From 4ec401a3f6d9bcd4976dc34779168af83c2544a5 Mon Sep 17 00:00:00 2001 From: turbo Date: Wed, 14 Dec 2022 17:15:50 +0100 Subject: [PATCH 1/5] Tag all security queries in supported languages' experimental directories with an experimental tag --- .../src/experimental/Likely Bugs/ArrayAccessProductFlow.ql | 1 + .../src/experimental/Likely Bugs/OverrunWriteProductFlow.ql | 1 + .../src/experimental/Likely Bugs/RedundantNullCheckParam.ql | 1 + .../Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql | 1 + .../Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql | 1 + .../src/experimental/Security/CWE/CWE-078/WordexpTainted.ql | 1 + .../Security/CWE/CWE-1041/FindWrapperFunctions.ql | 1 + .../DeclarationOfVariableWithUnnecessarilyWideScope.ql | 1 + .../Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql | 1 + .../CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql | 1 + .../Security/CWE/CWE-190/AllocMultiplicationOverflow.ql | 1 + .../CWE-190/DangerousUseOfTransformationAfterOperation.ql | 1 + .../Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql | 1 + .../experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql | 1 + .../CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql | 1 + .../CWE/CWE-243/IncorrectChangingWorkingDirectory.ql | 1 + .../Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql | 1 + .../Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql | 1 + .../experimental/Security/CWE/CWE-285/PamAuthorization.ql | 1 + .../Security/CWE/CWE-359/PrivateCleartextWrite.ql | 1 + cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql | 1 + .../Security/CWE/CWE-377/InsecureTemporaryFile.ql | 1 + .../Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql | 1 + cpp/ql/src/experimental/Security/CWE/CWE-415/DoubleFree.ql | 1 + .../Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql | 1 + .../Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql | 1 + .../Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql | 1 + .../src/experimental/Security/CWE/CWE-675/DoubleRelease.ql | 1 + ...sufficientControlFlowManagementAfterRefactoringTheCode.ql | 1 + ...nsufficientControlFlowManagementWhenUsingBitOperations.ql | 1 + .../Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql | 1 + .../Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql | 1 + .../CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql | 1 + ...rPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql | 1 + .../CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql | 1 + .../Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql | 1 + .../AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql | 1 + csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql | 1 + csharp/ql/src/experimental/CWE-918/RequestForgery.ql | 1 + .../Security Features/CWE-1004/CookieWithoutHttpOnly.ql | 1 + .../Azure/UnsafeUsageOfClientSideEncryptionVersion.ql | 1 + .../Security Features/CWE-614/CookieWithoutSecure.ql | 1 + .../Security Features/CWE-759/HashWithoutSalt.ql | 1 + .../delegated-security-validations-always-return-true.ql | 1 + .../JsonWebTokenHandler/security-validation-disabled.ql | 1 + .../Serialization/DefiningDatasetRelatedType.ql | 1 + .../Serialization/DefiningPotentiallyUnsafeXmlSerializer.ql | 1 + .../Serialization/UnsafeTypeUsedDataContractSerializer.ql | 1 + .../Serialization/XmlDeserializationWithDataSet.ql | 1 + .../backdoor/DangerousNativeFunctionCall.ql | 1 + .../Security Features/backdoor/PotentialTimeBomb.ql | 1 + .../Security Features/backdoor/ProcessNameToHashTaintFlow.ql | 1 + go/ql/src/experimental/CWE-090/LDAPInjection.ql | 1 + go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql | 1 + go/ql/src/experimental/CWE-285/PamAuthBypass.ql | 1 + go/ql/src/experimental/CWE-321/HardcodedKeys.ql | 1 + go/ql/src/experimental/CWE-327/WeakCryptoAlgorithm.ql | 5 +++-- go/ql/src/experimental/CWE-369/DivideByZero.ql | 1 + go/ql/src/experimental/CWE-400/DatabaseCallInLoop.ql | 2 ++ .../experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql | 1 + go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql | 2 ++ go/ql/src/experimental/CWE-840/ConditionalBypass.ql | 2 ++ go/ql/src/experimental/CWE-918/SSRF.ql | 1 + go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql | 1 + go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql | 1 + .../Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql | 1 + .../experimental/Security/CWE/CWE-016/SpringBootActuators.ql | 1 + .../experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql | 1 + java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql | 1 + .../experimental/Security/CWE/CWE-073/FilePathInjection.ql | 1 + java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql | 1 + .../Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql | 1 + .../Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql | 1 + .../experimental/Security/CWE/CWE-094/BeanShellInjection.ql | 1 + .../experimental/Security/CWE/CWE-094/InsecureDexLoading.ql | 1 + .../src/experimental/Security/CWE/CWE-094/JShellInjection.ql | 1 + .../Security/CWE/CWE-094/JakartaExpressionInjection.ql | 1 + .../src/experimental/Security/CWE/CWE-094/JythonInjection.ql | 1 + .../src/experimental/Security/CWE/CWE-094/ScriptInjection.ql | 1 + .../Security/CWE/CWE-094/SpringImplicitViewManipulation.ql | 1 + .../Security/CWE/CWE-094/SpringViewManipulation.ql | 1 + .../Security/CWE/CWE-1004/InsecureTomcatConfig.ql | 1 + .../Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql | 1 + .../Security/CWE/CWE-200/InsecureWebResourceResponse.ql | 1 + .../Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql | 1 + .../CWE/CWE-208/PossibleTimingAttackAgainstSignature.ql | 1 + .../Security/CWE/CWE-208/TimingAttackAgainstHeader.ql | 1 + .../Security/CWE/CWE-208/TimingAttackAgainstSignature.ql | 1 + .../Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql | 1 + .../Security/CWE/CWE-297/IgnoredHostnameVerification.ql | 1 + .../Security/CWE/CWE-297/InsecureLdapEndpoint.ql | 1 + .../Security/CWE/CWE-299/DisabledRevocationChecking.ql | 1 + .../src/experimental/Security/CWE/CWE-321/HardcodedJwtKey.ql | 1 + .../experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql | 1 + .../src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql | 1 + .../CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql | 1 + .../src/experimental/Security/CWE/CWE-352/JsonpInjection.ql | 1 + .../experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql | 1 + .../experimental/Security/CWE/CWE-470/UnsafeReflection.ql | 1 + java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql | 1 + .../experimental/Security/CWE/CWE-489/WebComponentMain.ql | 1 + java/ql/src/experimental/Security/CWE/CWE-489/devMode.ql | 1 + .../Security/CWE/CWE-502/UnsafeDeserializationRmi.ql | 1 + .../CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql | 1 + .../CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql | 1 + .../experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql | 1 + .../Security/CWE/CWE-548/InsecureDirectoryConfig.ql | 1 + .../experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql | 1 + .../Security/CWE/CWE-555/CredentialsInPropertiesFile.ql | 1 + .../Security/CWE/CWE-555/PasswordInConfigurationFile.ql | 1 + .../experimental/Security/CWE/CWE-598/SensitiveGetQuery.ql | 1 + .../Security/CWE/CWE-600/UncaughtServletException.ql | 1 + .../experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql | 1 + java/ql/src/experimental/Security/CWE/CWE-611/XXE.ql | 1 + java/ql/src/experimental/Security/CWE/CWE-611/XXELocal.ql | 1 + .../experimental/Security/CWE/CWE-625/PermissiveDotRegex.ql | 1 + .../src/experimental/Security/CWE/CWE-652/XQueryInjection.ql | 1 + .../CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql | 1 + .../src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql | 1 + .../src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql | 1 + .../Security/CWE/CWE-939/IncorrectURLVerification.ql | 1 + .../src/experimental/Security/CWE-094/UntrustedCheckout.ql | 1 + .../src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql | 1 + javascript/ql/src/experimental/Security/CWE-918/SSRF.ql | 1 + python/ql/src/experimental/Security/CWE-022/ZipSlip.ql | 1 + .../ql/src/experimental/Security/CWE-022bis/TarSlipImprov.ql | 1 + .../src/experimental/Security/CWE-074/TemplateInjection.ql | 1 + python/ql/src/experimental/Security/CWE-079/ReflectedXSS.ql | 1 + python/ql/src/experimental/Security/CWE-091/Xslt.ql | 1 + .../ql/src/experimental/Security/CWE-113/HeaderInjection.ql | 1 + python/ql/src/experimental/Security/CWE-1236/CsvInjection.ql | 1 + .../ql/src/experimental/Security/CWE-287/ImproperLdapAuth.ql | 1 + .../Azure/UnsafeUsageOfClientSideEncryptionVersion.ql | 1 + .../src/experimental/Security/CWE-338/InsecureRandomness.ql | 1 + .../src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql | 1 + .../experimental/Security/CWE-347/JWTEmptyKeyOrAlgorithm.ql | 1 + .../CWE-347/JWTMissingSecretOrPublicKeyVerification.ql | 1 + .../Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql | 1 + .../ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql | 1 + .../src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql | 1 + .../ql/src/experimental/Security/CWE-614/CookieInjection.ql | 1 + .../ql/src/experimental/Security/CWE-614/InsecureCookie.ql | 1 + .../ql/src/experimental/Security/CWE-943/NoSQLInjection.ql | 1 + ruby/ql/src/experimental/cwe-807/ConditionalBypass.ql | 1 + .../src/experimental/decompression-api/DecompressionApi.ql | 4 +++- .../experimental/improper-memoization/ImproperMemoization.ql | 1 + .../manually-check-http-verb/ManuallyCheckHttpVerb.ql | 1 + ruby/ql/src/experimental/weak-params/WeakParams.ql | 1 + 148 files changed, 155 insertions(+), 3 deletions(-) diff --git a/cpp/ql/src/experimental/Likely Bugs/ArrayAccessProductFlow.ql b/cpp/ql/src/experimental/Likely Bugs/ArrayAccessProductFlow.ql index b9b0383fd6bf..61c0af6be26b 100644 --- a/cpp/ql/src/experimental/Likely Bugs/ArrayAccessProductFlow.ql +++ b/cpp/ql/src/experimental/Likely Bugs/ArrayAccessProductFlow.ql @@ -6,6 +6,7 @@ * @id cpp/off-by-one-array-access * @tags reliability * security + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql index 0f727c5e54d0..5e0d1d7b5bb3 100644 --- a/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql +++ b/cpp/ql/src/experimental/Likely Bugs/OverrunWriteProductFlow.ql @@ -7,6 +7,7 @@ * @id cpp/overrun-write * @tags reliability * security + * experimental * external/cwe/cwe-119 * external/cwe/cwe-131 */ diff --git a/cpp/ql/src/experimental/Likely Bugs/RedundantNullCheckParam.ql b/cpp/ql/src/experimental/Likely Bugs/RedundantNullCheckParam.ql index 2ee4559cdaeb..36e42cae92a4 100644 --- a/cpp/ql/src/experimental/Likely Bugs/RedundantNullCheckParam.ql +++ b/cpp/ql/src/experimental/Likely Bugs/RedundantNullCheckParam.ql @@ -9,6 +9,7 @@ * @tags reliability * security * external/cwe/cwe-476 + * experimental */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql b/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql index 0d426492cdf3..07d18992db66 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql @@ -9,6 +9,7 @@ * @precision medium * @tags correctness * security + * experimental * external/cwe/cwe-20 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql b/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql index f01a7cb1ed0e..8a93e93476e5 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-020/NoCheckBeforeUnsafePutUser.ql @@ -11,6 +11,7 @@ * @problem.severity warning * @security-severity 7.5 * @tags security + * experimental * external/cwe/cwe-020 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql index 40b61ff60f64..f4de1251e8ba 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-078/WordexpTainted.ql @@ -8,6 +8,7 @@ * @precision high * @id cpp/wordexp-injection * @tags security + * experimental * external/cwe/cwe-078 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql b/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql index 700993b58ed0..cc25326f0b4a 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-1041/FindWrapperFunctions.ql @@ -8,6 +8,7 @@ * @tags correctness * maintainability * security + * experimental * external/cwe/cwe-1041 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.ql b/cpp/ql/src/experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.ql index e73f36145c60..136931f00ec6 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.ql @@ -9,6 +9,7 @@ * @precision medium * @tags correctness * security + * experimental * external/cwe/cwe-1126 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql b/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql index dd98d1b60535..c74918dbb88d 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.ql @@ -6,6 +6,7 @@ * @id cpp/memory-unsafe-function-scan * @tags reliability * security + * experimental * external/cwe/cwe-120 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql b/cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql index 0b7555c9e41a..12a44be0d1fc 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-125/DangerousWorksWithMultibyteOrWideCharacters.ql @@ -7,6 +7,7 @@ * @precision medium * @tags correctness * security + * experimental * external/cwe/cwe-125 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql b/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql index 3a253854679b..86423e8e2646 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/AllocMultiplicationOverflow.ql @@ -6,6 +6,7 @@ * @precision low * @tags security * correctness + * experimental * external/cwe/cwe-190 * external/cwe/cwe-128 * @id cpp/multiplication-overflow-in-alloc diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql b/cpp/ql/src/experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql index 026c279de7cc..e848b97ef8f7 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-190/DangerousUseOfTransformationAfterOperation.ql @@ -7,6 +7,7 @@ * @precision medium * @tags correctness * security + * experimental * external/cwe/cwe-190 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql index 990c43564256..b7c2810541f2 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql @@ -7,6 +7,7 @@ * @id cpp/constant-array-overflow * @tags reliability * security + * experimental */ import experimental.semmle.code.cpp.semantic.analysis.RangeAnalysis diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql index d2593dd05a0d..8ecd855a3bc2 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-193/InvalidPointerDeref.ql @@ -8,6 +8,7 @@ * @id cpp/invalid-pointer-deref * @tags reliability * security + * experimental * external/cwe/cwe-119 * external/cwe/cwe-125 * external/cwe/cwe-193 diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql b/cpp/ql/src/experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql index ec32ccd4bfca..61708ce5da0d 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-200/ExposureSensitiveInformationUnauthorizedActor.ql @@ -8,6 +8,7 @@ * @tags correctness * maintainability * security + * experimental * external/cwe/cwe-200 * external/cwe/cwe-264 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql b/cpp/ql/src/experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql index 02d57ee3c3f5..ce5f4dd00f87 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql @@ -7,6 +7,7 @@ * @precision medium * @tags correctness * security + * experimental * external/cwe/cwe-243 * external/cwe/cwe-252 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql index 5bdd5a21fe52..a8f931555991 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql @@ -8,6 +8,7 @@ * @tags correctness * maintainability * security + * experimental * external/cwe/cwe-266 * external/cwe/cwe-264 * external/cwe/cwe-200 diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql b/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql index 0491d7118333..67464d4b37a5 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-273/PrivilegeDroppingOutoforder.ql @@ -8,6 +8,7 @@ * @problem.severity recommendation * @id cpp/drop-linux-privileges-outoforder * @tags security + * experimental * external/cwe/cwe-273 * @precision medium */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-285/PamAuthorization.ql b/cpp/ql/src/experimental/Security/CWE/CWE-285/PamAuthorization.ql index 5292a705d93b..59c4a68c92aa 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-285/PamAuthorization.