- a/Features/CWE-011/ASPNetDebug.ql
+++ b/Features/CWE-011/ASPNetDebug.ql
@@ -4,12 +4,14 @@
 *              debug builds provide additional information useful to a malicious attacker.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 5.9
 * @precision very-high
 * @id cs/web/debug-binary
 * @tags security
 *       maintainability
 *       frameworks/asp.net
 *       external/cwe/cwe-11
+ *       external/cwe/cwe-532
 */

 import csharp
--- a/Features/CWE-016/ASPNetMaxRequestLength.ql
+++ b/Features/CWE-016/ASPNetMaxRequestLength.ql
@@ -4,6 +4,7 @@
 *              denial-of-service attacks.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 6.9
 * @id cs/web/large-max-request-length
 * @tags security
 *       frameworks/asp.net
--- a/Features/CWE-016/ASPNetPagesValidateRequest.ql
+++ b/Features/CWE-016/ASPNetPagesValidateRequest.ql
@@ -3,6 +3,7 @@
 * @description ASP.NET pages should not disable the built-in request validation.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 6.9
 * @id cs/web/request-validation-disabled
 * @tags security
 *       frameworks/asp.net
--- a/Features/CWE-016/ASPNetRequestValidationMode.ql
+++ b/Features/CWE-016/ASPNetRequestValidationMode.ql
@@ -6,6 +6,7 @@
 * @kind problem
 * @id cs/insecure-request-validation-mode
 * @problem.severity warning
+ * @security-severity 6.9
 * @tags security
 *       external/cwe/cwe-016
 */
--- a/Features/CWE-020/RuntimeChecksBypass.ql
+++ b/Features/CWE-020/RuntimeChecksBypass.ql
@@ -4,6 +4,7 @@
 * @kind problem
 * @id cs/serialization-check-bypass
 * @problem.severity warning
+ * @security-severity 5.9
 * @precision medium
 * @tags security
 *       external/cwe/cwe-20
--- a/Features/CWE-020/UntrustedDataToExternalAPI.ql
+++ b/Features/CWE-020/UntrustedDataToExternalAPI.ql
@@ -5,6 +5,7 @@
 * @kind path-problem
 * @precision low
 * @problem.severity error
+ * @security-severity 5.9
 * @tags security external/cwe/cwe-20
 */

--- a/Features/CWE-022/TaintedPath.ql
+++ b/Features/CWE-022/TaintedPath.ql
@@ -3,6 +3,7 @@
 * @description Accessing paths influenced by users can allow an attacker to access unexpected resources.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 6.4
 * @precision high
 * @id cs/path-injection
 * @tags security
--- a/Features/CWE-022/ZipSlip.ql
+++ b/Features/CWE-022/ZipSlip.ql
@@ -6,6 +6,7 @@
 * @kind path-problem
 * @id cs/zipslip
 * @problem.severity error
+ * @security-severity 6.4
 * @precision high
 * @tags security
 *       external/cwe/cwe-022
--- a/Features/CWE-078/CommandInjection.ql
+++ b/Features/CWE-078/CommandInjection.ql
@@ -4,6 +4,7 @@
 *              user to change the meaning of the command.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 5.9
 * @precision high
 * @id cs/command-line-injection
 * @tags correctness
--- a/Features/CWE-078/StoredCommandInjection.ql
+++ b/Features/CWE-078/StoredCommandInjection.ql
@@ -4,6 +4,7 @@
 *              user to change the meaning of the command.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 5.9
 * @precision medium
 * @id cs/stored-command-line-injection
 * @tags correctness
--- a/Features/CWE-079/StoredXSS.ql
+++ b/Features/CWE-079/StoredXSS.ql
@@ -4,6 +4,7 @@
 *              scripting vulnerability if the data was originally user-provided.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 2.9
 * @precision medium
 * @id cs/web/stored-xss
 * @tags security
--- a/Features/CWE-079/XSS.ql
+++ b/Features/CWE-079/XSS.ql
@@ -4,6 +4,7 @@
