Add security-severity tags

Merge pull request #5679 from tausbn/python-fix-bad-points-to-joins
Python: Fix bad points-to joins
2026-05-18 05:07:06 +02:00 · 2021-04-20 21:57:47 +01:00 · 2021-04-20 21:19:32 +02:00 · 2021-04-20 19:57:59 +02:00 · 2021-04-20 13:36:49 -04:00 · 2021-04-20 14:49:56 +01:00
367 changed files with 1468 additions and 1052 deletions
--- a/Errors/OffsetUseBeforeRangeCheck.ql
+++ b/Errors/OffsetUseBeforeRangeCheck.ql
@@ -5,12 +5,12 @@
 * @kind problem
 * @id cpp/offset-use-before-range-check
 * @problem.severity warning
- * @problem.security-severity 8.1
 * @precision medium
 * @tags reliability
 *       security
 *       external/cwe/cwe-120
 *       external/cwe/cwe-125
+ *       security-severity/8.1
 */

 import cpp
--- a/cpp/ql/src/Critical/DescriptorMayNotBeClosed.ql
+++ b/cpp/ql/src/Critical/DescriptorMayNotBeClosed.ql
@@ -4,7 +4,6 @@
 * @kind problem
 * @id cpp/descriptor-may-not-be-closed
 * @problem.severity warning
- * @problem.security-severity 7.8
 * @tags efficiency
 *       security
 *       external/cwe/cwe-775
--- a/cpp/ql/src/Critical/DescriptorNeverClosed.ql
+++ b/cpp/ql/src/Critical/DescriptorNeverClosed.ql
@@ -4,7 +4,6 @@
 * @kind problem
 * @id cpp/descriptor-never-closed
 * @problem.severity warning
- * @problem.security-severity 7.8
 * @tags efficiency
 *       security
 *       external/cwe/cwe-775
--- a/cpp/ql/src/Critical/FileMayNotBeClosed.ql
+++ b/cpp/ql/src/Critical/FileMayNotBeClosed.ql
@@ -4,7 +4,6 @@
 * @kind problem
 * @id cpp/file-may-not-be-closed
 * @problem.severity warning
- * @problem.security-severity 7.8
 * @tags efficiency
 *       security
 *       external/cwe/cwe-775
--- a/cpp/ql/src/Critical/FileNeverClosed.ql
+++ b/cpp/ql/src/Critical/FileNeverClosed.ql
@@ -4,7 +4,6 @@
 * @kind problem
 * @id cpp/file-never-closed
 * @problem.severity warning
- * @problem.security-severity 7.8
 * @tags efficiency
 *       security
 *       external/cwe/cwe-775
--- a/cpp/ql/src/Critical/InconsistentNullnessTesting.ql
+++ b/cpp/ql/src/Critical/InconsistentNullnessTesting.ql
@@ -4,10 +4,10 @@
 * @kind problem
 * @id cpp/inconsistent-nullness-testing
 * @problem.severity warning
- * @problem.security-severity 7.5
 * @tags reliability
 *       security
 *       external/cwe/cwe-476
+ *       security-severity/7.5
 */

 import cpp
--- a/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql
+++ b/cpp/ql/src/Critical/MemoryMayNotBeFreed.ql
@@ -4,10 +4,10 @@
 * @kind problem
 * @id cpp/memory-may-not-be-freed
 * @problem.severity warning
- * @problem.security-severity 7.5
 * @tags efficiency
 *       security
 *       external/cwe/cwe-401
+ *       security-severity/7.5
 */

 import MemoryFreed
--- a/cpp/ql/src/Critical/MemoryNeverFreed.ql
+++ b/cpp/ql/src/Critical/MemoryNeverFreed.ql
@@ -4,10 +4,10 @@
 * @kind problem
 * @id cpp/memory-never-freed
 * @problem.severity warning
- * @problem.security-severity 7.5
 * @tags efficiency
 *       security
 *       external/cwe/cwe-401
+ *       security-severity/7.5
 */

 import MemoryFreed
--- a/cpp/ql/src/Critical/MissingNullTest.ql
+++ b/cpp/ql/src/Critical/MissingNullTest.ql
@@ -4,10 +4,10 @@
 * @kind problem
 * @id cpp/missing-null-test
 * @problem.severity recommendation
- * @problem.security-severity 7.5
 * @tags reliability
 *       security
 *       external/cwe/cwe-476
+ *       security-severity/7.5
 */

 import cpp
--- a/cpp/ql/src/Critical/NewFreeMismatch.ql
+++ b/cpp/ql/src/Critical/NewFreeMismatch.ql
@@ -3,12 +3,12 @@
 * @description An object that was allocated with 'malloc' or 'new' is being freed using a mismatching 'free' or 'delete'.
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 7.5
 * @precision high
 * @id cpp/new-free-mismatch
 * @tags reliability
 *       security
 *       external/cwe/cwe-401
+ *       security-severity/7.5
 */

 import NewDelete
--- a/cpp/ql/src/Critical/OverflowCalculated.ql
+++ b/cpp/ql/src/Critical/OverflowCalculated.ql
@@ -4,11 +4,11 @@
 * @kind problem
 * @id cpp/overflow-calculated
 * @problem.severity warning
- * @problem.security-severity 9.8
 * @tags reliability
 *       security
 *       external/cwe/cwe-131
 *       external/cwe/cwe-120
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Critical/OverflowDestination.ql
+++ b/cpp/ql/src/Critical/OverflowDestination.ql
@@ -5,12 +5,12 @@
 * @kind problem
 * @id cpp/overflow-destination
 * @problem.severity warning
- * @problem.security-severity 8.8
 * @precision low
 * @tags reliability
 *       security
 *       external/cwe/cwe-119
 *       external/cwe/cwe-131
+ *       security-severity/8.8
 */