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-285/PamAuthorization.ql @@ -5,6 +5,7 @@ * @problem.severity error * @id cpp/pam-auth-bypass * @tags security + * experimental * external/cwe/cwe-285 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql b/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql index 133b38372a69..273e3b7855a5 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-359/PrivateCleartextWrite.ql @@ -6,6 +6,7 @@ * @problem.severity error * @id cpp/private-cleartext-write * @tags security + * experimental * external/cwe/cwe-359 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql b/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql index 39ab8c1ead45..4f641ba34065 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-362/double-fetch.ql @@ -11,6 +11,7 @@ * @problem.severity warning * @security-severity 7.5 * @tags security + * experimental * external/cwe/cwe-362 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql b/cpp/ql/src/experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql index 0852cb90918b..f62222eb5b93 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-377/InsecureTemporaryFile.ql @@ -7,6 +7,7 @@ * @precision medium * @tags correctness * security + * experimental * external/cwe/cwe-377 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql b/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql index ce991a42a68e..3132b103bbcc 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql @@ -8,6 +8,7 @@ * @precision medium * @tags correctness * security + * experimental * external/cwe/cwe-401 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-415/DoubleFree.ql b/cpp/ql/src/experimental/Security/CWE/CWE-415/DoubleFree.ql index 0544c2aefd57..a6b70d9c5066 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-415/DoubleFree.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-415/DoubleFree.ql @@ -6,6 +6,7 @@ * @problem.severity warning * @precision medium * @tags security + * experimental * external/cwe/cwe-415 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql b/cpp/ql/src/experimental/Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql index 2feca2679026..4eb24c143220 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-476/DangerousUseOfExceptionBlocks.ql @@ -7,6 +7,7 @@ * @precision medium * @tags correctness * security + * experimental * external/cwe/cwe-476 * external/cwe/cwe-415 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql b/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql index 2de9cf5fc78c..a643c3e3bf08 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-561/FindIncorrectlyUsedSwitch.ql @@ -8,6 +8,7 @@ * @precision medium * @tags correctness * security + * experimental * external/cwe/cwe-561 * external/cwe/cwe-691 * external/cwe/cwe-478 diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql b/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql index 187b30a73b91..a5270518894a 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-670/DangerousUseSSL_shutdown.ql @@ -7,6 +7,7 @@ * @precision medium * @tags correctness * security + * experimental * external/cwe/cwe-670 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql b/cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql index 7a884769bf8f..a933ed063b22 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-675/DoubleRelease.ql @@ -6,6 +6,7 @@ * @problem.severity warning * @precision medium * @tags security + * experimental * external/cwe/cwe-675 * external/cwe/cwe-666 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementAfterRefactoringTheCode.ql b/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementAfterRefactoringTheCode.ql index 72c622baf76a..e0b248c20664 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementAfterRefactoringTheCode.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementAfterRefactoringTheCode.ql @@ -10,6 +10,7 @@ * @precision medium * @tags correctness * security + * experimental * external/cwe/cwe-691 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementWhenUsingBitOperations.ql b/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementWhenUsingBitOperations.ql index 72d7625b5170..2772fbabd22d 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementWhenUsingBitOperations.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-691/InsufficientControlFlowManagementWhenUsingBitOperations.ql @@ -8,6 +8,7 @@ * @precision medium * @tags correctness * security + * experimental * external/cwe/cwe-691 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql b/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql index 97c1e4100661..5ee747db8803 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-703/FindIncorrectlyUsedExceptions.ql @@ -7,6 +7,7 @@ * @precision medium * @tags correctness * security + * experimental * external/cwe/cwe-703 * external/cwe/cwe-248 * external/cwe/cwe-390 diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql b/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql index d19f72cf2c7f..46d5d618e070 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-754/ImproperCheckReturnValueScanf.ql @@ -7,6 +7,7 @@ * @precision medium * @tags correctness * security + * experimental * external/cwe/cwe-754 * external/cwe/cwe-908 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql b/cpp/ql/src/experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql index bafe3d13b842..7303aaf9644d 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-758/UndefinedOrImplementationDefinedBehavior.ql @@ -8,6 +8,7 @@ * @problem.severity warning * @precision medium * @tags security + * experimental * external/cwe/cwe-758 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql b/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql index 54a4490dc519..8bb1d0ba97bf 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql @@ -8,6 +8,7 @@ * @precision medium * @tags maintainability * readability + * experimental * external/cwe/cwe-783 * external/cwe/cwe-480 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql b/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql index dd71703b5300..d56e09a5284b 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-783/OperatorPrecedenceLogicErrorWhenUseBoolType.ql @@ -8,6 +8,7 @@ * @precision medium * @tags correctness * security + * experimental * external/cwe/cwe-783 * external/cwe/cwe-480 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql b/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql index 4327d6e364ef..aead62522bd4 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-787/UnsignedToSignedPointerArith.ql @@ -6,6 +6,7 @@ * @problem.severity warning * @tags reliability * security + * experimental * external/cwe/cwe-787 */ diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql b/cpp/ql/src/experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql index 3d1e0637fe65..083d7b1a6693 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-788/AccessOfMemoryLocationAfterEndOfBufferUsingStrlen.ql @@ -8,6 +8,7 @@ * @precision medium * @tags correctness * security + * experimental * external/cwe/cwe-788 */ diff --git a/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql b/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql index 8cee95a3d543..e4d2cbd0d4e8 100644 --- a/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql +++ b/csharp/ql/src/experimental/CWE-099/TaintedWebClient.ql @@ -7,6 +7,7 @@ * @precision high * @id cs/webclient-path-injection * @tags security + * experimental * external/cwe/cwe-099 * external/cwe/cwe-023 * external/cwe/cwe-036 diff --git a/csharp/ql/src/experimental/CWE-918/RequestForgery.ql b/csharp/ql/src/experimental/CWE-918/RequestForgery.ql index 53af17bb8428..bdf2e588e884 100644 --- a/csharp/ql/src/experimental/CWE-918/RequestForgery.ql +++ b/csharp/ql/src/experimental/CWE-918/RequestForgery.ql @@ -6,6 +6,7 @@ * @precision high * @id cs/request-forgery * @tags security + * experimental * external/cwe/cwe-918 */ diff --git a/csharp/ql/src/experimental/Security Features/CWE-1004/CookieWithoutHttpOnly.ql b/csharp/ql/src/experimental/Security Features/CWE-1004/CookieWithoutHttpOnly.ql index 0718e840139b..c53ad1243042 100644 --- a/csharp/ql/src/experimental/Security Features/CWE-1004/CookieWithoutHttpOnly.ql +++ b/csharp/ql/src/experimental/Security Features/CWE-1004/CookieWithoutHttpOnly.ql @@ -9,6 +9,7 @@ * @precision high * @id cs/web/cookie-httponly-not-set * @tags security + * experimental * external/cwe/cwe-1004 */ diff --git a/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql b/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql index be503fe31d12..c218471ac462 100644 --- a/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql +++ b/csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql @@ -4,6 +4,7 @@ * @kind problem * @tags security * cryptography + * experimental * external/cwe/cwe-327 * @id cs/azure-storage/unsafe-usage-of-client-side-encryption-version * @problem.severity error diff --git a/csharp/ql/src/experimental/Security Features/CWE-614/CookieWithoutSecure.ql b/csharp/ql/src/experimental/Security Features/CWE-614/CookieWithoutSecure.ql index f27ce50e7faf..c10db6bfb317 100644 --- a/csharp/ql/src/experimental/Security Features/CWE-614/CookieWithoutSecure.ql +++ b/csharp/ql/src/experimental/Security Features/CWE-614/CookieWithoutSecure.ql @@ -8,6 +8,7 @@ * @precision high * @id cs/web/cookie-secure-not-set * @tags security + * experimental * external/cwe/cwe-319 * external/cwe/cwe-614 */ diff --git a/csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql b/csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql index a833ac79898d..ab3c7f8d59c8 100644 --- a/csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql +++ b/csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql @@ -5,6 +5,7 @@ * @problem.severity error * @id cs/hash-without-salt * @tags security + * experimental * external/cwe-759 */ diff --git a/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql b/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql index 2ee7c7edb1fc..f686d8f845fa 100644 --- a/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql +++ b/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/delegated-security-validations-always-return-true.ql @@ -4,6 +4,7 @@ * Higher precision version checks for exception throws, so less false positives are expected. * @kind problem * @tags security + * experimental * JsonWebTokenHandler * manual-verification-required * @id cs/json-webtoken-handler/delegated-security-validations-always-return-true diff --git a/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql b/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql index 84c846c3a915..54a2301734dc 100644 --- a/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql +++ b/csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/security-validation-disabled.ql @@ -3,6 +3,7 @@ * @description Check if security sensitive token validations for `JsonWebTokenHandler` are being disabled. * @kind problem * @tags security + * experimental * JsonWebTokenHandler * manual-verification-required * @id cs/json-webtoken-handler/security-validations-disabled diff --git a/csharp/ql/src/experimental/Security Features/Serialization/DefiningDatasetRelatedType.ql b/csharp/ql/src/experimental/Security Features/Serialization/DefiningDatasetRelatedType.ql index be79f2849ad9..47153f926c1b 100644 --- a/csharp/ql/src/experimental/Security Features/Serialization/DefiningDatasetRelatedType.ql +++ b/csharp/ql/src/experimental/Security Features/Serialization/DefiningDatasetRelatedType.ql @@ -5,6 +5,7 @@ * @problem.severity warning * @id cs/dataset-serialization/defining-dataset-related-type * @tags security + * experimental */ import csharp diff --git a/csharp/ql/src/experimental/Security Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.ql b/csharp/ql/src/experimental/Security Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.ql index 320096d63015..0e87f724b962 100644 --- a/csharp/ql/src/experimental/Security Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.ql +++ b/csharp/ql/src/experimental/Security Features/Serialization/DefiningPotentiallyUnsafeXmlSerializer.ql @@ -6,6 +6,7 @@ * @precision medium * @id cs/dataset-serialization/defining-potentially-unsafe-xml-serializer * @tags security + * experimental */ import csharp diff --git a/csharp/ql/src/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql b/csharp/ql/src/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql index 5907e4be3111..00622007cbf6 100644 --- a/csharp/ql/src/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql +++ b/csharp/ql/src/experimental/Security Features/Serialization/UnsafeTypeUsedDataContractSerializer.ql @@ -6,6 +6,7 @@ * @precision medium * @id cs/dataset-serialization/unsafe-type-used-data-contract-serializer * @tags security + * experimental */ import csharp diff --git a/csharp/ql/src/experimental/Security Features/Serialization/XmlDeserializationWithDataSet.ql b/csharp/ql/src/experimental/Security Features/Serialization/XmlDeserializationWithDataSet.ql index d4392ca4544b..fbcba87bcf64 100644 --- a/csharp/ql/src/experimental/Security Features/Serialization/XmlDeserializationWithDataSet.ql +++ b/csharp/ql/src/experimental/Security Features/Serialization/XmlDeserializationWithDataSet.ql @@ -6,6 +6,7 @@ * @precision medium * @id cs/dataset-serialization/xml-deserialization-with-dataset * @tags security + * experimental */ import csharp diff --git a/csharp/ql/src/experimental/Security Features/backdoor/DangerousNativeFunctionCall.ql b/csharp/ql/src/experimental/Security Features/backdoor/DangerousNativeFunctionCall.ql index c9d247d69f3f..b0f066ba70bf 100644 --- a/csharp/ql/src/experimental/Security Features/backdoor/DangerousNativeFunctionCall.ql +++ b/csharp/ql/src/experimental/Security Features/backdoor/DangerousNativeFunctionCall.ql @@ -6,6 +6,7 @@ * @precision low * @id cs/backdoor/dangerous-native-functions * @tags security + * experimental * solorigate */ diff --git a/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql b/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql index 9ccbd6754865..7f1d48788db6 100644 --- a/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql +++ b/csharp/ql/src/experimental/Security Features/backdoor/PotentialTimeBomb.ql @@ -6,6 +6,7 @@ * @problem.severity warning * @id cs/backdoor/potential-time-bomb * @tags security + * experimental * solorigate */ diff --git a/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql b/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql index 6f5acf29f1d9..17c59a338a47 100644 --- a/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql +++ b/csharp/ql/src/experimental/Security Features/backdoor/ProcessNameToHashTaintFlow.ql @@ -3,6 +3,7 @@ * @description Flow from a function retrieving process name to a hash function. * @kind path-problem * @tags security + * experimental * solorigate * @problem.severity warning * @precision medium diff --git a/go/ql/src/experimental/CWE-090/LDAPInjection.ql b/go/ql/src/experimental/CWE-090/LDAPInjection.ql index 48f751b29bd4..cdcc38ebd908 100644 --- a/go/ql/src/experimental/CWE-090/LDAPInjection.ql +++ b/go/ql/src/experimental/CWE-090/LDAPInjection.ql @@ -6,6 +6,7 @@ * @problem.severity error * @id go/ldap-injection * @tags security + * experimental * external/cwe/cwe-90 */ diff --git a/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql b/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql index ff6956a66ef5..a16a446fe560 100644 --- a/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql +++ b/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql @@ -9,6 +9,7 @@ * @precision high * @id go/cookie-httponly-not-set * @tags security + * experimental * external/cwe/cwe-1004 */ diff --git a/go/ql/src/experimental/CWE-285/PamAuthBypass.ql b/go/ql/src/experimental/CWE-285/PamAuthBypass.ql index 4a9d953fc405..3e6864c021f0 100644 --- a/go/ql/src/experimental/CWE-285/PamAuthBypass.ql +++ b/go/ql/src/experimental/CWE-285/PamAuthBypass.ql @@ -6,6 +6,7 @@ * @id go/pam-auth-bypass * @tags maintainability * correctness + * experimental * external/cwe/cwe-561 * external/cwe/cwe-285 * @precision very-high diff --git a/go/ql/src/experimental/CWE-321/HardcodedKeys.ql b/go/ql/src/experimental/CWE-321/HardcodedKeys.ql index 06dacfcac278..47851d8b4b99 100644 --- a/go/ql/src/experimental/CWE-321/HardcodedKeys.ql +++ b/go/ql/src/experimental/CWE-321/HardcodedKeys.ql @@ -5,6 +5,7 @@ * @problem.severity error * @id go/hardcoded-key * @tags security + * experimental * external/cwe/cwe-321 */ diff --git a/go/ql/src/experimental/CWE-327/WeakCryptoAlgorithm.ql b/go/ql/src/experimental/CWE-327/WeakCryptoAlgorithm.ql index 36f95c7d394d..04a7dae55955 100644 --- a/go/ql/src/experimental/CWE-327/WeakCryptoAlgorithm.ql +++ b/go/ql/src/experimental/CWE-327/WeakCryptoAlgorithm.ql @@ -5,8 +5,9 @@ * @problem.severity error * @id go/weak-crypto-algorithm * @tags security - * external/cwe/cwe-327 - * external/cwe/cwe-328 + * experimental + * external/cwe/cwe-327 + * external/cwe/cwe-328 */ import go diff --git a/go/ql/src/experimental/CWE-369/DivideByZero.ql b/go/ql/src/experimental/CWE-369/DivideByZero.ql index b2e61bef37da..9e48e7f6fc49 100644 --- a/go/ql/src/experimental/CWE-369/DivideByZero.ql +++ b/go/ql/src/experimental/CWE-369/DivideByZero.ql @@ -5,6 +5,7 @@ * @problem.severity error * @id go/divide-by-zero * @tags security + * experimental * external/cwe/cwe-369 */ diff --git a/go/ql/src/experimental/CWE-400/DatabaseCallInLoop.ql b/go/ql/src/experimental/CWE-400/DatabaseCallInLoop.ql index eaabdea1e579..ed02275a33c1 100644 --- a/go/ql/src/experimental/CWE-400/DatabaseCallInLoop.ql +++ b/go/ql/src/experimental/CWE-400/DatabaseCallInLoop.ql @@ -6,6 +6,8 @@ * @problem.severity warning * @precision high * @id go/examples/database-call-in-loop + * @tags security + * experimental */ import go diff --git a/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql b/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql index 81c2663a3b1f..eb6c7668f063 100644 --- a/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql +++ b/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql @@ -6,6 +6,7 @@ * @problem.severity warning * @id go/html-template-escaping-passthrough * @tags security + * experimental * external/cwe/cwe-79 */ diff --git a/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql b/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql index 632e90065e60..5edc839f60c9 100644 --- a/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql +++ b/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql @@ -8,6 +8,8 @@ * @tags external/cwe/cwe-807 * external/cwe/cwe-247 * external/cwe/cwe-350 + * experimental + * security */ import go diff --git a/go/ql/src/experimental/CWE-840/ConditionalBypass.ql b/go/ql/src/experimental/CWE-840/ConditionalBypass.ql index 1776c3a7d87d..87bfac1c1d58 100644 --- a/go/ql/src/experimental/CWE-840/ConditionalBypass.ql +++ b/go/ql/src/experimental/CWE-840/ConditionalBypass.ql @@ -6,6 +6,8 @@ * @kind problem * @problem.severity warning * @tags external/cwe/cwe-840 + * security + * experimental */ import go diff --git a/go/ql/src/experimental/CWE-918/SSRF.ql b/go/ql/src/experimental/CWE-918/SSRF.ql index 4c14969c35fa..a58ac6603850 100644 --- a/go/ql/src/experimental/CWE-918/SSRF.ql +++ b/go/ql/src/experimental/CWE-918/SSRF.ql @@ -6,6 +6,7 @@ * @problem.severity error * @precision high * @tags security + * experimental * external/cwe/cwe-918 */ diff --git a/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql b/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql index 9dd62083df4f..007178941f75 100644 --- a/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql +++ b/go/ql/src/experimental/CWE-942/CorsMisconfiguration.ql @@ -7,6 +7,7 @@ * @problem.severity warning * @id go/cors-misconfiguration * @tags security + * experimental * external/cwe/cwe-942 * external/cwe/cwe-346 */ diff --git a/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql b/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql index 3dfc90dc40af..607ec2aa11ee 100644 --- a/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql +++ b/go/ql/src/experimental/Unsafe/WrongUsageOfUnsafe.ql @@ -6,6 +6,7 @@ * @problem.severity error * @id go/wrong-usage-of-unsafe * @tags security + * experimental * external/cwe/cwe-119 * external/cwe/cwe-126 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql b/java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql index 698dae57b96e..800fc6db5641 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql @@ -7,6 +7,7 @@ * @precision high * @id java/insecure-spring-actuator-config * @tags security + * experimental * external/cwe/cwe-016 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql b/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql index 85daa77cc560..b700e691550f 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql @@ -7,6 +7,7 @@ * @precision high * @id java/spring-boot-exposed-actuators * @tags security + * experimental * external/cwe/cwe-16 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql index 369833a4df2f..d65e2110de12 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql @@ -8,6 +8,7 @@ * @precision high * @id java/log4j-injection * @tags security + * experimental * external/cwe/cwe-020 * external/cwe/cwe-074 * external/cwe/cwe-400 diff --git a/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql b/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql index dd23cfd5ff87..f3fe58e59e01 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql @@ -7,6 +7,7 @@ * @precision medium * @id java/openstream-called-on-tainted-url * @tags security + * experimental * external/cwe/cwe-036 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql index 9c976c8dce7d..3bb8ef93fd2b 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql @@ -8,6 +8,7 @@ * @precision high * @id java/file-path-injection * @tags security + * experimental * external/cwe-073 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql b/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql index 7915d8f2bce1..e672519d1c70 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql @@ -7,6 +7,7 @@ * @precision high * @id java/command-line-injection-experimental * @tags security + * experimental * external/cwe/cwe-078 * external/cwe/cwe-088 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql index 2d1e605c4269..35bfa0f0e17d 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql @@ -8,6 +8,7 @@ * @precision high * @id java/mybatis-annotation-sql-injection * @tags security + * experimental * external/cwe/cwe-089 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql index 9aeb95ea94a0..53359d448ded 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql @@ -8,6 +8,7 @@ * @precision high * @id java/mybatis-xml-sql-injection * @tags security + * experimental * external/cwe/cwe-089 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql index b8301d4f9776..5c4b4288eab7 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql @@ -7,6 +7,7 @@ * @precision high * @id java/beanshell-injection * @tags security + * experimental * external/cwe/cwe-094 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/InsecureDexLoading.ql b/java/ql/src/experimental/Security/CWE/CWE-094/InsecureDexLoading.ql index bae3ed63d700..5c0eb61253b8 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/InsecureDexLoading.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/InsecureDexLoading.ql @@ -7,6 +7,7 @@ * @precision high * @id java/android-insecure-dex-loading * @tags security + * experimental * external/cwe/cwe-094 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql index 451dff794442..bda4d170c605 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql @@ -7,6 +7,7 @@ * @precision high * @id java/jshell-injection * @tags security + * experimental * external/cwe/cwe-094 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.ql index 8190ec3d61f1..5b09d0ac2d89 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.ql @@ -7,6 +7,7 @@ * @precision high * @id java/javaee-expression-injection * @tags security + * experimental * external/cwe/cwe-094 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql index a3dc6e6c39a2..743d6e9351f7 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql @@ -7,6 +7,7 @@ * @precision high * @id java/jython-injection * @tags security + * experimental * external/cwe/cwe-094 * external/cwe/cwe-095 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql index a7bb5fb0d18a..5c1f5e173111 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql @@ -7,6 +7,7 @@ * @precision high * @id java/unsafe-eval * @tags security + * experimental * external/cwe/cwe-094 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql b/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql index e176c5132132..a99664f49f0c 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql @@ -6,6 +6,7 @@ * @precision high * @id java/spring-view-manipulation-implicit * @tags security + * experimental * external/cwe/cwe-094 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.ql b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.ql index 3c490e6bf684..118f15860fc6 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.ql @@ -6,6 +6,7 @@ * @precision high * @id java/spring-view-manipulation * @tags security + * experimental * external/cwe/cwe-094 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-1004/InsecureTomcatConfig.ql b/java/ql/src/experimental/Security/CWE/CWE-1004/InsecureTomcatConfig.ql index 5d259b63b14a..4cf82d267148 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-1004/InsecureTomcatConfig.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-1004/InsecureTomcatConfig.ql @@ -6,6 +6,7 @@ * @precision medium * @id java/tomcat-disabled-httponly * @tags security + * experimental * external/cwe/cwe-1004 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql b/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql index 1ee1bccd2f92..a43387a24b05 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql @@ -7,6 +7,7 @@ * @precision medium * @id java/sensitive-cookie-not-httponly * @tags security + * experimental * external/cwe/cwe-1004 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql b/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql index 7327f2cebf28..41b7cc0e1e39 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql @@ -6,6 +6,7 @@ * @id java/insecure-webview-resource-response * @problem.severity error * @tags security + * experimental * external/cwe/cwe-200 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql b/java/ql/src/experimental/Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql index 9769ee1eafc0..38d128ee81ae 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql @@ -6,6 +6,7 @@ * @id java/sensitive-android-file-leak * @problem.severity warning * @tags security + * experimental * external/cwe/cwe-200 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-208/PossibleTimingAttackAgainstSignature.ql b/java/ql/src/experimental/Security/CWE/CWE-208/PossibleTimingAttackAgainstSignature.ql index 9e0835e2aac5..f569bdb01070 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-208/PossibleTimingAttackAgainstSignature.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-208/PossibleTimingAttackAgainstSignature.ql @@ -9,6 +9,7 @@ * @precision medium * @id java/possible-timing-attack-against-signature * @tags security + * experimental * external/cwe/cwe-208 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql b/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql index 52405e9958e3..1f92d09693f0 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql @@ -7,6 +7,7 @@ * @precision high * @id java/timing-attack-against-headers-value * @tags security + * experimental * external/cwe/cwe-208 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstSignature.ql b/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstSignature.ql index 488b49684b2c..15812817205f 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstSignature.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstSignature.ql @@ -10,6 +10,7 @@ * @precision high * @id java/timing-attack-against-signature * @tags security + * experimental * external/cwe/cwe-208 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql b/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql index f664f4ce9539..8e91ea4bb563 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql @@ -8,6 +8,7 @@ * @precision medium * @id java/jxbrowser/disabled-certificate-validation * @tags security + * experimental * external/cwe/cwe-295 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql b/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql index c4bb1192f2be..2a60ce988fc5 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql @@ -7,6 +7,7 @@ * @precision high * @id java/ignored-hostname-verification * @tags security + * experimental * external/cwe/cwe-297 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql b/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql index 5ac93ffac2ae..bba8213cf0a3 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql @@ -8,6 +8,7 @@ * @precision medium * @id java/insecure-ldaps-endpoint * @tags security + * experimental * external/cwe/cwe-297 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql b/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql index a6d2049bd16f..6d4c46d755e5 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql @@ -7,6 +7,7 @@ * @precision high * @id java/disabled-certificate-revocation-checking * @tags security + * experimental * external/cwe/cwe-299 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-321/HardcodedJwtKey.ql b/java/ql/src/experimental/Security/CWE/CWE-321/HardcodedJwtKey.ql index 63c55793cbf9..521a355bdab4 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-321/HardcodedJwtKey.