From e9bb9f52947ef114159ffec61a673a01c715c9cd Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Thu, 13 Jan 2022 17:45:40 +0000 Subject: [PATCH] JS: Update names, IDs, and tags for ML-powered queries --- .../adaptivethreatmodeling/src/NosqlInjectionATM.ql | 6 +++--- .../adaptivethreatmodeling/src/SqlInjectionATM.ql | 6 +++--- .../adaptivethreatmodeling/src/TaintedPathATM.ql | 6 +++--- .../ql/experimental/adaptivethreatmodeling/src/XssATM.ql | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/NosqlInjectionATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/src/NosqlInjectionATM.ql index 977de7353a9..02b6445a890 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/src/NosqlInjectionATM.ql +++ b/javascript/ql/experimental/adaptivethreatmodeling/src/NosqlInjectionATM.ql @@ -1,15 +1,15 @@ /** * For internal use only. * - * @name NoSQL database query built from user-controlled sources (boosted) + * @name NoSQL database query built from user-controlled sources (experimental) * @description Building a database query from user-controlled sources is vulnerable to insertion of * malicious code by the user. * @kind path-problem * @scored * @problem.severity error * @security-severity 8.8 - * @id adaptive-threat-modeling/js/nosql-injection - * @tags experimental experimental/atm security + * @id js/ml-powered/nosql-injection + * @tags experimental security */ import ATM::ResultsInfo diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/SqlInjectionATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/src/SqlInjectionATM.ql index 7878ad97a40..ee735f3df7a 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/src/SqlInjectionATM.ql +++ b/javascript/ql/experimental/adaptivethreatmodeling/src/SqlInjectionATM.ql @@ -1,15 +1,15 @@ /** * For internal use only. * - * @name SQL database query built from user-controlled sources (boosted) + * @name SQL database query built from user-controlled sources (experimental) * @description Building a database query from user-controlled sources is vulnerable to insertion of * malicious code by the user. * @kind path-problem * @scored * @problem.severity error * @security-severity 8.8 - * @id adaptive-threat-modeling/js/sql-injection - * @tags experimental experimental/atm security + * @id js/ml-powered/sql-injection + * @tags experimental security */ import experimental.adaptivethreatmodeling.SqlInjectionATM diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/TaintedPathATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/src/TaintedPathATM.ql index 352c290a82d..a677d0a8849 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/src/TaintedPathATM.ql +++ b/javascript/ql/experimental/adaptivethreatmodeling/src/TaintedPathATM.ql @@ -1,15 +1,15 @@ /** * For internal use only. * - * @name Uncontrolled data used in path expression (boosted) + * @name Uncontrolled data used in path expression (experimental) * @description Accessing paths influenced by users can allow an attacker to access * unexpected resources. * @kind path-problem * @scored * @problem.severity error * @security-severity 7.5 - * @id adaptive-threat-modeling/js/path-injection - * @tags experimental experimental/atm security + * @id js/ml-powered/path-injection + * @tags experimental security */ import ATM::ResultsInfo diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/XssATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/src/XssATM.ql index 1180846f71c..6c9523c9b96 100644 --- a/javascript/ql/experimental/adaptivethreatmodeling/src/XssATM.ql +++ b/javascript/ql/experimental/adaptivethreatmodeling/src/XssATM.ql @@ -1,15 +1,15 @@ /** * For internal use only. * - * @name Client-side cross-site scripting (boosted) + * @name Client-side cross-site scripting (experimental) * @description Writing user input directly to the DOM allows for * a cross-site scripting vulnerability. * @kind path-problem * @scored * @problem.severity error * @security-severity 6.1 - * @id adaptive-threat-modeling/js/xss - * @tags experimental experimental/atm security + * @id js/ml-powered/xss + * @tags experimental security */ import javascript