hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-25 00:27:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

cleanup

Browse Source
This commit is contained in:
Chanel Young
2025-04-21 16:50:36 -07:00
parent 7359f912c5
commit e91912e30d
3 changed files with 11 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
powershell/ql/src/experimental/HardcodedComputerName.ql
View File

@@ -1,12 +1,11 @@
/**
* @name Hardcoded Computer Name
* @description Using externally controlled strings in a command line may allow a malicious
* user to change the meaning of the command.
* @description Do not hardcode computer names in powershell scripts.
* @kind problem
* @problem.severity error
* @security-severity 9.8
* @security-severity 7.0
* @precision high
* @id powershell/microsoft/public/command-injection
* @id powershell/microsoft/public/hardcoded-computer-name
* @tags correctness
* security
* external/cwe/cwe-078

9
powershell/ql/src/experimental/UseOfReservedCmdletChar.ql
View File

@@ -1,12 +1,11 @@
/**
* @name Hardcoded Computer Name
* @description Using externally controlled strings in a command line may allow a malicious
* user to change the meaning of the command.
* @name Reserved Characters in Function Name
* @description Do not use reserved characters in function names
* @kind problem
* @problem.severity error
* @security-severity 9.8
* @security-severity 7.0
* @precision high
* @id powershell/microsoft/public/command-injection
* @id powershell/microsoft/public/reserved-characters-in-function-name
* @tags correctness
* security
* external/cwe/cwe-078

13
powershell/ql/src/experimental/UsernameOrPasswordParameter.ql
View File

@@ -1,12 +1,11 @@
/**
* @name Hardcoded Computer Name
* @description Using externally controlled strings in a command line may allow a malicious
* user to change the meaning of the command.
* @name Use of Username or Password parameter
* @description Do not use username or password parameters
* @kind problem
* @problem.severity error
* @security-severity 9.8
* @security-severity 7.0
* @precision high
* @id powershell/microsoft/public/command-injection
* @id powershell/microsoft/public/username-or-password-parameter
* @tags correctness
* security
* external/cwe/cwe-078
@@ -15,10 +14,6 @@
import powershell
// from Expr e
// where e.getLocation().getFile().getBaseName() = "AvoidUsingUsernameAndPasswordParams.ps1"
// select e, e.getAQlClass()
from Parameter p
where p.getName().toLowerCase() = ["username", "password"]
select p, "Do not use username or password parameters."