Merge pull request #5532 from RasmusWL/python-cleanup

Python: Delete filter queries, code duplication library, and precision tag from metric queries

python/ql/src/experimental/Security-old-dataflow/CVE-2018-1281/BindToAllInterfaces.ql

@@ -3,6 +3,8 @@
  * @description Binding a socket to all interfaces opens it up to traffic from any IPv4 address
  * and is therefore associated with security risks.
  * @kind problem
+ * @id py/old/bind-socket-all-network-interfaces
+ * @problem.severity error
  */
 
 import python

python/ql/src/experimental/Security-old-dataflow/CWE-022/PathInjection.ql

@@ -2,6 +2,8 @@
  * @name OLD QUERY: Uncontrolled data used in path expression
  * @description Accessing paths influenced by users can allow an attacker to access unexpected resources.
  * @kind path-problem
+ * @problem.severity error
+ * @id py/old/path-injection
  */
 
 import python

python/ql/src/experimental/Security-old-dataflow/CWE-078/CommandInjection.ql

@@ -3,6 +3,8 @@
  * @description Using externally controlled strings in a command line may allow a malicious
  *              user to change the meaning of the command.
  * @kind path-problem
+ * @problem.severity error
+ * @id py/old/command-line-injection
  */
 
 import python

python/ql/src/experimental/Security-old-dataflow/CWE-079/ReflectedXss.ql

@@ -3,6 +3,8 @@
  * @description Writing user input directly to a web page
  *              allows for a cross-site scripting vulnerability.
  * @kind path-problem
+ * @problem.severity error
+ * @id py/old/reflective-xss
  */
 
 import python

python/ql/src/experimental/Security-old-dataflow/CWE-089/SqlInjection.ql

@@ -3,6 +3,8 @@
  * @description Building a SQL query from user-controlled sources is vulnerable to insertion of
  *              malicious SQL code by the user.
  * @kind path-problem
+ * @problem.severity error
+ * @id py/old/sql-injection
  */
 
 import python

python/ql/src/experimental/Security-old-dataflow/CWE-094/CodeInjection.ql

@@ -1,8 +1,10 @@
 /**
  * @name Code injection
- * @description Interpreting unsanitized user input as code allows a malicious user arbitrary
+ * @description OLD QUERY: Interpreting unsanitized user input as code allows a malicious user arbitrary
  *              code execution.
  * @kind path-problem
+ * @problem.severity error
+ * @id py/old/code-injection
  */
 
 import python

python/ql/src/experimental/Security-old-dataflow/CWE-326/WeakCrypto.ql

@@ -1,12 +1,9 @@
 /**
- * @name Use of weak cryptographic key
+ * @name OLD QUERY: Use of weak cryptographic key
  * @description Use of a cryptographic key that is too small may allow the encryption to be broken.
  * @kind problem
  * @problem.severity error
- * @precision high
- * @id py/weak-crypto-key
- * @tags security
- *       external/cwe/cwe-326
+ * @id py/old/weak-crypto-key
  */
 
 import python

python/ql/src/experimental/Security-old-dataflow/CWE-502/UnsafeDeserialization.ql

@@ -2,6 +2,8 @@
  * @name OLD QUERY: Deserializing untrusted input
  * @description Deserializing user-controlled data may allow attackers to execute arbitrary code.
  * @kind path-problem
+ * @id py/old/unsafe-deserialization
+ * @problem.severity error
  */
 
 import python

python/ql/src/experimental/Security-old-dataflow/CWE-601/UrlRedirect.ql

@@ -3,6 +3,8 @@
  * @description URL redirection based on unvalidated user input
  *              may cause redirection to malicious web sites.
  * @kind path-problem
+ * @problem.severity error
+ * @id py/old/url-redirection
  */
 
 import python