Remove stored variants of queries

2026-04-26 09:15:12 +02:00 · 2024-02-15 17:31:46 -05:00
parent fd82a06b93
commit c95abd47ce
8 changed files with 0 additions and 161 deletions
--- a/Features/CWE-078/StoredCommandInjection.qhelp
+++ b/Features/CWE-078/StoredCommandInjection.qhelp
@@ -1,6 +0,0 @@
-<!DOCTYPE qhelp PUBLIC
-  "-//Semmle//qhelp//EN"
-  "qhelp.dtd">
-<qhelp>
-<include src="CommandInjection.qhelp" />
-</qhelp>
--- a/Features/CWE-078/StoredCommandInjection.ql
+++ b/Features/CWE-078/StoredCommandInjection.ql
@@ -1,34 +0,0 @@
-/**
- * @name Uncontrolled command line from stored user input
- * @description Using externally controlled strings in a command line may allow a malicious
- *              user to change the meaning of the command.
- * @kind path-problem
- * @problem.severity error
- * @security-severity 9.8
- * @precision medium
- * @id cs/stored-command-line-injection
- * @tags correctness
- *       security
- *       external/cwe/cwe-078
- *       external/cwe/cwe-088
- */
-
-import csharp
-import semmle.code.csharp.security.dataflow.flowsources.Stored
-import semmle.code.csharp.security.dataflow.CommandInjectionQuery
-import StoredCommandInjection::PathGraph
-
-module StoredCommandInjectionConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof StoredFlowSource }
-
-  predicate isSink = CommandInjectionConfig::isSink/1;
-
-  predicate isBarrier = CommandInjectionConfig::isBarrier/1;
-}
-
-module StoredCommandInjection = TaintTracking::Global<StoredCommandInjectionConfig>;
-
-from StoredCommandInjection::PathNode source, StoredCommandInjection::PathNode sink
-where StoredCommandInjection::flowPath(source, sink)
-select sink.getNode(), source, sink, "This command line depends on a $@.", source.getNode(),
-  "stored (potentially user-provided) value"
--- a/Features/CWE-079/StoredXSS.qhelp
+++ b/Features/CWE-079/StoredXSS.qhelp
@@ -1,6 +0,0 @@
-<!DOCTYPE qhelp PUBLIC
-  "-//Semmle//qhelp//EN"
-  "qhelp.dtd">
-<qhelp>
-<include src="XSS.qhelp" />
-</qhelp>
--- a/Features/CWE-079/StoredXSS.ql
+++ b/Features/CWE-079/StoredXSS.ql
@@ -1,39 +0,0 @@
-/**
- * @name Stored cross-site scripting
- * @description Writing input from the database directly to a web page indicates a cross-site
- *              scripting vulnerability if the data was originally user-provided.
- * @kind path-problem
- * @problem.severity error
- * @security-severity 6.1
- * @precision medium
- * @id cs/web/stored-xss
- * @tags security
- *       external/cwe/cwe-079
- *       external/cwe/cwe-116
- */
-
-import csharp
-import semmle.code.csharp.security.dataflow.flowsources.Stored
-import semmle.code.csharp.security.dataflow.XSSQuery
-import semmle.code.csharp.security.dataflow.XSSSinks
-import StoredXss::PathGraph
-
-module StoredXssTrackingConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof StoredFlowSource }
-
-  predicate isSink = XssTrackingConfig::isSink/1;
-
-  predicate isBarrier = XssTrackingConfig::isBarrier/1;
-}
-
-module StoredXss = TaintTracking::Global<StoredXssTrackingConfig>;
-
-from StoredXss::PathNode source, StoredXss::PathNode sink, string explanation
-where
-  StoredXss::flowPath(source, sink) and
-  if exists(sink.getNode().(Sink).explanation())
-  then explanation = " (" + sink.getNode().(Sink).explanation() + ")"
-  else explanation = ""
-select sink.getNode(), source, sink,
-  "This HTML or JavaScript write" + explanation + " depends on a $@.", source.getNode(),
-  "stored (potentially user-provided) value"
--- a/Features/CWE-090/StoredLDAPInjection.qhelp
+++ b/Features/CWE-090/StoredLDAPInjection.qhelp
@@ -1,6 +0,0 @@
-<!DOCTYPE qhelp PUBLIC
-  "-//Semmle//qhelp//EN"
-  "qhelp.dtd">
-<qhelp>
-<include src="LDAPInjection.qhelp" />
-</qhelp>
--- a/Features/CWE-090/StoredLDAPInjection.ql
+++ b/Features/CWE-090/StoredLDAPInjection.ql
@@ -1,32 +0,0 @@
-/**
- * @name LDAP query built from stored user-controlled sources
- * @description Building an LDAP query from stored user-controlled sources is vulnerable to
- *              insertion of malicious LDAP code by the user.
- * @kind path-problem
- * @problem.severity error
- * @security-severity 9.8
- * @precision medium
- * @id cs/stored-ldap-injection
- * @tags security
- *       external/cwe/cwe-090
- */
-
-import csharp
-import semmle.code.csharp.security.dataflow.LDAPInjectionQuery
-import semmle.code.csharp.security.dataflow.flowsources.Stored
-import StoredLdapInjection::PathGraph
-
-module StoredLdapInjectionConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof StoredFlowSource }
-
-  predicate isSink = LdapInjectionConfig::isSink/1;
-
-  predicate isBarrier = LdapInjectionConfig::isBarrier/1;
-}
-
-module StoredLdapInjection = TaintTracking::Global<StoredLdapInjectionConfig>;
-
-from StoredLdapInjection::PathNode source, StoredLdapInjection::PathNode sink
-where StoredLdapInjection::flowPath(source, sink)
-select sink.getNode(), source, sink, "This LDAP query depends on a $@.", source.getNode(),
-  "stored (potentially user-provided) value"
--- a/Features/CWE-643/StoredXPathInjection.qhelp
+++ b/Features/CWE-643/StoredXPathInjection.qhelp
@@ -1,6 +0,0 @@
-<!DOCTYPE qhelp PUBLIC
-  "-//Semmle//qhelp//EN"
-  "qhelp.dtd">
-<qhelp>
-<include src="XPathInjection.qhelp" />
-</qhelp>
--- a/Features/CWE-643/StoredXPathInjection.ql
+++ b/Features/CWE-643/StoredXPathInjection.ql
@@ -1,32 +0,0 @@
-/**
- * @name Stored XPath injection
- * @description Building an XPath expression from stored data which may have been provided by the
- *              user is vulnerable to insertion of malicious code by the user.
- * @kind path-problem
- * @problem.severity error
- * @security-severity 9.8
- * @precision medium
- * @id cs/xml/stored-xpath-injection
- * @tags security
- *       external/cwe/cwe-643
- */
-
-import csharp
-import semmle.code.csharp.security.dataflow.flowsources.Stored
-import semmle.code.csharp.security.dataflow.XPathInjectionQuery
-import StoredXpathInjection::PathGraph
-
-module StoredXpathInjectionConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof StoredFlowSource }
-
-  predicate isSink = XpathInjectionConfig::isSink/1;
-
-  predicate isBarrier = XpathInjectionConfig::isBarrier/1;
-}
-
-module StoredXpathInjection = TaintTracking::Global<StoredXpathInjectionConfig>;
-
-from StoredXpathInjection::PathNode source, StoredXpathInjection::PathNode sink
-where StoredXpathInjection::flowPath(source, sink)
-select sink.getNode(), source, sink, "This XPath expression depends on a $@.", source.getNode(),
-  "stored (potentially user-provided) value"