 import cpp
--- a/cpp/ql/src/Critical/OverflowStatic.ql
+++ b/cpp/ql/src/Critical/OverflowStatic.ql
@@ -4,13 +4,13 @@
 *              may result in a buffer overflow.
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 8.8
 * @precision medium
 * @id cpp/static-buffer-overflow
 * @tags reliability
 *       security
 *       external/cwe/cwe-119
 *       external/cwe/cwe-131
+ *       security-severity/8.8
 */

 import cpp
--- a/cpp/ql/src/Critical/SizeCheck.ql
+++ b/cpp/ql/src/Critical/SizeCheck.ql
@@ -4,13 +4,13 @@
 *              an instance of the type of the pointer may result in a buffer overflow
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 8.1
 * @precision medium
 * @id cpp/allocation-too-small
 * @tags reliability
 *       security
 *       external/cwe/cwe-131
 *       external/cwe/cwe-122
+ *       security-severity/8.1
 */

 import cpp
--- a/cpp/ql/src/Critical/SizeCheck2.ql
+++ b/cpp/ql/src/Critical/SizeCheck2.ql
@@ -4,13 +4,13 @@
 *              multiple instances of the type of the pointer may result in a buffer overflow
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 8.1
 * @precision medium
 * @id cpp/suspicious-allocation-size
 * @tags reliability
 *       security
 *       external/cwe/cwe-131
 *       external/cwe/cwe-122
+ *       security-severity/8.1
 */

 import cpp
--- a/cpp/ql/src/Critical/UseAfterFree.ql
+++ b/cpp/ql/src/Critical/UseAfterFree.ql
@@ -4,10 +4,10 @@
 * @kind problem
 * @id cpp/use-after-free
 * @problem.severity warning
- * @problem.security-severity 8.8
 * @tags reliability
 *       security
 *       external/cwe/cwe-416
+ *       security-severity/8.8
 */

 import cpp
--- a/Bugs/Arithmetic/BadAdditionOverflowCheck.ql
+++ b/Bugs/Arithmetic/BadAdditionOverflowCheck.ql
@@ -6,7 +6,6 @@
 *              to a larger type.
 * @kind problem
 * @problem.severity error
- * @problem.security-severity 8.1
 * @precision very-high
 * @id cpp/bad-addition-overflow-check
 * @tags reliability
@@ -14,6 +13,7 @@
 *       security
 *       external/cwe/cwe-190
 *       external/cwe/cwe-192
+ *       security-severity/8.1
 */

 import cpp
--- a/Bugs/Arithmetic/IntMultToLong.ql
+++ b/Bugs/Arithmetic/IntMultToLong.ql
@@ -4,7 +4,6 @@
 *              be a sign that the result can overflow the type converted from.
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 8.1
 * @precision high
 * @id cpp/integer-multiplication-cast-to-long
 * @tags reliability
@@ -15,6 +14,7 @@
 *       external/cwe/cwe-192
 *       external/cwe/cwe-197
 *       external/cwe/cwe-681
+ *       security-severity/8.1
 */

 import cpp
--- a/Bugs/Conversion/CastArrayPointerArithmetic.ql
+++ b/Bugs/Conversion/CastArrayPointerArithmetic.ql
@@ -6,13 +6,13 @@
 *              use the width of the base type, leading to misaligned reads.
 * @kind path-problem
 * @problem.severity warning
- * @problem.security-severity 8.8
 * @precision high
 * @tags correctness
 *       reliability
 *       security
 *       external/cwe/cwe-119
 *       external/cwe/cwe-843
+ *       security-severity/8.8
 * @id cpp/upcast-array-pointer-arithmetic
 */

--- a/Bugs/Format/NonConstantFormat.ql
+++ b/Bugs/Format/NonConstantFormat.ql
@@ -6,13 +6,13 @@
 *              from an untrusted source, this can be used for exploits.
 * @kind problem
 * @problem.severity recommendation
- * @problem.security-severity 9.8
 * @precision high
 * @id cpp/non-constant-format
 * @tags maintainability
 *       correctness
 *       security
 *       external/cwe/cwe-134
+ *       security-severity/9.8
 */

 import semmle.code.cpp.dataflow.TaintTracking
--- a/Management/AllocaInLoop.ql
+++ b/Management/AllocaInLoop.ql
@@ -3,13 +3,13 @@
 * @description Using alloca in a loop can lead to a stack overflow
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 7.5
 * @precision high
 * @id cpp/alloca-in-loop
 * @tags reliability
 *       correctness
 *       security
 *       external/cwe/cwe-770
+ *       security-severity/7.5
 */

 import cpp
--- a/Management/ImproperNullTermination.ql
+++ b/Management/ImproperNullTermination.ql
@@ -5,10 +5,10 @@
 * @kind problem
 * @id cpp/improper-null-termination
 * @problem.severity warning
- * @problem.security-severity 7.8
 * @tags security
 *       external/cwe/cwe-170
 *       external/cwe/cwe-665
+ *       security-severity/7.8
 */

 import cpp
--- a/Management/ReturnStackAllocatedMemory.ql
+++ b/Management/ReturnStackAllocatedMemory.ql
@@ -13,6 +13,7 @@

 import cpp
 import semmle.code.cpp.dataflow.EscapesTree
+import semmle.code.cpp.models.interfaces.PointerWrapper
 import semmle.code.cpp.dataflow.DataFlow

 /**
@@ -39,6 +40,10 @@ predicate hasNontrivialConversion(Expr e) {
    e instanceof ParenthesisExpr
  )
  or
+  // A smart pointer can be stack-allocated while the data it points to is heap-allocated.
+  // So we exclude such "conversions" from this predicate.
+  e = any(PointerWrapper wrapper).getAnUnwrapperFunction().getACallToThisFunction()
+  or
  hasNontrivialConversion(e.getConversion())
 }

