Add security-severity metadata

2026-03-10 09:36:46 +01:00 · 2021-05-24 17:16:22 +01:00
parent e7b9603c5b
commit a594afb828
352 changed files with 364 additions and 0 deletions
--- a/java/ql/src/Frameworks/JavaEE/EJB/EjbContainerInterference.ql
+++ b/java/ql/src/Frameworks/JavaEE/EJB/EjbContainerInterference.ql
@@ -7,6 +7,7 @@
 *              Such operations could interfere with the EJB container's operation.
 * @kind problem
 * @problem.severity error
+ * @security-severity 4.9
 * @precision low
 * @id java/ejb/container-interference
 * @tags reliability
--- a/java/ql/src/Frameworks/JavaEE/EJB/EjbFileIO.ql
+++ b/java/ql/src/Frameworks/JavaEE/EJB/EjbFileIO.ql
@@ -5,6 +5,7 @@
 *              for enterprise components.
 * @kind problem
 * @problem.severity error
+ * @security-severity 4.9
 * @precision low
 * @id java/ejb/file-io
 * @tags reliability
--- a/java/ql/src/Frameworks/JavaEE/EJB/EjbNative.ql
+++ b/java/ql/src/Frameworks/JavaEE/EJB/EjbNative.ql
@@ -4,6 +4,7 @@
 *              Such use could compromise security and system stability.
 * @kind problem
 * @problem.severity error
+ * @security-severity 4.9
 * @precision low
 * @id java/ejb/native-code
 * @tags reliability
--- a/java/ql/src/Frameworks/JavaEE/EJB/EjbReflection.ql
+++ b/java/ql/src/Frameworks/JavaEE/EJB/EjbReflection.ql
@@ -4,6 +4,7 @@
 *              as this could compromise security.
 * @kind problem
 * @problem.severity error
+ * @security-severity 4.9
 * @precision low
 * @id java/ejb/reflection
 * @tags external/cwe/cwe-573
--- a/java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.ql
+++ b/java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.ql
@@ -5,6 +5,7 @@
 *              This functionality is reserved for the EJB container for security reasons.
 * @kind problem
 * @problem.severity error
+ * @security-severity 4.9
 * @precision low
 * @id java/ejb/security-configuration-access
 * @tags external/cwe/cwe-573
--- a/java/ql/src/Frameworks/JavaEE/EJB/EjbSerialization.ql
+++ b/java/ql/src/Frameworks/JavaEE/EJB/EjbSerialization.ql
@@ -4,6 +4,7 @@
 *              the Java serialization protocol, since their use could compromise security.
 * @kind problem
 * @problem.severity error
+ * @security-severity 4.9
 * @precision low
 * @id java/ejb/substitution-in-serialization
 * @tags external/cwe/cwe-573
--- a/java/ql/src/Frameworks/JavaEE/EJB/EjbSetSocketOrUrlFactory.ql
+++ b/java/ql/src/Frameworks/JavaEE/EJB/EjbSetSocketOrUrlFactory.ql
@@ -5,6 +5,7 @@
 *              compromise security or interfere with the EJB container's operation.
 * @kind problem
 * @problem.severity error
+ * @security-severity 4.9
 * @precision low
 * @id java/ejb/socket-or-stream-handler-factory
 * @tags reliability