github · turbo · Jan 11, 2023 · Dec 14, 2022 · Dec 14, 2022 · Dec 14, 2022
@@ -25,6 +25,7 @@ If you have an idea for a query that you would like to share with other CodeQL u
 
     Each language-specific directory contains further subdirectories that group queries based on their `@tags` or purpose.
     - Experimental queries and libraries are stored in the `experimental` subdirectory within each language-specific directory in the [CodeQL repository](https://github.com/github/codeql). For example, experimental Java queries and libraries are stored in `java/ql/src/experimental` and any corresponding tests in `java/ql/test/experimental`.
+    - Experimental queries need to include `experimental` in their `@tags`
     - The structure of an `experimental` subdirectory mirrors the structure of its parent directory.
     - Select or create an appropriate directory in `experimental` based on the existing directory structure of `experimental` or its parent directory.
 

@@ -0,0 +1,9 @@
+- description: Extended and experimental security queries for C and C++
+- queries: .
+- apply: security-experimental-selectors.yml
+  from: codeql/suite-helpers
+- apply: codeql-suites/exclude-slow-queries.yml
+# Excluding problematically slow experimental queries
+- exclude:
+    query path:
+      - experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql
@@ -6,6 +6,7 @@
  * @id cpp/off-by-one-array-access
  * @tags reliability
  *       security
+ *       experimental
  */
 
 import cpp

@@ -7,6 +7,7 @@
  * @id cpp/overrun-write
  * @tags reliability
  *       security
+ *       experimental
  *       external/cwe/cwe-119
  *       external/cwe/cwe-131
  */

@@ -9,6 +9,7 @@
  * @tags reliability
  *       security
  *       external/cwe/cwe-476
+ *       experimental
  */
 
 import cpp

@@ -9,6 +9,7 @@
  * @precision medium
  * @tags correctness
  *       security
+ *       experimental
  *       external/cwe/cwe-20
  */
 

@@ -11,6 +11,7 @@
  * @problem.severity warning
  * @security-severity 7.5
  * @tags security
+ *       experimental
  *       external/cwe/cwe-020
  */
 

@@ -8,6 +8,7 @@
  * @precision high
  * @id cpp/wordexp-injection
  * @tags security
+ *       experimental
  *       external/cwe/cwe-078
  */
 

@@ -8,6 +8,7 @@
  * @tags correctness
  *       maintainability
  *       security
+ *       experimental
  *       external/cwe/cwe-1041
  */
 

@@ -9,6 +9,7 @@
  * @precision medium
  * @tags correctness
  *       security
+ *       experimental
  *       external/cwe/cwe-1126
  */
 

@@ -6,6 +6,7 @@
  * @id cpp/memory-unsafe-function-scan
  * @tags reliability
  *       security
+ *       experimental
  *       external/cwe/cwe-120
  */
 

@@ -7,6 +7,7 @@
  * @precision medium
  * @tags correctness
  *       security
+ *       experimental
  *       external/cwe/cwe-125
  */
 

@@ -6,6 +6,7 @@
  * @precision low
  * @tags security
  *       correctness
+ *       experimental
  *       external/cwe/cwe-190
  *       external/cwe/cwe-128
  * @id cpp/multiplication-overflow-in-alloc

@@ -7,6 +7,7 @@
  * @precision medium
  * @tags correctness
  *       security
+ *       experimental
  *       external/cwe/cwe-190
  */
 

@@ -7,6 +7,7 @@
  * @id cpp/constant-array-overflow
  * @tags reliability
  *       security
+ *       experimental
  */
 
 import experimental.semmle.code.cpp.semantic.analysis.RangeAnalysis

@@ -8,6 +8,7 @@
  * @id cpp/invalid-pointer-deref
  * @tags reliability
  *       security
+ *       experimental
  *       external/cwe/cwe-119
  *       external/cwe/cwe-125
  *       external/cwe/cwe-193

@@ -8,6 +8,7 @@
  * @tags correctness
  *       maintainability
  *       security
+ *       experimental
  *       external/cwe/cwe-200
  *       external/cwe/cwe-264
  */

@@ -7,6 +7,7 @@
  * @precision medium
  * @tags correctness
  *       security
+ *       experimental
  *       external/cwe/cwe-243
  *       external/cwe/cwe-252
  */

@@ -8,6 +8,7 @@
  * @tags correctness
  *       maintainability
  *       security
+ *       experimental
  *       external/cwe/cwe-266
  *       external/cwe/cwe-264
  *       external/cwe/cwe-200

@@ -8,6 +8,7 @@
  * @problem.severity recommendation
  * @id cpp/drop-linux-privileges-outoforder
  * @tags security
+ *       experimental
  *       external/cwe/cwe-273
  * @precision medium
  */

@@ -5,6 +5,7 @@
  * @problem.severity error
  * @id cpp/pam-auth-bypass
  * @tags security
+ *       experimental
  *       external/cwe/cwe-285
  */
 

@@ -6,6 +6,7 @@
  * @problem.severity error
  * @id cpp/private-cleartext-write
  * @tags security
+ *       experimental
  *       external/cwe/cwe-359
  */
 

@@ -11,6 +11,7 @@
  * @problem.severity warning
  * @security-severity 7.5
  * @tags security
+ *       experimental
  *       external/cwe/cwe-362
  */
 