--- a/Management/StrncpyFlippedArgs.ql
+++ b/Management/StrncpyFlippedArgs.ql
@@ -4,7 +4,6 @@
 *              as the third argument may result in a buffer overflow.
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 8.8
 * @precision medium
 * @id cpp/bad-strncpy-size
 * @tags reliability
@@ -13,6 +12,7 @@
 *       external/cwe/cwe-676
 *       external/cwe/cwe-119
 *       external/cwe/cwe-251
+ *       security-severity/8.8
 */

 import cpp
--- a/Management/SuspiciousCallToStrncat.ql
+++ b/Management/SuspiciousCallToStrncat.ql
@@ -4,7 +4,6 @@
 *              as the third argument may result in a buffer overflow.
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 8.8
 * @precision medium
 * @id cpp/unsafe-strncat
 * @tags reliability
@@ -13,6 +12,7 @@
 *       external/cwe/cwe-676
 *       external/cwe/cwe-119
 *       external/cwe/cwe-251
+ *       security-severity/8.8
 */

 import cpp
--- a/Management/UninitializedLocal.ql
+++ b/Management/UninitializedLocal.ql
@@ -5,11 +5,11 @@
 * @kind problem
 * @id cpp/uninitialized-local
 * @problem.severity warning
- * @problem.security-severity 7.8
 * @precision medium
 * @tags security
 *       external/cwe/cwe-665
 *       external/cwe/cwe-457
+ *       security-severity/7.8
 */

 import cpp
--- a/Management/UnsafeUseOfStrcat.ql
+++ b/Management/UnsafeUseOfStrcat.ql
@@ -4,7 +4,6 @@
 *              may result in a buffer overflow
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 9.8
 * @precision medium
 * @id cpp/unsafe-strcat
 * @tags reliability
@@ -13,6 +12,7 @@
 *       external/cwe/cwe-676
 *       external/cwe/cwe-120
 *       external/cwe/cwe-251
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-020/CountUntrustedDataToExternalAPI.ql
+++ b/cpp/ql/src/Security/CWE/CWE-020/CountUntrustedDataToExternalAPI.ql
@@ -6,6 +6,7 @@
 * @id cpp/count-untrusted-data-external-api
 * @kind table
 * @tags security external/cwe/cwe-20
+ *       security-severity/8.6
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.ql
+++ b/cpp/ql/src/Security/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.ql
@@ -6,6 +6,7 @@
 * @id cpp/count-untrusted-data-external-api-ir
 * @kind table
 * @tags security external/cwe/cwe-20
+ *       security-severity/8.6
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql
+++ b/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql
@@ -5,8 +5,8 @@
 * @kind path-problem
 * @precision low
 * @problem.severity error
- * @problem.security-severity 8.6
 * @tags security external/cwe/cwe-20
+ *       security-severity/8.6
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql
+++ b/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql
@@ -5,8 +5,8 @@
 * @kind path-problem
 * @precision low
 * @problem.severity error
- * @problem.security-severity 8.6
 * @tags security external/cwe/cwe-20
+ *       security-severity/8.6
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
+++ b/cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
@@ -4,7 +4,6 @@
 *              attacker to access unexpected resources.
 * @kind path-problem
 * @problem.severity warning
- * @problem.security-severity 8.8
 * @precision medium
 * @id cpp/path-injection
 * @tags security
@@ -12,6 +11,7 @@
 *       external/cwe/cwe-023
 *       external/cwe/cwe-036
 *       external/cwe/cwe-073
+ *       security-severity/8.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql
@@ -5,12 +5,12 @@
 *              to command injection.
 * @kind problem
 * @problem.severity error
- * @problem.security-severity 9.8
 * @precision low
 * @id cpp/command-line-injection
 * @tags security
 *       external/cwe/cwe-078
 *       external/cwe/cwe-088
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
+++ b/cpp/ql/src/Security/CWE/CWE-079/CgiXss.ql
@@ -4,11 +4,11 @@
 *              allows for a cross-site scripting vulnerability.
 * @kind path-problem
 * @problem.severity error
- * @problem.security-severity 6.1
 * @precision high
 * @id cpp/cgi-xss
 * @tags security
 *       external/cwe/cwe-079
+ *       security-severity/6.1
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
@@ -5,11 +5,11 @@
 *              to SQL Injection.
 * @kind path-problem
 * @problem.severity error
- * @problem.security-severity 9.8
 * @precision high
 * @id cpp/sql-injection
 * @tags security
 *       external/cwe/cwe-089
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
+++ b/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql
@@ -5,11 +5,11 @@
 *              commands.
 * @kind path-problem
 * @problem.severity warning
- * @problem.security-severity 8.2
 * @precision medium
 * @id cpp/uncontrolled-process-operation
 * @tags security
 *       external/cwe/cwe-114
+ *       security-severity/8.2
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql
+++ b/cpp/ql/src/Security/CWE/CWE-119/OverflowBuffer.ql
@@ -6,12 +6,12 @@
 * @kind problem
 * @id cpp/overflow-buffer
 * @problem.severity recommendation
- * @problem.security-severity 8.8
 * @tags security
 *       external/cwe/cwe-119
 *       external/cwe/cwe-121
 *       external/cwe/cwe-122
 *       external/cwe/cwe-126
+ *       security-severity/8.8
 */

 import semmle.code.cpp.security.BufferWrite
--- a/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-120/BadlyBoundedWrite.ql
@@ -5,7 +5,6 @@
 *              overflow.
 * @kind problem
 * @problem.severity error
- * @problem.security-severity 9.1
 * @precision high
 * @id cpp/badly-bounded-write
 * @tags reliability
@@ -13,6 +12,7 @@
 *       external/cwe/cwe-120
 *       external/cwe/cwe-787
 *       external/cwe/cwe-805
+ *       security-severity/9.1
 */

 import semmle.code.cpp.security.BufferWrite
--- a/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.ql
@@ -4,7 +4,6 @@
 *              of data written may overflow.
 * @kind problem
 * @problem.severity error
- * @problem.security-severity 9.1
 * @precision medium
 * @id cpp/overrunning-write
 * @tags reliability
@@ -12,6 +11,7 @@
 *       external/cwe/cwe-120
 *       external/cwe/cwe-787
 *       external/cwe/cwe-805
+ *       security-severity/9.1
 */

