From ce2b59ae4add23fe101ceba92cf990fdc78ef35c Mon Sep 17 00:00:00 2001 From: turbo Date: Mon, 22 Aug 2022 15:59:16 +0200 Subject: [PATCH] Add experimental,ml-generated tags --- .../src/experimental/Likely Bugs/RedundantNullCheckParam.ql | 1 + .../Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql | 1 + .../Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql | 1 + .../Security/CWE/CWE-1041/FindWrapperFunctions.ql | 1 + .../DeclarationOfVariableWithUnnecessarilyWideScope.ql | 1 + .../Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql | 1 + .../CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql | 1 + .../Security/CWE/CWE-190/AllocMultiplicationOverflow.ql | 1 + .../CWE-190/DangerousUseOfTransformationAfterOperation.ql | 1 + .../CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql | 1 + .../CWE/CWE-243/IncorrectChangingWorkingDirectory.ql | 1 + .../Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql | 1 + .../Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql | 1 + .../experimental/Security/CWE/CWE-285/PamAuthorization.ql | 1 + .../Security/CWE/CWE-359/PrivateCleartextWrite.ql | 1 + cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql | 1 + .../Security/CWE/CWE-377/InsecureTemporaryFile.ql | 1 + .../Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql | 1 + cpp/ql/src/experimental/Security/CWE/CWE-415/DoubleFree.ql | 1 + .../Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql | 1 + .../Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql | 1 + .../Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql | 1 + .../src/experimental/Security/CWE/CWE-675/DoubleRelease.ql | 1 + ...sufficientControlFlowManagementAfterRefactoringTheCode.ql | 1 + ...nsufficientControlFlowManagementWhenUsingBitOperations.ql | 1 + .../Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql | 1 + .../Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql | 1 + .../CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql | 1 + ...rPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql | 1 + .../CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql | 1 + .../Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql | 1 + .../AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql | 1 + csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql | 1 + csharp/ql/src/experimental/CWE-918/RequestForgery.ql | 1 + .../Security Features/CWE-1004/CookieWithoutHttpOnly.ql | 1 + .../Azure/UnsafeUsageOfClientSideEncryptionVersion.ql | 1 + .../Security Features/CWE-614/CookieWithoutSecure.ql | 1 + .../Security Features/CWE-759/HashWithoutSalt.ql | 1 + .../Serialization/DefiningDatasetRelatedType.ql | 1 + .../Serialization/DefiningPotentiallyUnsafeXmlSerializer.ql | 1 + .../Serialization/UnsafeTypeUsedDataContractSerializer.ql | 1 + .../Serialization/XmlDeserializationWithDataSet.ql | 1 + .../backdoor/DangerousNativeFunctionCall.ql | 1 + .../Security Features/backdoor/PotentialTimeBomb.ql | 1 + .../Security Features/backdoor/ProcessNameToHashTaintFlow.ql | 1 + go/ql/src/experimental/CWE-090/LDAPInjection.ql | 1 + go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql | 1 + go/ql/src/experimental/CWE-285/PamAuthBypass.ql | 1 + go/ql/src/experimental/CWE-321/HardcodedKeys.ql | 1 + go/ql/src/experimental/CWE-327/WeakCryptoAlgorithm.ql | 5 +++-- go/ql/src/experimental/CWE-369/DivideByZero.ql | 1 + go/ql/src/experimental/CWE-400/DatabaseCallInLoop.ql | 3 +++ .../experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql | 1 + go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql | 2 ++ go/ql/src/experimental/CWE-840/ConditionalBypass.ql | 2 ++ go/ql/src/experimental/CWE-918/SSRF.ql | 1 + go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql | 1 + go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql | 1 + .../Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql | 1 + .../experimental/Security/CWE/CWE-016/SpringBootActuators.ql | 1 + .../experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql | 1 + java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql | 1 + .../experimental/Security/CWE/CWE-073/FilePathInjection.ql | 1 + java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql | 1 + .../Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql | 1 + .../Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql | 1 + .../experimental/Security/CWE/CWE-094/BeanShellInjection.ql | 1 + .../experimental/Security/CWE/CWE-094/InsecureDexLoading.ql | 1 + .../src/experimental/Security/CWE/CWE-094/JShellInjection.ql | 1 + .../Security/CWE/CWE-094/JakartaExpressionInjection.ql | 1 + .../src/experimental/Security/CWE/CWE-094/JythonInjection.ql | 1 + .../src/experimental/Security/CWE/CWE-094/ScriptInjection.ql | 1 + .../Security/CWE/CWE-094/SpringImplicitViewManipulation.ql | 1 + .../Security/CWE/CWE-094/SpringViewManipulation.ql | 1 + .../experimental/Security/CWE/CWE-094/TemplateInjection.ql | 1 + .../Security/CWE/CWE-1004/InsecureTomcatConfig.ql | 1 + .../Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql | 1 + .../Security/CWE/CWE-200/InsecureWebResourceResponse.ql | 1 + .../Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql | 1 + .../CWE/CWE-208/PossibleTimingAttackAgainstSignature.ql | 1 + .../Security/CWE/CWE-208/TimingAttackAgainstHeader.ql | 1 + .../Security/CWE/CWE-208/TimingAttackAgainstSignature.ql | 1 + .../Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql | 1 + .../Security/CWE/CWE-297/IgnoredHostnameVerification.ql | 1 + .../Security/CWE/CWE-297/InsecureLdapEndpoint.ql | 1 + .../Security/CWE/CWE-299/DisabledRevocationChecking.ql | 1 + .../src/experimental/Security/CWE/CWE-321/HardcodedJwtKey.ql | 1 + .../experimental/Security/CWE/CWE-326/InsufficientKeySize.ql | 1 + .../experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql | 1 + .../src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql | 1 + .../CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql | 1 + .../src/experimental/Security/CWE/CWE-352/JsonpInjection.ql | 1 + .../experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql | 1 + .../experimental/Security/CWE/CWE-470/UnsafeReflection.ql | 1 + java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql | 1 + .../experimental/Security/CWE/CWE-489/WebComponentMain.ql | 1 + java/ql/src/experimental/Security/CWE/CWE-489/devMode.ql | 1 + .../Security/CWE/CWE-502/UnsafeDeserializationRmi.ql | 1 + .../CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql | 1 + .../CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql | 1 + .../experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql | 1 + .../Security/CWE/CWE-548/InsecureDirectoryConfig.ql | 1 + .../experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql | 1 + .../Security/CWE/CWE-555/CredentialsInPropertiesFile.ql | 1 + .../Security/CWE/CWE-555/PasswordInConfigurationFile.ql | 1 + .../experimental/Security/CWE/CWE-598/SensitiveGetQuery.ql | 1 + .../Security/CWE/CWE-600/UncaughtServletException.ql | 1 + .../experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql | 1 + java/ql/src/experimental/Security/CWE/CWE-611/XXE.ql | 1 + java/ql/src/experimental/Security/CWE/CWE-611/XXELocal.ql | 1 + .../src/experimental/Security/CWE/CWE-652/XQueryInjection.ql | 1 + .../CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql | 1 + .../src/experimental/Security/CWE/CWE-730/RegexInjection.ql | 1 + .../src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql | 1 + .../src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql | 1 + .../Security/CWE/CWE-939/IncorrectURLVerification.ql | 1 + .../adaptivethreatmodeling/src/NosqlInjectionATM.ql | 4 +++- .../adaptivethreatmodeling/src/SqlInjectionATM.ql | 4 +++- .../adaptivethreatmodeling/src/TaintedPathATM.ql | 4 +++- .../ql/experimental/adaptivethreatmodeling/src/XssATM.ql | 4 +++- .../src/experimental/Security/CWE-094/UntrustedCheckout.ql | 1 + javascript/ql/src/experimental/Security/CWE-918/SSRF.ql | 1 + python/ql/src/experimental/Security/CWE-022/ZipSlip.ql | 1 + .../src/experimental/Security/CWE-074/TemplateInjection.ql | 1 + python/ql/src/experimental/Security/CWE-079/ReflectedXSS.ql | 1 + python/ql/src/experimental/Security/CWE-091/Xslt.ql | 1 + .../ql/src/experimental/Security/CWE-113/HeaderInjection.ql | 1 + python/ql/src/experimental/Security/CWE-1236/CsvInjection.ql | 1 + .../ql/src/experimental/Security/CWE-287/ImproperLdapAuth.ql | 1 + .../Azure/UnsafeUsageOfClientSideEncryptionVersion.ql | 1 + .../src/experimental/Security/CWE-338/InsecureRandomness.ql | 1 + .../experimental/Security/CWE-347/JWTEmptyKeyOrAlgorithm.ql | 1 + .../CWE-347/JWTMissingSecretOrPublicKeyVerification.ql | 1 + .../Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql | 1 + .../ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql | 1 + .../src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql | 1 + .../ql/src/experimental/Security/CWE-614/CookieInjection.ql | 1 + .../ql/src/experimental/Security/CWE-614/InsecureCookie.ql | 1 + .../ql/src/experimental/Security/CWE-943/NoSQLInjection.ql | 1 + ruby/ql/src/experimental/cwe-807/ConditionalBypass.ql | 1 + .../src/experimental/decompression-api/DecompressionApi.ql | 4 +++- .../experimental/improper-memoization/ImproperMemoization.ql | 1 + .../manually-check-http-verb/ManuallyCheckHttpVerb.ql | 1 + ruby/ql/src/experimental/weak-params/WeakParams.ql | 1 + 144 files changed, 160 insertions(+), 7 deletions(-) diff --git a/cpp/ql/src/experimental/Likely Bugs/RedundantNullCheckParam.ql b/cpp/ql/src/experimental/Likely Bugs/RedundantNullCheckParam.ql index f1a3663bb96..41b045f398b 100644 --- a/cpp/ql/src/experimental/Likely Bugs/RedundantNullCheckParam.ql +++ b/cpp/ql/src/experimental/Likely Bugs/RedundantNullCheckParam.ql @@ -9,6 +9,7 @@ * @tags reliability * security * external/cwe/cwe-476 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql b/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql index 3ef5bf3405e..af512d32981 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql @@ -10,6 +10,7 @@ * @tags correctness * security * external/cwe/cwe-20 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql b/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql index d715be46bd2..9846bccfc98 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql @@ -12,6 +12,7 @@ * @security-severity 7.5 * @tags security * external/cwe/cwe-020 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql b/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql index 106369e9319..d288d50c623 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql @@ -9,6 +9,7 @@ * maintainability * security * external/cwe/cwe-1041 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.ql b/cpp/ql/src/experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.ql index e73f36145c6..6a22e0be8c0 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.ql @@ -10,6 +10,7 @@ * @tags correctness * security * external/cwe/cwe-1126 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql b/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql index dd5c389fdaf..f41d48c0b95 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql @@ -7,6 +7,7 @@ * @tags reliability * security * external/cwe/cwe-120 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql b/cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql index 0b7555c9e41..d65161830d6 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql @@ -8,6 +8,7 @@ * @tags correctness * security * external/cwe/cwe-125 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql b/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql index 3a253854679..5cfe0abed9d 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql @@ -8,6 +8,7 @@ * correctness * external/cwe/cwe-190 * external/cwe/cwe-128 + * experimental * @id cpp/multiplication-overflow-in-alloc */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql b/cpp/ql/src/experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql index 026c279de7c..8adbbc517d9 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql @@ -8,6 +8,7 @@ * @tags correctness * security * external/cwe/cwe-190 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql b/cpp/ql/src/experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql index ec32ccd4bfc..d023ff0c7ad 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql @@ -10,6 +10,7 @@ * security * external/cwe/cwe-200 * external/cwe/cwe-264 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql b/cpp/ql/src/experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql index 02d57ee3c3f..3ebb60afc3a 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql @@ -9,6 +9,7 @@ * security * external/cwe/cwe-243 * external/cwe/cwe-252 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql index 5bdd5a21fe5..a1e67db64bc 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql @@ -13,6 +13,7 @@ * external/cwe/cwe-200 * external/cwe/cwe-560 * external/cwe/cwe-687 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql b/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql index 3c079728bcc..587930b3349 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql @@ -9,6 +9,7 @@ * @id cpp/drop-linux-privileges-outoforder * @tags security * external/cwe/cwe-273 + * experimental * @precision medium */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-285/PamAuthorization.ql b/cpp/ql/src/experimental/Security/CWE/CWE-285/PamAuthorization.ql index 5292a705d93..74748b74ad2 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-285/PamAuthorization.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-285/PamAuthorization.ql @@ -6,6 +6,7 @@ * @id cpp/pam-auth-bypass * @tags security * external/cwe/cwe-285 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql b/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql index 205f17c06c9..80e2df1f301 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql @@ -7,6 +7,7 @@ * @id cpp/private-cleartext-write * @tags security * external/cwe/cwe-359 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql b/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql index 7169f3bead3..cbf8ebeef64 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql @@ -12,6 +12,7 @@ * @security-severity 7.5 * @tags security * external/cwe/cwe-362 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql b/cpp/ql/src/experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql index 0852cb90918..813734ae4e0 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql @@ -8,6 +8,7 @@ * @tags correctness * security * external/cwe/cwe-377 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql b/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql index dda2e3b2148..d0407718f4b 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql @@ -9,6 +9,7 @@ * @tags correctness * security * external/cwe/cwe-401 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-415/DoubleFree.ql b/cpp/ql/src/experimental/Security/CWE/CWE-415/DoubleFree.ql index 0544c2aefd5..b06b021558b 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-415/DoubleFree.