@@ -7,6 +7,7 @@
  * @precision medium
  * @tags correctness
  *       security
+ *       experimental
  *       external/cwe/cwe-377
  */
 

@@ -8,6 +8,7 @@
  * @precision medium
  * @tags correctness
  *       security
+ *       experimental
  *       external/cwe/cwe-401
  */
 

@@ -6,6 +6,7 @@
  * @problem.severity warning
  * @precision medium
  * @tags security
+ *       experimental
  *       external/cwe/cwe-415
  */
 

@@ -7,6 +7,7 @@
  * @precision medium
  * @tags correctness
  *       security
+ *       experimental
  *       external/cwe/cwe-476
  *       external/cwe/cwe-415
  */

@@ -8,6 +8,7 @@
  * @precision medium
  * @tags correctness
  *       security
+ *       experimental
  *       external/cwe/cwe-561
  *       external/cwe/cwe-691
  *       external/cwe/cwe-478

@@ -7,6 +7,7 @@
  * @precision medium
  * @tags correctness
  *       security
+ *       experimental
  *       external/cwe/cwe-670
  */
 

@@ -6,6 +6,7 @@
  * @problem.severity warning
  * @precision medium
  * @tags security
+ *       experimental
  *       external/cwe/cwe-675
  *       external/cwe/cwe-666
  */

@@ -10,6 +10,7 @@
  * @precision medium
  * @tags correctness
  *       security
+ *       experimental
  *       external/cwe/cwe-691
  */
 

@@ -8,6 +8,7 @@
  * @precision medium
  * @tags correctness
  *       security
+ *       experimental
  *       external/cwe/cwe-691
  */
 

@@ -7,6 +7,7 @@
  * @precision medium
  * @tags correctness
  *       security
+ *       experimental
  *       external/cwe/cwe-703
  *       external/cwe/cwe-248
  *       external/cwe/cwe-390

@@ -7,6 +7,7 @@
  * @precision medium
  * @tags correctness
  *       security
+ *       experimental
  *       external/cwe/cwe-754
  *       external/cwe/cwe-908
  */

@@ -8,6 +8,7 @@
  * @problem.severity warning
  * @precision medium
  * @tags security
+ *       experimental
  *       external/cwe/cwe-758
  */
 

@@ -8,6 +8,7 @@
  * @precision medium
  * @tags maintainability
  *       readability
+ *       experimental
  *       external/cwe/cwe-783
  *       external/cwe/cwe-480
  */

@@ -8,6 +8,7 @@
  * @precision medium
  * @tags correctness
  *       security
+ *       experimental
  *       external/cwe/cwe-783
  *       external/cwe/cwe-480
  */

@@ -6,6 +6,7 @@
  * @problem.severity warning
  * @tags reliability
  *       security
+ *       experimental
  *       external/cwe/cwe-787
  */
 

@@ -8,6 +8,7 @@
  * @precision medium
  * @tags correctness
  *       security
+ *       experimental
  *       external/cwe/cwe-788
  */
 

@@ -0,0 +1,4 @@
+- description: Extended and experimental security queries for C#
+- queries: .
+- apply: security-experimental-selectors.yml
+  from: codeql/suite-helpers
@@ -7,6 +7,7 @@
  * @precision high
  * @id cs/webclient-path-injection
  * @tags security
+ *       experimental
  *       external/cwe/cwe-099
  *       external/cwe/cwe-023
  *       external/cwe/cwe-036

@@ -6,6 +6,7 @@
  * @precision high
  * @id cs/request-forgery
  * @tags security
+ *       experimental
  *       external/cwe/cwe-918
  */
 

@@ -9,6 +9,7 @@
  * @precision high
  * @id cs/web/cookie-httponly-not-set
  * @tags security
+ *       experimental
  *       external/cwe/cwe-1004
  */
 

@@ -4,6 +4,7 @@
  * @kind problem
  * @tags security
  *       cryptography
+ *       experimental
  *       external/cwe/cwe-327
  * @id cs/azure-storage/unsafe-usage-of-client-side-encryption-version
  * @problem.severity error

@@ -8,6 +8,7 @@
  * @precision high
  * @id cs/web/cookie-secure-not-set
  * @tags security
+ *       experimental
  *       external/cwe/cwe-319
  *       external/cwe/cwe-614
  */

@@ -5,6 +5,7 @@
  * @problem.severity error
  * @id cs/hash-without-salt
  * @tags security
+ *       experimental
  *       external/cwe-759
  */
 

@@ -4,6 +4,7 @@
  *   Higher precision version checks for exception throws, so less false positives are expected.
  * @kind problem
  * @tags security
+ *       experimental
  *       JsonWebTokenHandler
  *       manual-verification-required
  * @id cs/json-webtoken-handler/delegated-security-validations-always-return-true

@@ -3,6 +3,7 @@
  * @description Check if security sensitive token validations for `JsonWebTokenHandler` are being disabled.
  * @kind problem
  * @tags security
+ *       experimental
  *       JsonWebTokenHandler
  *       manual-verification-required
  * @id cs/json-webtoken-handler/security-validations-disabled

@@ -5,6 +5,7 @@
  * @problem.severity warning
  * @id cs/dataset-serialization/defining-dataset-related-type
  * @tags security
+ *       experimental
  */
 
 import csharp