 import semmle.code.cpp.security.BufferWrite
--- a/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql
+++ b/cpp/ql/src/Security/CWE/CWE-120/OverrunWriteFloat.ql
@@ -5,7 +5,6 @@
 *              take extreme values.
 * @kind problem
 * @problem.severity error
- * @problem.security-severity 9.1
 * @precision medium
 * @id cpp/overrunning-write-with-float
 * @tags reliability
@@ -13,6 +12,7 @@
 *       external/cwe/cwe-120
 *       external/cwe/cwe-787
 *       external/cwe/cwe-805
+ *       security-severity/9.1
 */

 import semmle.code.cpp.security.BufferWrite
--- a/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
@@ -4,7 +4,6 @@
 *              of data written may overflow.
 * @kind path-problem
 * @problem.severity error
- * @problem.security-severity 9.1
 * @precision medium
 * @id cpp/unbounded-write
 * @tags reliability
@@ -12,6 +11,7 @@
 *       external/cwe/cwe-120
 *       external/cwe/cwe-787
 *       external/cwe/cwe-805
+ *       security-severity/9.1
 */

 import semmle.code.cpp.security.BufferWrite
--- a/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql
+++ b/cpp/ql/src/Security/CWE/CWE-121/UnterminatedVarargsCall.ql
@@ -5,12 +5,12 @@
 *              a specific value to terminate the argument list.
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 9.8
 * @precision medium
 * @id cpp/unterminated-variadic-call
 * @tags reliability
 *       security
 *       external/cwe/cwe-121
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
+++ b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql
@@ -6,9 +6,9 @@
 * @kind problem
 * @id cpp/unclear-array-index-validation
 * @problem.severity warning
- * @problem.security-severity 9.8
 * @tags security
 *       external/cwe/cwe-129
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
+++ b/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
@@ -5,7 +5,6 @@
 *              terminator can cause a buffer overrun.
 * @kind problem
 * @problem.severity error
- * @problem.security-severity 9.8
 * @precision high
 * @id cpp/no-space-for-terminator
 * @tags reliability
@@ -13,6 +12,7 @@
 *       external/cwe/cwe-131
 *       external/cwe/cwe-120
 *       external/cwe/cwe-122
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
+++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
@@ -5,12 +5,12 @@
 *              or data representation problems.
 * @kind path-problem
 * @problem.severity warning
- * @problem.security-severity 9.8
 * @precision high
 * @id cpp/tainted-format-string
 * @tags reliability
 *       security
 *       external/cwe/cwe-134
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql
+++ b/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatStringThroughGlobalVar.ql
@@ -5,12 +5,12 @@
 *              or data representation problems.
 * @kind path-problem
 * @problem.severity warning
- * @problem.security-severity 9.8
 * @precision high
 * @id cpp/tainted-format-string-through-global
 * @tags reliability
 *       security
 *       external/cwe/cwe-134
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-170/ImproperNullTerminationTainted.ql
@@ -5,9 +5,9 @@
 * @kind problem
 * @id cpp/user-controlled-null-termination-tainted
 * @problem.severity warning
- * @problem.security-severity 5.5
 * @tags security
 *       external/cwe/cwe-170
+ *       security-severity/5.5
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
@@ -4,12 +4,12 @@
 *              not validated can cause overflows.
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 8.1
 * @precision low
 * @id cpp/tainted-arithmetic
 * @tags security
 *       external/cwe/cwe-190
 *       external/cwe/cwe-191
+ *       security-severity/8.1
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
@@ -4,12 +4,12 @@
 *              validated can cause overflows.
 * @kind path-problem
 * @problem.severity warning
- * @problem.security-severity 8.1
 * @precision medium
 * @id cpp/uncontrolled-arithmetic
 * @tags security
 *       external/cwe/cwe-190
 *       external/cwe/cwe-191
+ *       security-severity/8.1
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql
@@ -6,12 +6,12 @@
 * @kind problem
 * @id cpp/arithmetic-with-extreme-values
 * @problem.severity warning
- * @problem.security-severity 8.1
 * @precision low
 * @tags security
 *       reliability
 *       external/cwe/cwe-190
 *       external/cwe/cwe-191
+ *       security-severity/8.1
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
@@ -5,13 +5,13 @@
 * @id cpp/comparison-with-wider-type
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 7.8
 * @precision high
 * @tags reliability
 *       security
 *       external/cwe/cwe-190
 *       external/cwe/cwe-197
 *       external/cwe/cwe-835
+ *       security-severity/7.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql
@@ -5,12 +5,12 @@
 * @kind problem
 * @id cpp/integer-overflow-tainted
 * @problem.severity warning
- * @problem.security-severity 8.1
 * @precision low
 * @tags security
 *       external/cwe/cwe-190
 *       external/cwe/cwe-197
 *       external/cwe/cwe-681
+ *       security-severity/8.1
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql
@@ -4,12 +4,12 @@
 *              user can result in integer overflow.
 * @kind path-problem
 * @problem.severity error
- * @problem.security-severity 8.1
 * @precision medium
 * @id cpp/uncontrolled-allocation-size
 * @tags reliability
 *       security
 *       external/cwe/cwe-190
+ *       security-severity/8.1
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
+++ b/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
@@ -4,11 +4,11 @@
 * @kind problem
 * @id cpp/unsigned-difference-expression-compared-zero
 * @problem.severity warning
- * @problem.security-severity 8.2
 * @precision medium
 * @tags security
 *       correctness
 *       external/cwe/cwe-191
+ *       security-severity/8.2
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql
+++ b/cpp/ql/src/Security/CWE/CWE-290/AuthenticationBypass.ql
@@ -5,11 +5,11 @@
 *              vulnerable to spoofing attacks.
 * @kind path-problem
 * @problem.severity warning
- * @problem.security-severity 7.7
 * @precision medium
 * @id cpp/user-controlled-bypass
 * @tags security
 *       external/cwe/cwe-290
+ *       security-severity/7.7
 */