 *              allows for a cross-site scripting vulnerability.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 2.9
 * @precision high
 * @id cs/web/xss
 * @tags security
--- a/Features/CWE-089/SecondOrderSqlInjection.ql
+++ b/Features/CWE-089/SecondOrderSqlInjection.ql
@@ -4,6 +4,7 @@
 *              of malicious SQL code by the user.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 6.4
 * @precision medium
 * @id cs/second-order-sql-injection
 * @tags security
--- a/Features/CWE-089/SqlInjection.ql
+++ b/Features/CWE-089/SqlInjection.ql
@@ -4,6 +4,7 @@
 *              malicious SQL code by the user.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 6.4
 * @precision high
 * @id cs/sql-injection
 * @tags security
--- a/Features/CWE-090/LDAPInjection.ql
+++ b/Features/CWE-090/LDAPInjection.ql
@@ -4,6 +4,7 @@
 *              malicious LDAP code by the user.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 5.9
 * @precision high
 * @id cs/ldap-injection
 * @tags security
--- a/Features/CWE-090/StoredLDAPInjection.ql
+++ b/Features/CWE-090/StoredLDAPInjection.ql
@@ -4,6 +4,7 @@
 *              insertion of malicious LDAP code by the user.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 5.9
 * @precision medium
 * @id cs/stored-ldap-injection
 * @tags security
--- a/Features/CWE-091/XMLInjection.ql
+++ b/Features/CWE-091/XMLInjection.ql
@@ -5,6 +5,7 @@
 * @kind problem
 * @id cs/xml-injection
 * @problem.severity error
+ * @security-severity 5.9
 * @precision high
 * @tags security
 *       external/cwe/cwe-091
--- a/Features/CWE-094/CodeInjection.ql
+++ b/Features/CWE-094/CodeInjection.ql
@@ -4,6 +4,7 @@
 *              malicious code.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 10.0
 * @precision high
 * @id cs/code-injection
 * @tags security
--- a/Features/CWE-099/ResourceInjection.ql
+++ b/Features/CWE-099/ResourceInjection.ql
@@ -4,6 +4,7 @@
 *              malicious user providing an unintended resource.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 5.9
 * @precision high
 * @id cs/resource-injection
 * @tags security
--- a/Features/CWE-112/MissingXMLValidation.ql
+++ b/Features/CWE-112/MissingXMLValidation.ql
@@ -4,6 +4,7 @@
 *              schema.
 * @kind path-problem
 * @problem.severity recommendation
+ * @security-severity 3.6
 * @precision high
 * @id cs/xml/missing-validation
 * @tags security
--- a/Features/CWE-114/AssemblyPathInjection.ql
+++ b/Features/CWE-114/AssemblyPathInjection.ql
@@ -6,6 +6,7 @@
 * @kind problem
 * @id cs/assembly-path-injection
 * @problem.severity error
+ * @security-severity 6.0
 * @precision high
 * @tags security
 *       external/cwe/cwe-114
--- a/Features/CWE-117/LogForging.ql
+++ b/Features/CWE-117/LogForging.ql
@@ -4,6 +4,7 @@
 *              insertion of forged log entries by a malicious user.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 5.9
 * @precision high
 * @id cs/log-forging
 * @tags security
--- a/Features/CWE-119/LocalUnvalidatedArithmetic.ql
+++ b/Features/CWE-119/LocalUnvalidatedArithmetic.ql
@@ -5,6 +5,7 @@
 *              to return any value.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 10.0
 * @precision high
 * @id cs/unvalidated-local-pointer-arithmetic
 * @tags security
--- a/Features/CWE-134/UncontrolledFormatString.ql
+++ b/Features/CWE-134/UncontrolledFormatString.ql
@@ -4,6 +4,7 @@
 *              and cause a denial of service.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 6.9
 * @precision high
 * @id cs/uncontrolled-format-string
 * @tags security
--- a/Features/CWE-201/ExposureInTransmittedData.ql