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-415/DoubleFree.ql @@ -7,6 +7,7 @@ * @precision medium * @tags security * external/cwe/cwe-415 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql b/cpp/ql/src/experimental/Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql index 2feca267902..9cdb8475716 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql @@ -9,6 +9,7 @@ * security * external/cwe/cwe-476 * external/cwe/cwe-415 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql b/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql index 7fc26e54ae9..21bb74efd76 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql @@ -11,6 +11,7 @@ * external/cwe/cwe-561 * external/cwe/cwe-691 * external/cwe/cwe-478 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql b/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql index d608fd5a7ed..d4145149a23 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql @@ -8,6 +8,7 @@ * @tags correctness * security * external/cwe/cwe-670 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql b/cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql index 7a884769bf8..cb2d30cdd72 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql @@ -8,6 +8,7 @@ * @tags security * external/cwe/cwe-675 * external/cwe/cwe-666 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementAfterRefactoringTheCode.ql b/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementAfterRefactoringTheCode.ql index 163305dd039..22d8dfa4d76 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementAfterRefactoringTheCode.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementAfterRefactoringTheCode.ql @@ -11,6 +11,7 @@ * @tags correctness * security * external/cwe/cwe-691 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementWhenUsingBitOperations.ql b/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementWhenUsingBitOperations.ql index 72d7625b517..20a7cc4142f 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementWhenUsingBitOperations.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementWhenUsingBitOperations.ql @@ -9,6 +9,7 @@ * @tags correctness * security * external/cwe/cwe-691 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql b/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql index a88cd107b33..268cbceb7e5 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql @@ -10,6 +10,7 @@ * external/cwe/cwe-703 * external/cwe/cwe-248 * external/cwe/cwe-390 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql b/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql index 5f296752c1c..332cfbd77dc 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql @@ -9,6 +9,7 @@ * security * external/cwe/cwe-754 * external/cwe/cwe-908 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql b/cpp/ql/src/experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql index bafe3d13b84..7303e2b14f2 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql @@ -9,6 +9,7 @@ * @precision medium * @tags security * external/cwe/cwe-758 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql b/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql index 78f539aae8b..6767689554c 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql @@ -10,6 +10,7 @@ * readability * external/cwe/cwe-783 * external/cwe/cwe-480 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql b/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql index 4f30f112eb0..a40738ac115 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql @@ -10,6 +10,7 @@ * security * external/cwe/cwe-783 * external/cwe/cwe-480 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql b/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql index 1fe82c9cc51..f61285e1ca8 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql @@ -7,6 +7,7 @@ * @tags reliability * security * external/cwe/cwe-787 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql b/cpp/ql/src/experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql index e4577968730..785b4ff4592 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql @@ -9,6 +9,7 @@ * @tags correctness * security * external/cwe/cwe-788 + * experimental */ import cpp diff --git a/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql b/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql index 513c658cf92..24a2f2b2906 100644 --- a/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql +++ b/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql @@ -11,6 +11,7 @@ * external/cwe/cwe-023 * external/cwe/cwe-036 * external/cwe/cwe-073 + * experimental */ import csharp diff --git a/csharp/ql/src/experimental/CWE-918/RequestForgery.ql b/csharp/ql/src/experimental/CWE-918/RequestForgery.ql index 27b86aa1386..0dfc806cf5d 100644 --- a/csharp/ql/src/experimental/CWE-918/RequestForgery.ql +++ b/csharp/ql/src/experimental/CWE-918/RequestForgery.ql @@ -7,6 +7,7 @@ * @id cs/request-forgery * @tags security * external/cwe/cwe-918 + * experimental */ import csharp diff --git a/csharp/ql/src/experimental/Security Features/CWE-1004/CookieWithoutHttpOnly.ql b/csharp/ql/src/experimental/Security Features/CWE-1004/CookieWithoutHttpOnly.ql index c8fa5754cfa..ed55a8c12ff 100644 --- a/csharp/ql/src/experimental/Security Features/CWE-1004/CookieWithoutHttpOnly.ql +++ b/csharp/ql/src/experimental/Security Features/CWE-1004/CookieWithoutHttpOnly.ql @@ -10,6 +10,7 @@ * @id cs/web/cookie-httponly-not-set * @tags security * external/cwe/cwe-1004 + * experimental */ import csharp diff --git a/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql b/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql index eb1cb673ed2..5acc2f3143c 100644 --- a/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql +++ b/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql @@ -5,6 +5,7 @@ * @tags security * cryptography * external/cwe/cwe-327 + * experimental * @id cs/azure-storage/unsafe-usage-of-client-side-encryption-version * @problem.severity error * @precision high diff --git a/csharp/ql/src/experimental/Security Features/CWE-614/CookieWithoutSecure.ql b/csharp/ql/src/experimental/Security Features/CWE-614/CookieWithoutSecure.ql index 332d9072fac..30888b5526c 100644 --- a/csharp/ql/src/experimental/Security Features/CWE-614/CookieWithoutSecure.ql +++ b/csharp/ql/src/experimental/Security Features/CWE-614/CookieWithoutSecure.ql @@ -10,6 +10,7 @@ * @tags security * external/cwe/cwe-319 * external/cwe/cwe-614 + * experimental */ import csharp diff --git a/csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql b/csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql index edcbf425497..a4dd0993806 100644 --- a/csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql +++ b/csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql @@ -6,6 +6,7 @@ * @id cs/hash-without-salt * @tags security * external/cwe-759 + * experimental */ import csharp diff --git a/csharp/ql/src/experimental/Security Features/Serialization/DefiningDatasetRelatedType.ql b/csharp/ql/src/experimental/Security Features/Serialization/DefiningDatasetRelatedType.ql index be79f2849ad..47153f926c1 100644 --- a/csharp/ql/src/experimental/Security Features/Serialization/DefiningDatasetRelatedType.ql +++ b/csharp/ql/src/experimental/Security Features/Serialization/DefiningDatasetRelatedType.ql @@ -5,6 +5,7 @@ * @problem.severity warning * @id cs/dataset-serialization/defining-dataset-related-type * @tags security + * experimental */ import csharp diff --git a/csharp/ql/src/experimental/Security Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.ql b/csharp/ql/src/experimental/Security Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.ql index 320096d6301..0e87f724b96 100644 --- a/csharp/ql/src/experimental/Security Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.ql +++ b/csharp/ql/src/experimental/Security Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.ql @@ -6,6 +6,7 @@ * @precision medium * @id cs/dataset-serialization/defining-potentially-unsafe-xml-serializer * @tags security + * experimental */ import csharp diff --git a/csharp/ql/src/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql b/csharp/ql/src/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql index f3a83b67926..f6eafccd08c 100644 --- a/csharp/ql/src/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql +++ b/csharp/ql/src/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql @@ -6,6 +6,7 @@ * @precision medium * @id cs/dataset-serialization/unsafe-type-used-data-contract-serializer * @tags security + * experimental */ import csharp diff --git a/csharp/ql/src/experimental/Security Features/Serialization/XmlDeserializationWithDataSet.ql b/csharp/ql/src/experimental/Security Features/Serialization/XmlDeserializationWithDataSet.ql index d4392ca4544..fbcba87bcf6 100644 --- a/csharp/ql/src/experimental/Security Features/Serialization/XmlDeserializationWithDataSet.ql +++ b/csharp/ql/src/experimental/Security Features/Serialization/XmlDeserializationWithDataSet.ql @@ -6,6 +6,7 @@ * @precision medium * @id cs/dataset-serialization/xml-deserialization-with-dataset * @tags security + * experimental */ import csharp diff --git a/csharp/ql/src/experimental/Security Features/backdoor/DangerousNativeFunctionCall.ql b/csharp/ql/src/experimental/Security Features/backdoor/DangerousNativeFunctionCall.ql index c9d247d69f3..59e0af83ff6 100644 --- a/csharp/ql/src/experimental/Security Features/backdoor/DangerousNativeFunctionCall.ql +++ b/csharp/ql/src/experimental/Security Features/backdoor/DangerousNativeFunctionCall.ql @@ -7,6 +7,7 @@ * @id cs/backdoor/dangerous-native-functions * @tags security * solorigate + * experimental */ import csharp diff --git a/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql b/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql index 4745daf6b8b..8263b101c97 100644 --- a/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql +++ b/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql @@ -7,6 +7,7 @@ * @id cs/backdoor/potential-time-bomb * @tags security * solorigate + * experimental */ import csharp diff --git a/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql b/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql index 14d0cc02e44..bc35a4e0fde 100644 --- a/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql +++ b/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql @@ -4,6 +4,7 @@ * @kind path-problem * @tags security * solorigate + * experimental * @problem.severity warning * @precision medium * @id cs/backdoor/process-name-to-hash-function diff --git a/go/ql/src/experimental/CWE-090/LDAPInjection.ql b/go/ql/src/experimental/CWE-090/LDAPInjection.ql index 2be416a14d2..e23b4226211 100644 --- a/go/ql/src/experimental/CWE-090/LDAPInjection.ql +++ b/go/ql/src/experimental/CWE-090/LDAPInjection.ql @@ -7,6 +7,7 @@ * @id go/ldap-injection * @tags security * external/cwe/cwe-90 + * experimental */ import go diff --git a/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql b/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql index ff6956a66ef..54617f725b5 100644 --- a/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql +++ b/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql @@ -10,6 +10,7 @@ * @id go/cookie-httponly-not-set * @tags security * external/cwe/cwe-1004 + * experimental */ import go diff --git a/go/ql/src/experimental/CWE-285/PamAuthBypass.ql b/go/ql/src/experimental/CWE-285/PamAuthBypass.ql index 06f2904599e..9aa62403352 100644 --- a/go/ql/src/experimental/CWE-285/PamAuthBypass.ql +++ b/go/ql/src/experimental/CWE-285/PamAuthBypass.ql @@ -8,6 +8,7 @@ * correctness * external/cwe/cwe-561 * external/cwe/cwe-285 + * experimental * @precision very-high */ diff --git a/go/ql/src/experimental/CWE-321/HardcodedKeys.ql b/go/ql/src/experimental/CWE-321/HardcodedKeys.ql index 06dacfcac27..a20ea05df49 100644 --- a/go/ql/src/experimental/CWE-321/HardcodedKeys.ql +++ b/go/ql/src/experimental/CWE-321/HardcodedKeys.ql @@ -6,6 +6,7 @@ * @id go/hardcoded-key * @tags security * external/cwe/cwe-321 + * experimental */ import go diff --git a/go/ql/src/experimental/CWE-327/WeakCryptoAlgorithm.ql b/go/ql/src/experimental/CWE-327/WeakCryptoAlgorithm.ql index 36f95c7d394..e2336e16f4d 100644 --- a/go/ql/src/experimental/CWE-327/WeakCryptoAlgorithm.ql +++ b/go/ql/src/experimental/CWE-327/WeakCryptoAlgorithm.ql @@ -5,8 +5,9 @@ * @problem.severity error * @id go/weak-crypto-algorithm * @tags security - * external/cwe/cwe-327 - * external/cwe/cwe-328 + * external/cwe/cwe-327 + * external/cwe/cwe-328 + * experimental */ import go diff --git a/go/ql/src/experimental/CWE-369/DivideByZero.ql b/go/ql/src/experimental/CWE-369/DivideByZero.ql index 8aa12f7f66e..0a841f5201d 100644 --- a/go/ql/src/experimental/CWE-369/DivideByZero.ql +++ b/go/ql/src/experimental/CWE-369/DivideByZero.ql @@ -6,6 +6,7 @@ * @id go/divide-by-zero * @tags security * external/cwe/cwe-369 + * experimental */ import go diff --git a/go/ql/src/experimental/CWE-400/DatabaseCallInLoop.ql b/go/ql/src/experimental/CWE-400/DatabaseCallInLoop.ql index 253d598835d..99a704dfd61 100644 --- a/go/ql/src/experimental/CWE-400/DatabaseCallInLoop.ql +++ b/go/ql/src/experimental/CWE-400/DatabaseCallInLoop.ql @@ -6,6 +6,9 @@ * @problem.severity warning * @precision high * @id go/examples/database-call-in-loop + * @tags security + * external/cwe/cwe-400 + * experimental */ import go diff --git a/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql b/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql index 81c2663a3b1..3645308a6ce 100755 --- a/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql +++ b/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql @@ -7,6 +7,7 @@ * @id go/html-template-escaping-passthrough * @tags security * external/cwe/cwe-79 + * experimental */ import go diff --git a/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql b/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql index 632e90065e6..507e9eab173 100644 --- a/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql +++ b/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql @@ -8,6 +8,8 @@ * @tags external/cwe/cwe-807 * external/cwe/cwe-247 * external/cwe/cwe-350 + * security + * experimental */ import go diff --git a/go/ql/src/experimental/CWE-840/ConditionalBypass.ql b/go/ql/src/experimental/CWE-840/ConditionalBypass.ql index 09d8aefe3f9..413bae4eaa9 100644 --- a/go/ql/src/experimental/CWE-840/ConditionalBypass.ql +++ b/go/ql/src/experimental/CWE-840/ConditionalBypass.ql @@ -6,6 +6,8 @@ * @kind problem * @problem.severity warning * @tags external/cwe/cwe-840 + * experimental + * security */ import go diff --git a/go/ql/src/experimental/CWE-918/SSRF.ql b/go/ql/src/experimental/CWE-918/SSRF.ql index 41c41bb18de..95f39f1a951 100644 --- a/go/ql/src/experimental/CWE-918/SSRF.ql +++ b/go/ql/src/experimental/CWE-918/SSRF.ql @@ -6,6 +6,7 @@ * @problem.severity error * @precision high * @tags security + * experimental * external/cwe/cwe-918 */ diff --git a/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql b/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql index 4e4b452fb8e..00a23bfdb1e 100644 --- a/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql +++ b/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql @@ -9,6 +9,7 @@ * @tags security * external/cwe/cwe-942 * external/cwe/cwe-346 + * experimental */ import go diff --git a/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql b/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql index cafc719dd7a..503e9f26334 100644 --- a/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql +++ b/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql @@ -8,6 +8,7 @@ * @tags security * external/cwe/cwe-119 * external/cwe/cwe-126 + * experimental */ import go diff --git