 import semmle.code.cpp.security.TaintTracking
--- a/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-311/CleartextBufferWrite.ql
@@ -4,11 +4,11 @@
 *              to an attacker.
 * @kind path-problem
 * @problem.severity warning
- * @problem.security-severity 7.5
 * @precision medium
 * @id cpp/cleartext-storage-buffer
 * @tags security
 *       external/cwe/cwe-312
+ *       security-severity/7.5
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql
@@ -4,7 +4,6 @@
 *              to an attacker.
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 6.5
 * @precision medium
 * @id cpp/cleartext-storage-file
 * @tags security
--- a/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql
+++ b/cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql
@@ -4,7 +4,6 @@
 *              database can expose it to an attacker.
 * @kind path-problem
 * @problem.severity warning
- * @problem.security-severity 6.5
 * @precision medium
 * @id cpp/cleartext-storage-database
 * @tags security
--- a/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
+++ b/cpp/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
@@ -4,11 +4,11 @@
 *              an attacker to compromise security.
 * @kind problem
 * @problem.severity error
- * @problem.security-severity 7.5
 * @precision medium
 * @id cpp/weak-cryptographic-algorithm
 * @tags security
 *       external/cwe/cwe-327
+ *       security-severity/7.5
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql
+++ b/cpp/ql/src/Security/CWE/CWE-327/OpenSslHeartbleed.ql
@@ -4,12 +4,12 @@
 *              attackers to retrieve portions of memory.
 * @kind problem
 * @problem.severity error
- * @problem.security-severity 7.5
 * @precision very-high
 * @id cpp/openssl-heartbleed
 * @tags security
 *       external/cwe/cwe-327
 *       external/cwe/cwe-788
+ *       security-severity/7.5
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql
+++ b/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql
@@ -5,11 +5,11 @@
 *              the two operations.
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 7.0
 * @precision medium
 * @id cpp/toctou-race-condition
 * @tags security
 *       external/cwe/cwe-367
+ *       security-severity/7.0
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql
+++ b/cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql
@@ -4,12 +4,12 @@
 * @id cpp/unsafe-create-process-call
 * @kind problem
 * @problem.severity error
- * @problem.security-severity 7.8
 * @precision medium
 * @msrc.severity important
 * @tags security
 *       external/cwe/cwe-428
 *       external/microsoft/C6277
+ *       security-severity/7.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql
+++ b/cpp/ql/src/Security/CWE/CWE-704/WcharCharConversion.ql
@@ -6,11 +6,11 @@
 * @kind problem
 * @id cpp/incorrect-string-type-conversion
 * @problem.severity error
- * @problem.security-severity 9.8
 * @precision high
 * @tags security
 *       external/cwe/cwe-704
 *       external/microsoft/c/c6276
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql
+++ b/cpp/ql/src/Security/CWE/CWE-732/DoNotCreateWorldWritable.ql
@@ -3,11 +3,11 @@
 * @description Creating a file that is world-writable can allow an attacker to write to the file.
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 7.8
 * @precision medium
 * @id cpp/world-writable-file-creation
 * @tags security
 *       external/cwe/cwe-732
+ *       security-severity/7.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql
+++ b/cpp/ql/src/Security/CWE/CWE-732/UnsafeDaclSecurityDescriptor.ql
@@ -7,11 +7,11 @@
 * @id cpp/unsafe-dacl-security-descriptor
 * @kind problem
 * @problem.severity error
- * @problem.security-severity 7.8
 * @precision high
 * @tags security
 *       external/cwe/cwe-732
 *       external/microsoft/C6248
+ *       security-severity/7.8
 */

 import cpp
--- a/cpp/ql/src/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql
+++ b/cpp/ql/src/Security/CWE/CWE-835/InfiniteLoopWithUnsatisfiableExitCondition.ql
@@ -6,9 +6,9 @@
 * @kind problem
 * @id cpp/infinite-loop-with-unsatisfiable-exit-condition
 * @problem.severity warning
- * @problem.security-severity 7.5
 * @tags security
 *       external/cwe/cwe-835
+ *       security-severity/7.5
 */

 import cpp
--- a/Bugs/RedundantNullCheckParam.ql
+++ b/Bugs/RedundantNullCheckParam.ql
@@ -6,10 +6,10 @@
 * @kind problem
 * @id cpp/redundant-null-check-param
 * @problem.severity recommendation
- * @problem.security-severity 7.5
 * @tags reliability
 *       security
 *       external/cwe/cwe-476
+ *       security-severity/7.5
 */

 import cpp
--- a/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql
@@ -6,11 +6,11 @@
 * @kind problem
 * @id cpp/late-check-of-function-argument
 * @problem.severity warning
- * @problem.security-severity 8.6
 * @precision medium
 * @tags correctness
 *       security
 *       external/cwe/cwe-20
+ *       security-severity/8.6
 */

 import cpp
--- a/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql
@@ -3,11 +3,11 @@
 * @description Use of one of the scanf functions without a specified length.
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 9.8
 * @id cpp/memory-unsafe-function-scan
 * @tags reliability
 *       security
 *       external/cwe/cwe-120
+ *       security-severity/9.8
 */

 import cpp
--- a/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql
@@ -3,12 +3,12 @@
 * @description Using a multiplication result that may overflow in the size of an allocation may lead to buffer overflows when the allocated memory is used.
 * @kind path-problem
 * @problem.severity warning
- * @problem.security-severity 8.1
 * @precision low
 * @tags security
 *       correctness
 *       external/cwe/cwe-190
 *       external/cwe/cwe-128
+ *       security-severity/8.1
 * @id cpp/multiplication-overflow-in-alloc
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql
@@ -6,10 +6,10 @@
 *                from these methods is not checked.
 * @kind problem
 * @problem.severity recommendation
- * @problem.security-severity 9.8
 * @id cpp/drop-linux-privileges-outoforder
 * @tags security
 *       external/cwe/cwe-273
+ *       security-severity/9.8
 * @precision medium
 */