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-321/HardcodedJwtKey.ql @@ -5,6 +5,7 @@ * @problem.severity error * @id java/hardcoded-jwt-key * @tags security + * experimental * external/cwe/cwe-321 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql b/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql index 3a1195d8a7c5..e5ec52843479 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql @@ -7,6 +7,7 @@ * @precision high * @id java/unsafe-tls-version * @tags security + * experimental * external/cwe/cwe-327 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql b/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql index c5a6c36d6a61..5f6146e2bc48 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql @@ -6,6 +6,7 @@ * @precision high * @id java/unvalidated-cors-origin-set * @tags security + * experimental * external/cwe/cwe-346 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql b/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql index 78d8bfee5f06..a7be17292799 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql @@ -7,6 +7,7 @@ * @precision high * @id java/ip-address-spoofing * @tags security + * experimental * external/cwe/cwe-348 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql index 71ee842f1627..9518a04ff6f3 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql @@ -7,6 +7,7 @@ * @precision high * @id java/jsonp-injection * @tags security + * experimental * external/cwe/cwe-352 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql b/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql index a3ef56f82cb7..a1e9ea0ccac6 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql @@ -6,6 +6,7 @@ * @id java/thread-resource-abuse * @problem.severity warning * @tags security + * experimental * external/cwe/cwe-400 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql index 6ff2bc27dd43..291b57e3713e 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql @@ -7,6 +7,7 @@ * @precision high * @id java/unsafe-reflection * @tags security + * experimental * external/cwe/cwe-470 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql b/java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql index fe69f2d9cea5..4bb636fe6a9e 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql @@ -6,6 +6,7 @@ * @precision medium * @id java/main-method-in-enterprise-bean * @tags security + * experimental * external/cwe/cwe-489 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-489/WebComponentMain.ql b/java/ql/src/experimental/Security/CWE/CWE-489/WebComponentMain.ql index c4b05b9fe2f5..38e12700d1ab 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-489/WebComponentMain.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-489/WebComponentMain.ql @@ -6,6 +6,7 @@ * @precision medium * @id java/main-method-in-web-components * @tags security + * experimental * external/cwe/cwe-489 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-489/devMode.ql b/java/ql/src/experimental/Security/CWE/CWE-489/devMode.ql index b9a41ba02715..96fd62e593cc 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-489/devMode.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-489/devMode.ql @@ -7,6 +7,7 @@ * @precision high * @id java/struts-development-mode * @tags security + * experimental * external/cwe/cwe-489 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.ql b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.ql index 2928ea761651..8582f8a1b5b0 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.ql @@ -9,6 +9,7 @@ * @precision high * @id java/unsafe-deserialization-rmi * @tags security + * experimental * external/cwe/cwe-502 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql index 2914ebd7be29..28b164faa0d4 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql @@ -8,6 +8,7 @@ * @precision high * @id java/unsafe-deserialization-spring-exporter-in-configuration-class * @tags security + * experimental * external/cwe/cwe-502 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql index c2a8721e6430..d580d9839507 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql @@ -8,6 +8,7 @@ * @precision high * @id java/unsafe-deserialization-spring-exporter-in-xml-configuration * @tags security + * experimental * external/cwe/cwe-502 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql b/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql index de6034e94663..5f2bda49f7cd 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-522/InsecureLdapAuth.ql @@ -6,6 +6,7 @@ * @precision medium * @id java/insecure-ldap-auth * @tags security + * experimental * external/cwe/cwe-522 * external/cwe/cwe-319 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-548/InsecureDirectoryConfig.ql b/java/ql/src/experimental/Security/CWE/CWE-548/InsecureDirectoryConfig.ql index e4bc4b8912f1..55c550921049 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-548/InsecureDirectoryConfig.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-548/InsecureDirectoryConfig.ql @@ -9,6 +9,7 @@ * @precision medium * @id java/server-directory-listing * @tags security + * experimental * external/cwe/cwe-548 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql b/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql index e7c70a695b6b..aa27fd9773f2 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql @@ -7,6 +7,7 @@ * @precision high * @id java/unsafe-url-forward-dispatch-load * @tags security + * experimental * external/cwe-552 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-555/CredentialsInPropertiesFile.ql b/java/ql/src/experimental/Security/CWE/CWE-555/CredentialsInPropertiesFile.ql index 1ba429bd752f..3c5d8e018563 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-555/CredentialsInPropertiesFile.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-555/CredentialsInPropertiesFile.ql @@ -6,6 +6,7 @@ * @precision high * @id java/credentials-in-properties * @tags security + * experimental * external/cwe/cwe-555 * external/cwe/cwe-256 * external/cwe/cwe-260 diff --git a/java/ql/src/experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.ql b/java/ql/src/experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.ql index d61119fc853d..e13e69dfa6e9 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.ql @@ -6,6 +6,7 @@ * @precision medium * @id java/password-in-configuration * @tags security + * experimental * external/cwe/cwe-555 * external/cwe/cwe-256 * external/cwe/cwe-260 diff --git a/java/ql/src/experimental/Security/CWE/CWE-598/SensitiveGetQuery.ql b/java/ql/src/experimental/Security/CWE/CWE-598/SensitiveGetQuery.ql index 45ab668af48f..b436c3ccabd7 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-598/SensitiveGetQuery.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-598/SensitiveGetQuery.ql @@ -6,6 +6,7 @@ * @precision medium * @id java/sensitive-query-with-get * @tags security + * experimental * external/cwe/cwe-598 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql b/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql index f3ab1f166e7a..14149c784a0a 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql @@ -9,6 +9,7 @@ * @precision medium * @id java/uncaught-servlet-exception * @tags security + * experimental * external/cwe/cwe-600 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql b/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql index 3cef2b4fc410..a9995638793f 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql @@ -7,6 +7,7 @@ * @precision high * @id java/spring-unvalidated-url-redirection * @tags security + * experimental * external/cwe/cwe-601 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-611/XXE.ql b/java/ql/src/experimental/Security/CWE/CWE-611/XXE.ql index 0e1fdd72223b..563164aa155a 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-611/XXE.