a/java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql b/java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql index 698dae57b96..81e4fe76237 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql @@ -8,6 +8,7 @@ * @id java/insecure-spring-actuator-config * @tags security * external/cwe/cwe-016 + * experimental */ /* diff --git a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql b/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql index 85daa77cc56..e3a249435b9 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql @@ -8,6 +8,7 @@ * @id java/spring-boot-exposed-actuators * @tags security * external/cwe/cwe-16 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql index a48cba9894c..5e14ba4c6ed 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql @@ -12,6 +12,7 @@ * external/cwe/cwe-074 * external/cwe/cwe-400 * external/cwe/cwe-502 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql b/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql index 238f586ff21..4d894ef5b47 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql @@ -8,6 +8,7 @@ * @id java/openstream-called-on-tainted-url * @tags security * external/cwe/cwe-036 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql index e8ebabba3c6..10bc6cec578 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql @@ -9,6 +9,7 @@ * @id java/file-path-injection * @tags security * external/cwe-073 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql b/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql index d5ddc9af1d4..4c1cadaaa5c 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql @@ -9,6 +9,7 @@ * @tags security * external/cwe/cwe-078 * external/cwe/cwe-088 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql index 2d1e605c426..4ae4d0580d8 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql @@ -9,6 +9,7 @@ * @id java/mybatis-annotation-sql-injection * @tags security * external/cwe/cwe-089 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql index 9aeb95ea94a..b16e54ec7f8 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql @@ -9,6 +9,7 @@ * @id java/mybatis-xml-sql-injection * @tags security * external/cwe/cwe-089 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql index b8301d4f977..dd7521a4b80 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql @@ -8,6 +8,7 @@ * @id java/beanshell-injection * @tags security * external/cwe/cwe-094 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/InsecureDexLoading.ql b/java/ql/src/experimental/Security/CWE/CWE-094/InsecureDexLoading.ql index bae3ed63d70..2ca0913dc26 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/InsecureDexLoading.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/InsecureDexLoading.ql @@ -8,6 +8,7 @@ * @id java/android-insecure-dex-loading * @tags security * external/cwe/cwe-094 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql index 451dff79444..3fc4910c49e 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql @@ -8,6 +8,7 @@ * @id java/jshell-injection * @tags security * external/cwe/cwe-094 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.ql index 8190ec3d61f..1d5e8a83da9 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.ql @@ -8,6 +8,7 @@ * @id java/javaee-expression-injection * @tags security * external/cwe/cwe-094 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql index a3dc6e6c39a..0c352fd3c81 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql @@ -9,6 +9,7 @@ * @tags security * external/cwe/cwe-094 * external/cwe/cwe-095 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql index a7bb5fb0d18..a24cfdebd69 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql @@ -8,6 +8,7 @@ * @id java/unsafe-eval * @tags security * external/cwe/cwe-094 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql b/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql index 69175790af7..4a771b0df33 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql @@ -7,6 +7,7 @@ * @id java/spring-view-manipulation-implicit * @tags security * external/cwe/cwe-094 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.ql b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.ql index 3c490e6bf68..20151b6d34a 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.ql @@ -7,6 +7,7 @@ * @id java/spring-view-manipulation * @tags security * external/cwe/cwe-094 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/TemplateInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/TemplateInjection.ql index 18e47d2c6b3..1cb82c8143a 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/TemplateInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/TemplateInjection.ql @@ -7,6 +7,7 @@ * @id java/server-side-template-injection * @tags security * external/cwe/cwe-094 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-1004/InsecureTomcatConfig.ql b/java/ql/src/experimental/Security/CWE/CWE-1004/InsecureTomcatConfig.ql index fbc3e0536b1..12c90e1c5eb 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-1004/InsecureTomcatConfig.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-1004/InsecureTomcatConfig.ql @@ -7,6 +7,7 @@ * @id java/tomcat-disabled-httponly * @tags security * external/cwe/cwe-1004 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql b/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql index 1ee1bccd2f9..d260d90185e 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql @@ -8,6 +8,7 @@ * @id java/sensitive-cookie-not-httponly * @tags security * external/cwe/cwe-1004 + * experimental */ /* diff --git a/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql b/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql index 1c3615e2b3f..c244afecd4d 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql @@ -7,6 +7,7 @@ * @problem.severity error * @tags security * external/cwe/cwe-200 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql b/java/ql/src/experimental/Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql index 9769ee1eafc..b9f098e9494 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql @@ -7,6 +7,7 @@ * @problem.severity warning * @tags security * external/cwe/cwe-200 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-208/PossibleTimingAttackAgainstSignature.ql b/java/ql/src/experimental/Security/CWE/CWE-208/PossibleTimingAttackAgainstSignature.ql index 9e0835e2aac..509d648bbd3 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-208/PossibleTimingAttackAgainstSignature.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-208/PossibleTimingAttackAgainstSignature.ql @@ -10,6 +10,7 @@ * @id java/possible-timing-attack-against-signature * @tags security * external/cwe/cwe-208 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql b/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql index 52405e9958e..2c04c2d91a4 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql @@ -8,6 +8,7 @@ * @id java/timing-attack-against-headers-value * @tags security * external/cwe/cwe-208 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstSignature.ql b/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstSignature.ql index 488b49684b2..b1c0ec7d58d 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstSignature.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstSignature.ql @@ -11,6 +11,7 @@ * @id java/timing-attack-against-signature * @tags security * external/cwe/cwe-208 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql b/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql index f664f4ce953..3716e89162f 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql @@ -9,6 +9,7 @@ * @id java/jxbrowser/disabled-certificate-validation * @tags security * external/cwe/cwe-295 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql b/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql index c4bb1192f2b..50c778e5f2f 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql @@ -8,6 +8,7 @@ * @id java/ignored-hostname-verification * @tags security * external/cwe/cwe-297 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql b/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql index 9028f2d686f..a672fdbf34e 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql @@ -9,6 +9,7 @@ * @id java/insecure-ldaps-endpoint * @tags security * external/cwe/cwe-297 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql b/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql index c38cc39b126..a8d7fbdaa8c 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql @@ -8,6 +8,7 @@ * @id java/disabled-certificate-revocation-checking * @tags security * external/cwe/cwe-299 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-321/HardcodedJwtKey.ql b/java/ql/src/experimental/Security/CWE/CWE-321/HardcodedJwtKey.ql index 63c55793cbf..ad9903b7fa7 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-321/HardcodedJwtKey.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-321/HardcodedJwtKey.ql @@ -6,6 +6,7 @@ * @id java/hardcoded-jwt-key * @tags security * external/cwe/cwe-321 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql index f917936a33f..d869f6b61fc 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-326/InsufficientKeySize.ql @@ -7,6 +7,7 @@ * @id java/insufficient-key-size * @tags security * external/cwe/cwe-326 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql b/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql index 38d7144049d..5fd38c65046 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql @@ -8,6 +8,7 @@ * @id java/unsafe-tls-version * @tags security * external/cwe/cwe-327 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql b/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql index c5a6c36d6a6..4049bca6a61 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql @@ -7,6 +7,7 @@ * @id java/unvalidated-cors-origin-set * @tags security * external/cwe/cwe-346 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql b/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql index 78d8bfee5f0..1d63bb44579 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql @@ -8,6 +8,7 @@ * @id java/ip-address-spoofing * @tags security * external/cwe/cwe-348 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql index 71ee842f162..218b31f307b 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql @@ -8,6 +8,7 @@ * @id java/jsonp-injection * @tags security * external/cwe/cwe-352 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql b/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql index a3ef56f82cb..99a50e593eb 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql @@ -7,6 +7,7 @@ * @problem.severity warning * @tags security * external/cwe/cwe-400 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql index 6ff2bc27dd4..c758f9d4985 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql @@ -8,6 +8,7 @@ * @id java/unsafe-reflection * @tags security * external/cwe/cwe-470 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql b/java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql index fe69f2d9cea..278de528d4d 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql @@ -7,6 +7,7 @@ * @id java/main-method-in-enterprise-bean * @tags security * external/cwe/cwe-489 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-489/WebComponentMain.ql b/java/ql/src/experimental/Security/CWE/CWE-489/WebComponentMain.ql index c4b05b9fe2f..5595bf1e0be 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-489/WebComponentMain.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-489/WebComponentMain.ql @@ -7,6 +7,7 @@ * @id java/main-method-in-web-components * @tags security * external/cwe/cwe-489 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-489/devMode.ql b/java/ql/src/experimental/Security/CWE/CWE-489/devMode.ql index 1bbb1b71ab4..4a184056762 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-489/devMode.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-489/devMode.ql @@ -8,6 +8,7 @@ * @id java/struts-development-mode * @tags security * external/cwe/cwe-489 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.ql b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.ql index 2928ea76165..b0d99f5ec0d 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.ql @@ -10,6 +10,7 @@ * @id java/unsafe-deserialization-rmi * @tags security * external/cwe/cwe-502 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql index 751535ff7ca..f19331fd9f0 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql @@ -9,6 +9,7 @@ * @id java/unsafe-deserialization-spring-exporter-in-configuration-class * @tags security * external/cwe/cwe-502 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql index d7606587df3..018f064199c 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql @@ -9,6 +9,7 @@ * @id java/unsafe-deserialization-spring-exporter-in-xml-configuration * @tags security * external/cwe/cwe-502 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql b/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql index b63c9a9ce02..dbc1381c599 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql @@ -8,6 +8,7 @@ * @tags security * external/cwe/cwe-522 * external/cwe/cwe-319 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-548/InsecureDirectoryConfig.ql b/java/ql/src/experimental/Security/CWE/CWE-548/InsecureDirectoryConfig.ql index 1ef4fb4d1f6..33e70b82ac9 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-548/InsecureDirectoryConfig.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-548/InsecureDirectoryConfig.ql @@ -10,6 +10,7 @@ * @id java/server-directory-listing * @tags security * external/cwe/cwe-548 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql b/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql index 07fe560d14f..7ba5a0a454e 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql @@ -8,6 +8,7 @@ * @id java/unsafe-url-forward-dispatch * @tags security * external/cwe-552 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-555/CredentialsInPropertiesFile.ql b/java/ql/src/experimental/Security/CWE/CWE-555/CredentialsInPropertiesFile.ql index 1ba429bd752..3ac4144eb19 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-555/CredentialsInPropertiesFile.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-555/CredentialsInPropertiesFile.ql @@ -9,6 +9,7 @@ * external/cwe/cwe-555 * external/cwe/cwe-256 * external/cwe/cwe-260 + * experimental */ /* diff --git a/java/ql/src/experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.ql b/java/ql/src/experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.ql index a50b02a908f..51aa57bd5d3 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.ql @@ -9,6 +9,7 @@ * external/cwe/cwe-555 * external/cwe/cwe-256 * external/cwe/cwe-260 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-598/SensitiveGetQuery.ql b/java/ql/src/experimental/Security/CWE/CWE-598/SensitiveGetQuery.ql index 45ab668af48..3f17f8f60e0 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-598/SensitiveGetQuery.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-598/SensitiveGetQuery.ql @@ -7,6 +7,7 @@ * @id java/sensitive-query-with-get * @tags security * external/cwe/cwe-598 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql b/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql index 809c5e5e17d..bb1f91441b5 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql @@ -10,6 +10,7 @@ * @id java/uncaught-servlet-exception * @tags security * external/cwe/cwe-600 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql b/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql index a69928ba0bd..b685a5442a5 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql @@ -8,6 +8,7 @@ * @id java/spring-unvalidated-url-redirection * @tags security * external/cwe/cwe-601 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-611/XXE.ql b/java/ql/src/experimental/Security/CWE/CWE-611/XXE.ql index 0e1fdd72223..0ab3926fcb5 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-611/XXE.