--- a/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
+++ b/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql
@@ -5,11 +5,11 @@
 * @kind problem
 * @id cpp/memory-leak-on-failed-call-to-realloc
 * @problem.severity warning
- * @problem.security-severity 7.5
 * @precision medium
 * @tags correctness
 *       security
 *       external/cwe/cwe-401
+ *       security-severity/7.5
 */

 import cpp
--- a/Management/ReturnStackAllocatedMemory/test.cpp
+++ b/Management/ReturnStackAllocatedMemory/test.cpp
@@ -189,3 +189,30 @@ int *&conversionInFlow() {
  int *&pRef = p; // has conversion in the middle of data flow
  return pRef; // BAD [NOT DETECTED]
 }
+
+namespace std {
+	template<typename T>
+	class shared_ptr {
+	public:
+		shared_ptr() noexcept;
+		explicit shared_ptr(T*);
+		shared_ptr(const shared_ptr&) noexcept;
+		template<class U> shared_ptr(const shared_ptr<U>&) noexcept;
+		template<class U> shared_ptr(shared_ptr<U>&&) noexcept;
+
+		shared_ptr<T>& operator=(const shared_ptr<T>&) noexcept;
+		shared_ptr<T>& operator=(shared_ptr<T>&&) noexcept;
+
+		T& operator*() const noexcept;
+		T* operator->() const noexcept;
+
+		T* get() const noexcept;
+	};
+}
+
+auto make_read_port()
+{
+  auto port = std::shared_ptr<int>(new int);
+  auto ptr = port.get();
+  return ptr; // GOOD
+}
--- a/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql
+++ b/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql
@@ -3,12 +3,12 @@
 * @description Finds empty passwords in configuration files.
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 8.1
 * @precision medium
 * @id cs/empty-password-in-configuration
 * @tags security
 *       external/cwe/cwe-258
 *       external/cwe/cwe-862
+ *       security-severity/8.1
 */

 import csharp
--- a/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql
+++ b/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql
@@ -3,13 +3,13 @@
 * @description Finds passwords in configuration files.
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 6.5
 * @precision medium
 * @id cs/password-in-configuration
 * @tags security
 *       external/cwe/cwe-13
 *       external/cwe/cwe-256
 *       external/cwe/cwe-313
+ *       security-severity/6.5
 */

 import csharp
--- a/Validation/UseOfFileUpload.ql
+++ b/Validation/UseOfFileUpload.ql
@@ -3,13 +3,13 @@
 * @description Finds uses of file upload
 * @kind problem
 * @problem.severity recommendation
- * @problem.security-severity 8.8
 * @precision high
 * @id cs/web/file-upload
 * @tags security
 *       maintainability
 *       frameworks/asp.net
 *       external/cwe/cwe-434
+ *       security-severity/8.8
 */

 import csharp
--- a/Bugs/ThreadUnsafeICryptoTransform.ql
+++ b/Bugs/ThreadUnsafeICryptoTransform.ql
@@ -5,12 +5,12 @@
 *              but under some circumstances may also result in incorrect results.
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 7.0
 * @precision medium
 * @id cs/thread-unsafe-icryptotransform-field-in-class
 * @tags concurrency
 *       security
 *       external/cwe/cwe-362
+ *       security-severity/7.0
 */

 import csharp
--- a/Bugs/ThreadUnsafeICryptoTransformLambda.ql
+++ b/Bugs/ThreadUnsafeICryptoTransformLambda.ql
@@ -6,12 +6,12 @@
 *              but under some circumstances may also result in incorrect results.
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 7.0
 * @precision medium
 * @id cs/thread-unsafe-icryptotransform-captured-in-lambda
 * @tags concurrency
 *       security
 *       external/cwe/cwe-362
+ *       security-severity/7.0
 */

 import csharp
--- a/Features/CWE-016/ASPNetMaxRequestLength.ql
+++ b/Features/CWE-016/ASPNetMaxRequestLength.ql
@@ -4,11 +4,11 @@
 *              denial-of-service attacks.
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 7.1
 * @id cs/web/large-max-request-length
 * @tags security
 *       frameworks/asp.net
 *       external/cwe/cwe-16
+ *       security-severity/7.1
 */

 import csharp
--- a/Features/CWE-016/ASPNetPagesValidateRequest.ql
+++ b/Features/CWE-016/ASPNetPagesValidateRequest.ql
@@ -3,11 +3,11 @@
 * @description ASP.NET pages should not disable the built-in request validation.
 * @kind problem
 * @problem.severity warning
- * @problem.security-severity 7.1
 * @id cs/web/request-validation-disabled
 * @tags security
 *       frameworks/asp.net
 *       external/cwe/cwe-16
+ *       security-severity/7.1
 */

 import csharp
--- a/Features/CWE-016/ASPNetRequestValidationMode.ql
+++ b/Features/CWE-016/ASPNetRequestValidationMode.ql
@@ -6,9 +6,9 @@
 * @kind problem
 * @id cs/insecure-request-validation-mode
 * @problem.severity warning
- * @problem.security-severity 7.1
 * @tags security
 *       external/cwe/cwe-016
+ *       security-severity/7.1
 */

 import csharp
--- a/Features/CWE-020/ExternalAPIsUsedWithUntrustedData.ql
+++ b/Features/CWE-020/ExternalAPIsUsedWithUntrustedData.ql
@@ -6,6 +6,7 @@
 * @id csharp/count-untrusted-data-external-api
 * @kind table
 * @tags security external/cwe/cwe-20
+ *       security-severity/8.6
 */

 import csharp
--- a/Features/CWE-020/RuntimeChecksBypass.ql
+++ b/Features/CWE-020/RuntimeChecksBypass.ql
@@ -4,10 +4,10 @@
 * @kind problem
 * @id cs/serialization-check-bypass
 * @problem.severity warning
- * @problem.security-severity 8.6
 * @precision medium
 * @tags security
 *       external/cwe/cwe-20
+ *       security-severity/8.6
 */