+++ b/Features/CWE-201/ExposureInTransmittedData.ql
@@ -3,6 +3,7 @@
 * @description Transmitting sensitive information to the user is a potential security risk.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 1.4
 * @precision high
 * @id cs/sensitive-data-transmission
 * @tags security
--- a/Features/CWE-209/ExceptionInformationExposure.ql
+++ b/Features/CWE-209/ExceptionInformationExposure.ql
@@ -5,6 +5,7 @@
 *              developing a subsequent exploit.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 3.6
 * @precision high
 * @id cs/information-exposure-through-exception
 * @tags security
--- a/Features/CWE-248/MissingASPNETGlobalErrorHandler.ql
+++ b/Features/CWE-248/MissingASPNETGlobalErrorHandler.ql
@@ -4,6 +4,7 @@
 *              a global error handler, otherwise they may leak exception information.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 3.6
 * @precision high
 * @id cs/web/missing-global-error-handler
 * @tags security
--- a/Features/CWE-312/CleartextStorage.ql
+++ b/Features/CWE-312/CleartextStorage.ql
@@ -4,6 +4,7 @@
 *              attacker.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 5.9
 * @precision high
 * @id cs/cleartext-storage-of-sensitive-information
 * @tags security
--- a/Features/CWE-321/HardcodedEncryptionKey.ql
+++ b/Features/CWE-321/HardcodedEncryptionKey.ql
@@ -4,7 +4,9 @@
 * @kind problem
 * @id cs/hardcoded-key
 * @problem.severity error
+ * @security-severity 5.9
 * @tags security
+ *       external/cwe/cwe-320
 */

 /*
--- a/Features/CWE-321/HardcodedSymmetricEncryptionKey.ql
+++ b/Features/CWE-321/HardcodedSymmetricEncryptionKey.ql
@@ -4,7 +4,9 @@
 * @kind path-problem
 * @id cs/hard-coded-symmetric-encryption-key
 * @problem.severity error
+ * @security-severity 3.6
 * @tags security
+ *       external/cwe/cwe-321
 */

 /*
--- a/Features/CWE-327/DontInstallRootCert.ql
+++ b/Features/CWE-327/DontInstallRootCert.ql
@@ -5,6 +5,7 @@
 * @kind path-problem
 * @id cs/adding-cert-to-root-store
 * @problem.severity error
+ * @security-severity 5.2
 * @tags security
 *       external/cwe/cwe-327
 */
--- a/Features/CWE-327/InsecureSQLConnection.ql
+++ b/Features/CWE-327/InsecureSQLConnection.ql
@@ -4,6 +4,7 @@
 * @kind path-problem
 * @id cs/insecure-sql-connection
 * @problem.severity error
+ * @security-severity 5.2
 * @precision medium
 * @tags security
 *       external/cwe/cwe-327
--- a/Features/CWE-352/MissingAntiForgeryTokenValidation.ql
+++ b/Features/CWE-352/MissingAntiForgeryTokenValidation.ql
@@ -4,6 +4,7 @@
 *              allows a malicious attacker to submit a request on behalf of the user.
 * @kind problem
 * @problem.severity error
+ * @security-severity 6.4
 * @precision high
 * @id cs/web/missing-token-validation
 * @tags security
--- a/Features/CWE-359/ExposureOfPrivateInformation.ql
+++ b/Features/CWE-359/ExposureOfPrivateInformation.ql
@@ -4,6 +4,7 @@
 *              unauthorized persons.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 3.6
 * @precision high
 * @id cs/exposure-of-sensitive-information
 * @tags security
--- a/Features/CWE-384/AbandonSession.ql
+++ b/Features/CWE-384/AbandonSession.ql
@@ -5,6 +5,7 @@
 *              their session.
 * @kind problem
 * @problem.severity error
+ * @security-severity 5.9
 * @precision high
 * @id cs/session-reuse
 * @tags security
--- a/Features/CWE-451/MissingXFrameOptions.ql
+++ b/Features/CWE-451/MissingXFrameOptions.ql
@@ -4,6 +4,7 @@
 *              overlay their own UI on top of the site by using an iframe.