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-611/XXE.ql @@ -9,6 +9,7 @@ * @id java/xxe-with-experimental-sinks * @tags security * external/cwe/cwe-611 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-611/XXELocal.ql b/java/ql/src/experimental/Security/CWE/CWE-611/XXELocal.ql index 2d3ee9ec785..837fc2d7053 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-611/XXELocal.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-611/XXELocal.ql @@ -11,6 +11,7 @@ * @id java/xxe-local-experimental-sinks * @tags security * external/cwe/cwe-611 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql index 0bb85272f08..7e9d528f9ea 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql @@ -8,6 +8,7 @@ * @id java/xquery-injection * @tags security * external/cwe/cwe-652 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql b/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql index 9733ccf7b55..9cf1a6e17dc 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql @@ -5,6 +5,7 @@ * @problem.severity error * @tags security * external/cwe/cwe-665 + * experimental * @precision high * @id java/insecure-rmi-jmx-server-initialization */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.ql index 3b8b5dc759a..969eb83e733 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-730/RegexInjection.ql @@ -10,6 +10,7 @@ * @tags security * external/cwe/cwe-730 * external/cwe/cwe-400 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql b/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql index b737c460fa9..07f8eae5941 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql @@ -10,6 +10,7 @@ * @id java/android/nfe-local-android-dos * @tags security * external/cwe/cwe-755 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql b/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql index bea7faff694..896311d0df3 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql @@ -7,6 +7,7 @@ * @id java/hash-without-salt * @tags security * external/cwe/cwe-759 + * experimental */ import java diff --git a/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql b/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql index 192aa8d4fa0..a947152d0f9 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql @@ -9,6 +9,7 @@ * @id java/incorrect-url-verification * @tags security * external/cwe/cwe-939 + * experimental */ import java diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/NosqlInjectionATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/src/NosqlInjectionATM.ql index e35653fb96a..6697e7a03fb 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/src/NosqlInjectionATM.ql +++ b/javascript/ql/experimental/adaptivethreatmodeling/src/NosqlInjectionATM.ql @@ -9,7 +9,9 @@ * @problem.severity error * @security-severity 8.8 * @id js/ml-powered/nosql-injection - * @tags experimental security + * @tags experimental + * security + * ml-generated * external/cwe/cwe-943 */ diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/SqlInjectionATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/src/SqlInjectionATM.ql index b58dd9f4609..07be30727ca 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/src/SqlInjectionATM.ql +++ b/javascript/ql/experimental/adaptivethreatmodeling/src/SqlInjectionATM.ql @@ -9,7 +9,9 @@ * @problem.severity error * @security-severity 8.8 * @id js/ml-powered/sql-injection - * @tags experimental security + * @tags experimental + * security + * ml-generated * external/cwe/cwe-089 */ diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/TaintedPathATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/src/TaintedPathATM.ql index 7e637687d75..20a48580bd1 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/src/TaintedPathATM.ql +++ b/javascript/ql/experimental/adaptivethreatmodeling/src/TaintedPathATM.ql @@ -9,7 +9,9 @@ * @problem.severity error * @security-severity 7.5 * @id js/ml-powered/path-injection - * @tags experimental security + * @tags experimental + * security + * ml-generated * external/cwe/cwe-022 * external/cwe/cwe-023 * external/cwe/cwe-036 diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/XssATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/src/XssATM.ql index d0e98c1cd54..78fe29c2b88 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/src/XssATM.ql +++ b/javascript/ql/experimental/adaptivethreatmodeling/src/XssATM.ql @@ -9,7 +9,9 @@ * @problem.severity error * @security-severity 6.1 * @id js/ml-powered/xss - * @tags experimental security + * @tags experimental + * security + * ml-generated * external/cwe/cwe-079 */ diff --git a/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql b/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql index ee410fe9245..739a818b1b5 100644 --- a/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql +++ b/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql @@ -10,6 +10,7 @@ * @tags actions * security * external/cwe/cwe-094 + * experimental */ import javascript diff --git a/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql b/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql index f13f5fae14e..654807fa2d4 100644 --- a/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql +++ b/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql @@ -7,6 +7,7 @@ * @precision medium * @tags security * external/cwe/cwe-918 + * experimental */ import javascript diff --git a/python/ql/src/experimental/Security/CWE-022/ZipSlip.ql b/python/ql/src/experimental/Security/CWE-022/ZipSlip.ql index dd89b4d1280..f6790a4c4c9 100644 --- a/python/ql/src/experimental/Security/CWE-022/ZipSlip.ql +++ b/python/ql/src/experimental/Security/CWE-022/ZipSlip.ql @@ -10,6 +10,7 @@ * @precision high * @tags security * external/cwe/cwe-022 + * experimental */ import python diff --git a/python/ql/src/experimental/Security/CWE-074/TemplateInjection.ql b/python/ql/src/experimental/Security/CWE-074/TemplateInjection.ql index 873c8035e2e..af6e0def41c 100644 --- a/python/ql/src/experimental/Security/CWE-074/TemplateInjection.ql +++ b/python/ql/src/experimental/Security/CWE-074/TemplateInjection.ql @@ -7,6 +7,7 @@ * @id py/template-injection * @tags security * external/cwe/cwe-074 + * experimental */ import python diff --git a/python/ql/src/experimental/Security/CWE-079/ReflectedXSS.ql b/python/ql/src/experimental/Security/CWE-079/ReflectedXSS.ql index 008650c86e7..ca28681943e 100644 --- a/python/ql/src/experimental/Security/CWE-079/ReflectedXSS.ql +++ b/python/ql/src/experimental/Security/CWE-079/ReflectedXSS.ql @@ -10,6 +10,7 @@ * @tags security * external/cwe/cwe-079 * external/cwe/cwe-116 + * experimental */ // determine precision above diff --git a/python/ql/src/experimental/Security/CWE-091/Xslt.ql b/python/ql/src/experimental/Security/CWE-091/Xslt.ql index a87edcb73aa..2d9f3f546cc 100644 --- a/python/ql/src/experimental/Security/CWE-091/Xslt.ql +++ b/python/ql/src/experimental/Security/CWE-091/Xslt.ql @@ -8,6 +8,7 @@ * @id py/xslt-injection * @tags security * external/cwe/cwe-643 + * experimental */ import python diff --git a/python/ql/src/experimental/Security/CWE-113/HeaderInjection.ql b/python/ql/src/experimental/Security/CWE-113/HeaderInjection.ql index 3cb4a20d5de..f55ae30dbda 100644 --- a/python/ql/src/experimental/Security/CWE-113/HeaderInjection.ql +++ b/python/ql/src/experimental/Security/CWE-113/HeaderInjection.ql @@ -8,6 +8,7 @@ * @tags security * external/cwe/cwe-113 * external/cwe/cwe-079 + * experimental */ // determine precision above diff --git a/python/ql/src/experimental/Security/CWE-1236/CsvInjection.ql b/python/ql/src/experimental/Security/CWE-1236/CsvInjection.ql index a570461add1..88013b8934d 100644 --- a/python/ql/src/experimental/Security/CWE-1236/CsvInjection.ql +++ b/python/ql/src/experimental/Security/CWE-1236/CsvInjection.ql @@ -7,6 +7,7 @@ * @id py/csv-injection * @tags security * external/cwe/cwe-1236 + * experimental */ import python diff --git a/python/ql/src/experimental/Security/CWE-287/ImproperLdapAuth.ql b/python/ql/src/experimental/Security/CWE-287/ImproperLdapAuth.ql index 177c58e2782..fc3654a7bb7 100644 --- a/python/ql/src/experimental/Security/CWE-287/ImproperLdapAuth.ql +++ b/python/ql/src/experimental/Security/CWE-287/ImproperLdapAuth.ql @@ -6,6 +6,7 @@ * @id py/improper-ldap-auth * @tags security * external/cwe/cwe-287 + * experimental */ // Determine precision above diff --git a/python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql b/python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql index c9687b17821..c1218d006cd 100644 --- a/python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql +++ b/python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql @@ -5,6 +5,7 @@ * @tags security * cryptography * external/cwe/cwe-327 + * experimental * @id py/azure-storage/unsafe-client-side-encryption-in-use * @problem.severity error * @precision medium diff --git a/python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql b/python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql index 730de037c1f..2b998629d09 100644 --- a/python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql +++ b/python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql @@ -10,6 +10,7 @@ * @id py/insecure-randomness * @tags security * external/cwe/cwe-338 + * experimental */ import python diff --git a/python/ql/src/experimental/Security/CWE-347/JWTEmptyKeyOrAlgorithm.ql b/python/ql/src/experimental/Security/CWE-347/JWTEmptyKeyOrAlgorithm.ql index adff8dc173f..b12ed865a8c 100644 --- a/python/ql/src/experimental/Security/CWE-347/JWTEmptyKeyOrAlgorithm.ql +++ b/python/ql/src/experimental/Security/CWE-347/JWTEmptyKeyOrAlgorithm.ql @@ -5,6 +5,7 @@ * @problem.severity warning * @id py/jwt-empty-secret-or-algorithm * @tags security + * experimental */ // determine precision above diff --git a/python/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql b/python/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql index 0cb801cb849..95ef21bf2bc 100644 --- a/python/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql +++ b/python/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql @@ -6,6 +6,7 @@ * @id py/jwt-missing-verification * @tags security * external/cwe/cwe-347 + * experimental */ // determine precision above diff --git a/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql b/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql index 667894e896e..15bc8bcad98 100644 --- a/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql +++ b/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql @@ -8,6 +8,7 @@ * @id py/ip-address-spoofing * @tags security * external/cwe/cwe-348 + * experimental */ import python diff --git a/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql b/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql index 88715203be8..bfbb8516460 100644 --- a/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql +++ b/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql @@ -7,6 +7,7 @@ * @tags security * external/cwe/cwe-522 * external/cwe/cwe-523 + * experimental */ // determine precision above diff --git a/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql b/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql index e31fdc88629..a52eb9438fe 100644 --- a/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql +++ b/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql @@ -7,6 +7,7 @@ * @id py/simple-xml-rpc-server-dos * @tags security * external/cwe/cwe-776 + * experimental */ private import python diff --git a/python/ql/src/experimental/Security/CWE-614/CookieInjection.ql b/python/ql/src/experimental/Security/CWE-614/CookieInjection.ql index 546c3d5e7a2..b5498660463 100644 --- a/python/ql/src/experimental/Security/CWE-614/CookieInjection.ql +++ b/python/ql/src/experimental/Security/CWE-614/CookieInjection.ql @@ -6,6 +6,7 @@ * @id py/cookie-injection * @tags security * external/cwe/cwe-614 + * experimental */ // determine precision above diff --git a/python/ql/src/experimental/Security/CWE-614/InsecureCookie.ql b/python/ql/src/experimental/Security/CWE-614/InsecureCookie.ql index 2fe2aee6f3e..02c431267fc 100644 --- a/python/ql/src/experimental/Security/CWE-614/InsecureCookie.ql +++ b/python/ql/src/experimental/Security/CWE-614/InsecureCookie.ql @@ -9,6 +9,7 @@ * @id py/insecure-cookie * @tags security * external/cwe/cwe-614 + * experimental */ // TODO: determine precision above diff --git a/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.ql b/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.ql index cd4405d301b..6bc1de02b59 100644 --- a/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.ql +++ b/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.ql @@ -7,6 +7,7 @@ * @id py/nosql-injection * @tags security * external/cwe/cwe-943 + * experimental */ import python diff --git a/ruby/ql/src/experimental/cwe-807/ConditionalBypass.ql b/ruby/ql/src/experimental/cwe-807/ConditionalBypass.ql index 75fbdc4f69e..ceb09316fa5 100644 --- a/ruby/ql/src/experimental/cwe-807/ConditionalBypass.ql +++ b/ruby/ql/src/experimental/cwe-807/ConditionalBypass.ql @@ -9,6 +9,7 @@ * @tags security * external/cwe/cwe-807 * external/cwe/cwe-290 + * experimental */ import ruby diff --git a/ruby/ql/src/experimental/decompression-api/DecompressionApi.ql b/ruby/ql/src/experimental/decompression-api/DecompressionApi.ql index cab1f3a94a5..ba5a25b2942 100644 --- a/ruby/ql/src/experimental/decompression-api/DecompressionApi.ql +++ b/ruby/ql/src/experimental/decompression-api/DecompressionApi.ql @@ -6,7 +6,9 @@ * @security-severity 7.8 * @precision medium * @id rb/user-controlled-file-decompression - * @tags security external/cwe/cwe-409 + * @tags security + * external/cwe/cwe-409 + * experimental */ import ruby diff --git a/ruby/ql/src/experimental/improper-memoization/ImproperMemoization.ql b/ruby/ql/src/experimental/improper-memoization/ImproperMemoization.ql index 45f0b709a2f..154fe87beab 100644 --- a/ruby/ql/src/experimental/improper-memoization/ImproperMemoization.ql +++ b/ruby/ql/src/experimental/improper-memoization/ImproperMemoization.ql @@ -5,6 +5,7 @@ * @problem.severity warning * @precision high * @tags security + * experimental * @id rb/improper-memoization */ diff --git a/ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql b/ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql index 2ddf7fe87b3..0333dc0b255 100644 --- a/ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql +++ b/ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql @@ -7,6 +7,7 @@ * @precision low * @id rb/manually-checking-http-verb * @tags security + * experimental */ import ruby diff --git a/ruby/ql/src/experimental/weak-params/WeakParams.ql b/ruby/ql/src/experimental/weak-params/WeakParams.ql index 0c6d9db5644..9aa8bca3bc4 100644 --- a/ruby/ql/src/experimental/weak-params/WeakParams.ql +++ b/ruby/ql/src/experimental/weak-params/WeakParams.ql @@ -7,6 +7,7 @@ * @precision medium * @id rb/weak-params * @tags security + * experimental */ import ruby