 import semmle.code.csharp.serialization.Serialization
--- a/Features/CWE-020/UntrustedDataToExternalAPI.ql
+++ b/Features/CWE-020/UntrustedDataToExternalAPI.ql
@@ -5,8 +5,8 @@
 * @kind path-problem
 * @precision low
 * @problem.severity error
- * @problem.security-severity 8.6
 * @tags security external/cwe/cwe-20
+ *       security-severity/8.6
 */

 import csharp
--- a/Features/CWE-022/TaintedPath.ql
+++ b/Features/CWE-022/TaintedPath.ql
@@ -3,7 +3,6 @@
 * @description Accessing paths influenced by users can allow an attacker to access unexpected resources.
 * @kind path-problem
 * @problem.severity error
- * @problem.security-severity 8.8
 * @precision high
 * @id cs/path-injection
 * @tags security
@@ -12,6 +11,7 @@
 *       external/cwe/cwe-036
 *       external/cwe/cwe-073
 *       external/cwe/cwe-099
+ *       security-severity/8.8
 */

 import csharp
--- a/Features/CWE-022/ZipSlip.ql
+++ b/Features/CWE-022/ZipSlip.ql
@@ -6,10 +6,10 @@
 * @kind path-problem
 * @id cs/zipslip
 * @problem.severity error
- * @problem.security-severity 8.8
 * @precision high
 * @tags security
 *       external/cwe/cwe-022
+ *       security-severity/8.8
 */

 import csharp
--- a/Features/CWE-078/CommandInjection.ql
+++ b/Features/CWE-078/CommandInjection.ql
@@ -4,13 +4,13 @@
 *              user to change the meaning of the command.
 * @kind path-problem
 * @problem.severity error
- * @problem.security-severity 9.8
 * @precision high
 * @id cs/command-line-injection
 * @tags correctness
 *       security
 *       external/cwe/cwe-078
 *       external/cwe/cwe-088
+ *       security-severity/9.8
 */

 import csharp
--- a/Features/CWE-078/StoredCommandInjection.ql
+++ b/Features/CWE-078/StoredCommandInjection.ql
@@ -4,13 +4,13 @@
 *              user to change the meaning of the command.
 * @kind path-problem
 * @problem.severity error
- * @problem.security-severity 9.8
 * @precision medium
 * @id cs/stored-command-line-injection
 * @tags correctness
 *       security
 *       external/cwe/cwe-078
 *       external/cwe/cwe-088
+ *       security-severity/9.8
 */

 import csharp
--- a/Features/CWE-079/StoredXSS.ql
+++ b/Features/CWE-079/StoredXSS.ql
@@ -4,12 +4,12 @@
 *              scripting vulnerability if the data was originally user-provided.
 * @kind path-problem
 * @problem.severity error
- * @problem.security-severity 6.1
 * @precision medium
 * @id cs/web/stored-xss
 * @tags security
 *       external/cwe/cwe-079
 *       external/cwe/cwe-116
+ *       security-severity/6.1
 */

 import csharp
--- a/Features/CWE-079/XSS.ql
+++ b/Features/CWE-079/XSS.ql
@@ -4,12 +4,12 @@
 *              allows for a cross-site scripting vulnerability.
 * @kind path-problem
 * @problem.severity error
- * @problem.security-severity 6.1
 * @precision high
 * @id cs/web/xss
 * @tags security
 *       external/cwe/cwe-079
 *       external/cwe/cwe-116
+ *       security-severity/6.1
 */

 import csharp
--- a/Features/CWE-089/SecondOrderSqlInjection.ql
+++ b/Features/CWE-089/SecondOrderSqlInjection.ql
@@ -4,11 +4,11 @@
 *              of malicious SQL code by the user.
 * @kind path-problem
 * @problem.severity error
- * @problem.security-severity 9.8
 * @precision medium
 * @id cs/second-order-sql-injection
 * @tags security
 *       external/cwe/cwe-089
+ *       security-severity/9.8
 */

 import csharp
--- a/Features/CWE-089/SqlInjection.ql
+++ b/Features/CWE-089/SqlInjection.ql
@@ -4,11 +4,11 @@
 *              malicious SQL code by the user.
 * @kind path-problem
 * @problem.severity error
- * @problem.security-severity 9.8
 * @precision high
 * @id cs/sql-injection
 * @tags security
 *       external/cwe/cwe-089
+ *       security-severity/9.8
 */

 import csharp
--- a/Features/CWE-090/LDAPInjection.ql
+++ b/Features/CWE-090/LDAPInjection.ql
@@ -4,7 +4,6 @@
 *              malicious LDAP code by the user.
 * @kind path-problem
 * @problem.severity error
- * @problem.security-severity 5.4
 * @precision high
 * @id cs/ldap-injection
 * @tags security
--- a/Features/CWE-090/StoredLDAPInjection.ql
+++ b/Features/CWE-090/StoredLDAPInjection.ql
@@ -4,7 +4,6 @@
 *              insertion of malicious LDAP code by the user.
 * @kind path-problem
 * @problem.severity error
- * @problem.security-severity 5.4
 * @precision medium
 * @id cs/stored-ldap-injection
 * @tags security
--- a/Features/CWE-091/XMLInjection.ql
+++ b/Features/CWE-091/XMLInjection.ql
@@ -5,10 +5,10 @@
 * @kind problem
 * @id cs/xml-injection
 * @problem.severity error
- * @problem.security-severity 9.8
 * @precision high
 * @tags security
 *       external/cwe/cwe-091
+ *       security-severity/9.8
 */

 import csharp
--- a/Features/CWE-094/CodeInjection.ql
+++ b/Features/CWE-094/CodeInjection.ql
@@ -4,13 +4,13 @@
 *              malicious code.
 * @kind path-problem
 * @problem.severity error
- * @problem.security-severity 9.8
 * @precision high
 * @id cs/code-injection
 * @tags security
 *       external/cwe/cwe-094
 *       external/cwe/cwe-095
 *       external/cwe/cwe-096
+ *       security-severity/9.8
 */