 * @kind problem
 * @problem.severity error
+ * @security-severity 5.9
 * @precision high
 * @id cs/web/missing-x-frame-options
 * @tags security
--- a/Features/CWE-502/DeserializedDelegate.ql
+++ b/Features/CWE-502/DeserializedDelegate.ql
@@ -5,6 +5,7 @@
 * @kind problem
 * @id cs/deserialized-delegate
 * @problem.severity warning
+ * @security-severity 5.9
 * @precision high
 * @tags security
 *       external/cwe/cwe-502
--- a/Features/CWE-502/UnsafeDeserialization.ql
+++ b/Features/CWE-502/UnsafeDeserialization.ql
@@ -5,6 +5,7 @@
 * @kind problem
 * @id cs/unsafe-deserialization
 * @problem.severity warning
+ * @security-severity 5.9
 * @precision low
 * @tags security
 *       external/cwe/cwe-502
--- a/Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
+++ b/Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
@@ -5,6 +5,7 @@
 * @kind path-problem
 * @id cs/unsafe-deserialization-untrusted-input
 * @problem.severity error
+ * @security-severity 5.9
 * @precision high
 * @tags security
 *       external/cwe/cwe-502
--- a/Features/CWE-548/ASPNetDirectoryListing.ql
+++ b/Features/CWE-548/ASPNetDirectoryListing.ql
@@ -3,6 +3,7 @@
 * @description Directory browsing should not be enabled in production as it can leak sensitive information.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 3.6
 * @precision very-high
 * @id cs/web/directory-browse-enabled
 * @tags security
--- a/Features/CWE-601/UrlRedirect.ql
+++ b/Features/CWE-601/UrlRedirect.ql
@@ -4,6 +4,7 @@
 *              may cause redirection to malicious web sites.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 2.7
 * @precision high
 * @id cs/web/unvalidated-url-redirection
 * @tags security
--- a/Features/CWE-611/UntrustedDataInsecureXml.ql
+++ b/Features/CWE-611/UntrustedDataInsecureXml.ql
@@ -3,6 +3,7 @@
 * @description Untrusted XML is read with an insecure resolver and DTD processing enabled.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 5.9
 * @precision high
 * @id cs/xml/insecure-dtd-handling
 * @tags security
--- a/Features/CWE-611/UseXmlSecureResolver.ql
+++ b/Features/CWE-611/UseXmlSecureResolver.ql
@@ -4,6 +4,7 @@
 *              be restricted using a secure resolver or disabling DTD processing.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 5.9
 * @precision low
 * @id cs/insecure-xml-read
 * @tags security
--- a/Features/CWE-614/RequireSSL.ql
+++ b/Features/CWE-614/RequireSSL.ql
@@ -5,6 +5,7 @@
 *              is used at all times.
 * @kind problem
 * @problem.severity error
+ * @security-severity 5.2
 * @precision high
 * @id cs/web/requiressl-not-set
 * @tags security
--- a/Features/CWE-643/StoredXPathInjection.ql
+++ b/Features/CWE-643/StoredXPathInjection.ql
@@ -4,6 +4,7 @@
 *              user is vulnerable to insertion of malicious code by the user.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 5.9
 * @precision medium
 * @id cs/xml/stored-xpath-injection
 * @tags security
--- a/Features/CWE-643/XPathInjection.ql
+++ b/Features/CWE-643/XPathInjection.ql
@@ -4,6 +4,7 @@
 *              malicious code by the user.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 5.9
 * @precision high
 * @id cs/xml/xpath-injection
 * @tags security
--- a/Features/CWE-730/ReDoS.ql
+++ b/Features/CWE-730/ReDoS.ql
@@ -4,6 +4,7 @@
 *              exponential time on certain input.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 3.6
 * @precision high
 * @id cs/redos
 * @tags security
--- a/Features/CWE-730/RegexInjection.ql
+++ b/Features/CWE-730/RegexInjection.ql
@@ -5,6 +5,7 @@
 *              exponential time on certain inputs.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 3.6
 * @precision high
 * @id cs/regex-injection
 * @tags security
--- a/Features/CWE-798/HardcodedConnectionString.ql
+++ b/Features/CWE-798/HardcodedConnectionString.ql
@@ -3,6 +3,7 @@
 * @description Credentials are hard-coded in a connection string in the source code of the application.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 5.9
 * @precision high
 * @id cs/hardcoded-connection-string-credentials
 * @tags security
--- a/Features/CWE-798/HardcodedCredentials.ql
+++ b/Features/CWE-798/HardcodedCredentials.ql
@@ -3,6 +3,7 @@
 * @description Credentials are hard coded in the source code of the application.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 5.9
 * @precision high
 * @id cs/hardcoded-credentials
 * @tags security
--- a/Features/CWE-807/ConditionalBypass.ql
+++ b/Features/CWE-807/ConditionalBypass.ql
@@ -4,6 +4,7 @@
 *              passing through authentication systems.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 6.4
 * @precision high
 * @id cs/user-controlled-bypass
 * @tags security
--- a/Features/CWE-838/InappropriateEncoding.ql
+++ b/Features/CWE-838/InappropriateEncoding.ql
@@ -4,6 +4,7 @@
 *              pose a security risk.