 import csharp
--- a/Features/CWE-099/ResourceInjection.ql
+++ b/Features/CWE-099/ResourceInjection.ql
@@ -4,7 +4,6 @@
 *              malicious user providing an unintended resource.
 * @kind path-problem
 * @problem.severity error
- * @problem.security-severity 9.8
 * @precision high
 * @id cs/resource-injection
 * @tags security
--- a/Features/CWE-112/MissingXMLValidation.ql
+++ b/Features/CWE-112/MissingXMLValidation.ql
@@ -4,11 +4,11 @@
 *              schema.
 * @kind path-problem
 * @problem.severity recommendation
- * @problem.security-severity 4.3
 * @precision high
 * @id cs/xml/missing-validation
 * @tags security
 *       external/cwe/cwe-112
+ *       security-severity/4.3
 */

 import csharp
--- a/Features/CWE-114/AssemblyPathInjection.ql
+++ b/Features/CWE-114/AssemblyPathInjection.ql
@@ -6,10 +6,10 @@
 * @kind problem
 * @id cs/assembly-path-injection
 * @problem.severity error
- * @problem.security-severity 8.2
 * @precision high
 * @tags security
 *       external/cwe/cwe-114
+ *       security-severity/8.2
 */

 import csharp
--- a/Features/CWE-117/LogForging.ql
+++ b/Features/CWE-117/LogForging.ql
@@ -4,11 +4,11 @@
 *              insertion of forged log entries by a malicious user.
 * @kind path-problem
 * @problem.severity error
- * @problem.security-severity 5.3
 * @precision high
 * @id cs/log-forging
 * @tags security
 *       external/cwe/cwe-117
+ *       security-severity/5.3
 */

 import csharp
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Calum Grant	6c1337791e	Add security-severity tags	2021-04-20 21:57:47 +01:00
yoff	ef0ea247c4	Merge pull request #5679 from tausbn/python-fix-bad-points-to-joins Python: Fix bad points-to joins	2021-04-20 21:19:32 +02:00
Tom Hvitved	3eba5b0aac	Merge pull request #5676 from hvitved/csharp/dispatch/get-a-viable-overrider-perf C#: Speedup `DispatchMethodOrAccessorCall::getAViableOverrider()`	2021-04-20 19:57:59 +02:00
yo-h	00137f2905	Merge pull request #5721 from github/yo-h/java-diagnostic-queries Java: add extractor `diagnostic` queries	2021-04-20 13:36:49 -04:00
Chris Smowton	a5cfdd2cfe	Merge pull request #5467 from p0wn4j/groovy-execute [Java] CWE-094: Query to detect Groovy Code Injections	2021-04-20 14:49:56 +01:00
Jonas Jensen	f02c86cb22	Merge pull request #5726 from MathiasVP/fix-false-positive-in-return-stack-allocated-memory-2 C++: Fix false positive in return stack allocated memory (second attempt)	2021-04-20 15:05:11 +02:00
Chris Smowton	9bfb0d93ca	Autoformat QL	2021-04-20 13:59:09 +01:00
Rasmus Wriedt Larsen	897105de02	Merge pull request #5717 from tausbn/python-use-api-graphs-in-django Python: Use API graphs in Django model	2021-04-20 14:57:55 +02:00
Mathias Vorreiter Pedersen	93e55e2631	C++: Fix FP in cpp/return-stack-allocated-memory.	2021-04-20 13:58:12 +02:00
Mathias Vorreiter Pedersen	1797b6c7f9	C++: Add FP test from the work on smart pointers in dataflow.	2021-04-20 13:54:57 +02:00
Chris Smowton	0ec3ee29e4	Style last use of `SecureASTCustomizer`	2021-04-20 12:44:49 +01:00
Hayk Andriasyan	bb58a50503	Update GroovyInjection.qhelp	2021-04-20 15:41:58 +04:00
p0wn4j	f2de440886	[Java] CWE-094: Query to detect Groovy Code Injections	2021-04-20 19:18:24 +04:00
yo-h	87cd72496c	Java: add extractor `diagnostic` queries	2021-04-19 15:34:16 -04:00
Taus	bc6685aa3f	Python: Fix typo Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2021-04-19 19:57:35 +02:00
Taus	9acc71a7cb	Python: Get rid of all `_attr` methods in `Django.qll`	2021-04-19 11:54:10 +00:00
Taus	f3661c34ee	Python: Clean up Django models using API graphs First sweep. Takes care of most of the models.	2021-04-16 19:53:36 +00:00
Tom Hvitved	946fcf1c82	C#: Speedup `DispatchMethodOrAccessorCall::getAViableOverrider()` In addition to improved performance, the analysis no longer applies a closed-world assumption to type parameters. That is, if the type of a receiver is a type parameter, then the call may target any method of a compatible receiver type, not just the types that actually instantiate the type parameter.	2021-04-16 10:43:17 +02:00
Taus	897d12420b	Python: Prevent bad join in `isinstanceEvaluatesTo` In some cases, we were joining the result of `val.getClass()` against the first argument of `Types::improperSubclass` before filtering out the vast majority of tuples by the call to `isinstance_call`. To fix this, we let `isinstance_call` take care of figuring out the class of the value being tested. As a bonus, this cleans up the only other place where `isinstance_call` is used, where we _also_ want to know the class of the value being tested in the `isinstance` call.	2021-04-14 16:49:12 +00:00
Taus	a7fcf52267	Python: Fix bad join in `total_cost` The recent change to `appliesTo` lead to a perturbation in the join order of this predicate, which resulted in a cartesian product between `call` and `ctx` being created (before being filtered by `appliesTo`). By splitting the intermediate result into its own helper predicate, suitably marked to prevent inlining/magic, we prevent this from happening again.	2021-04-14 15:36:01 +00:00