 * @kind path-problem
 * @problem.severity error
+ * @security-severity 5.9
 * @precision low
 * @id cs/inappropriate-encoding
 * @tags security
--- a/Features/CookieWithOverlyBroadDomain.ql
+++ b/Features/CookieWithOverlyBroadDomain.ql
@@ -3,6 +3,7 @@
 * @description Finds cookies with an overly broad domain.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 6.4
 * @precision high
 * @id cs/web/broad-cookie-domain
 * @tags security
--- a/Features/CookieWithOverlyBroadPath.ql
+++ b/Features/CookieWithOverlyBroadPath.ql
@@ -3,6 +3,7 @@
 * @description Finds cookies with an overly broad path.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 6.4
 * @precision high
 * @id cs/web/broad-cookie-path
 * @tags security
--- a/csharp/ql/src/Security
+++ b/csharp/ql/src/Security
@@ -3,6 +3,7 @@
 * @description Highlights uses of the encryption mode 'CipherMode.ECB'. This mode should normally not be used because it is vulnerable to replay attacks.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 5.2
 * @precision high
 * @id cs/ecb-encryption
 * @tags security
--- a/Features/HeaderCheckingDisabled.ql
+++ b/Features/HeaderCheckingDisabled.ql
@@ -3,6 +3,7 @@
 * @description Finds places where header checking is disabled.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 3.6
 * @precision high
 * @id cs/web/disabled-header-checking
 * @tags security
--- a/Features/InadequateRSAPadding.ql
+++ b/Features/InadequateRSAPadding.ql
@@ -3,6 +3,7 @@
 * @description Finds uses of RSA encryption with inadequate padding.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 5.2
 * @precision high
 * @id cs/inadequate-rsa-padding
 * @tags security
--- a/Features/InsecureRandomness.ql
+++ b/Features/InsecureRandomness.ql
@@ -5,6 +5,7 @@
 *              be generated.
 * @kind path-problem
 * @problem.severity warning
+ * @security-severity 5.9
 * @precision high
 * @id cs/insecure-randomness
 * @tags security
--- a/Features/InsufficientKeySize.ql
+++ b/Features/InsufficientKeySize.ql
@@ -3,6 +3,7 @@
 * @description Finds uses of encryption algorithms with too small a key size
 * @kind problem
 * @problem.severity warning
+ * @security-severity 5.2
 * @precision high
 * @id cs/insufficient-key-size
 * @tags security
--- a/Features/PersistentCookie.ql
+++ b/Features/PersistentCookie.ql
@@ -3,6 +3,7 @@
 * @description Persistent cookies are vulnerable to attacks.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 5.9
 * @precision high
 * @id cs/web/persistent-cookie
 * @tags security
--- a/Features/WeakEncryption.ql
+++ b/Features/WeakEncryption.ql
@@ -3,6 +3,7 @@
 * @description Finds uses of encryption algorithms that are weak and obsolete
 * @kind problem
 * @problem.severity warning
+ * @security-severity 5.2
 * @precision high
 * @id cs/weak-encryption
 * @tags security