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-611/XXE.ql @@ -8,6 +8,7 @@ * @precision high * @id java/xxe-with-experimental-sinks * @tags security + * experimental * external/cwe/cwe-611 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-611/XXELocal.ql b/java/ql/src/experimental/Security/CWE/CWE-611/XXELocal.ql index 2d3ee9ec7856..aad3674e969a 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-611/XXELocal.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-611/XXELocal.ql @@ -10,6 +10,7 @@ * @precision medium * @id java/xxe-local-experimental-sinks * @tags security + * experimental * external/cwe/cwe-611 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-625/PermissiveDotRegex.ql b/java/ql/src/experimental/Security/CWE/CWE-625/PermissiveDotRegex.ql index 7319c75320a0..b24b36053b84 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-625/PermissiveDotRegex.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-625/PermissiveDotRegex.ql @@ -7,6 +7,7 @@ * @precision high * @id java/permissive-dot-regex * @tags security + * experimental * external/cwe-625 * external/cwe-863 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql b/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql index 0bb85272f085..bf2d8bc27479 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql @@ -7,6 +7,7 @@ * @precision high * @id java/xquery-injection * @tags security + * experimental * external/cwe/cwe-652 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql b/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql index 9733ccf7b559..f69630bfff21 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql @@ -4,6 +4,7 @@ * @kind problem * @problem.severity error * @tags security + * experimental * external/cwe/cwe-665 * @precision high * @id java/insecure-rmi-jmx-server-initialization diff --git a/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql b/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql index 9793430a2ee8..1682c8e03a10 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql @@ -9,6 +9,7 @@ * @precision medium * @id java/android/nfe-local-android-dos * @tags security + * experimental * external/cwe/cwe-755 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql b/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql index bea7faff6949..544af6489a0b 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql @@ -6,6 +6,7 @@ * @precision low * @id java/hash-without-salt * @tags security + * experimental * external/cwe/cwe-759 */ diff --git a/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql b/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql index 662a1f0f4954..bd287fc4a399 100644 --- a/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql +++ b/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql @@ -8,6 +8,7 @@ * @precision medium * @id java/incorrect-url-verification * @tags security + * experimental * external/cwe/cwe-939 */ diff --git a/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql b/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql index 08c634501355..8f9622fe6e7c 100644 --- a/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql +++ b/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql @@ -9,6 +9,7 @@ * @id js/actions/pull-request-target * @tags actions * security + * experimental * external/cwe/cwe-094 */ diff --git a/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql b/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql index 2c3b5a59eee2..a2437fa670cf 100644 --- a/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql +++ b/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql @@ -8,6 +8,7 @@ * @security-severity 5 * @id js/predictable-token * @tags security + * experimental * external/cwe/cwe-340 */ diff --git a/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql b/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql index 426a8a6f7947..ce4d3f7791cf 100644 --- a/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql +++ b/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql @@ -6,6 +6,7 @@ * @problem.severity error * @precision medium * @tags security + * experimental * external/cwe/cwe-918 */ diff --git a/python/ql/src/experimental/Security/CWE-022/ZipSlip.ql b/python/ql/src/experimental/Security/CWE-022/ZipSlip.ql index a914b938b962..aea193dde368 100644 --- a/python/ql/src/experimental/Security/CWE-022/ZipSlip.ql +++ b/python/ql/src/experimental/Security/CWE-022/ZipSlip.ql @@ -9,6 +9,7 @@ * @security-severity 7.5 * @precision high * @tags security + * experimental * external/cwe/cwe-022 */ diff --git a/python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.ql b/python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.ql index 80462fc91c06..178e1e28f437 100755 --- a/python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.ql +++ b/python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.ql @@ -9,6 +9,7 @@ * @security-severity 7.5 * @precision high * @tags security + * experimental * external/cwe/cwe-022 */ diff --git a/python/ql/src/experimental/Security/CWE-074/TemplateInjection.ql b/python/ql/src/experimental/Security/CWE-074/TemplateInjection.ql index 873c8035e2e8..cbc3536ad7d0 100644 --- a/python/ql/src/experimental/Security/CWE-074/TemplateInjection.ql +++ b/python/ql/src/experimental/Security/CWE-074/TemplateInjection.ql @@ -6,6 +6,7 @@ * @precision high * @id py/template-injection * @tags security + * experimental * external/cwe/cwe-074 */ diff --git a/python/ql/src/experimental/Security/CWE-079/ReflectedXSS.ql b/python/ql/src/experimental/Security/CWE-079/ReflectedXSS.ql index 46382ad296df..468cef01f7d1 100644 --- a/python/ql/src/experimental/Security/CWE-079/ReflectedXSS.ql +++ b/python/ql/src/experimental/Security/CWE-079/ReflectedXSS.ql @@ -8,6 +8,7 @@ * @sub-severity high * @id py/reflective-xss-email * @tags security + * experimental * external/cwe/cwe-079 * external/cwe/cwe-116 */ diff --git a/python/ql/src/experimental/Security/CWE-091/Xslt.ql b/python/ql/src/experimental/Security/CWE-091/Xslt.ql index 47cb8417b96c..77f405f5f5aa 100644 --- a/python/ql/src/experimental/Security/CWE-091/Xslt.ql +++ b/python/ql/src/experimental/Security/CWE-091/Xslt.ql @@ -7,6 +7,7 @@ * @precision high * @id py/xslt-injection * @tags security + * experimental * external/cwe/cwe-643 */ diff --git a/python/ql/src/experimental/Security/CWE-113/HeaderInjection.ql b/python/ql/src/experimental/Security/CWE-113/HeaderInjection.ql index 6c1170a5e72d..65305d2f3b57 100644 --- a/python/ql/src/experimental/Security/CWE-113/HeaderInjection.ql +++ b/python/ql/src/experimental/Security/CWE-113/HeaderInjection.ql @@ -6,6 +6,7 @@ * @problem.severity error * @id py/header-injection * @tags security + * experimental * external/cwe/cwe-113 * external/cwe/cwe-079 */ diff --git a/python/ql/src/experimental/Security/CWE-1236/CsvInjection.ql b/python/ql/src/experimental/Security/CWE-1236/CsvInjection.ql index a570461add1a..28a68dd78df3 100644 --- a/python/ql/src/experimental/Security/CWE-1236/CsvInjection.ql +++ b/python/ql/src/experimental/Security/CWE-1236/CsvInjection.ql @@ -6,6 +6,7 @@ * @problem.severity error * @id py/csv-injection * @tags security + * experimental * external/cwe/cwe-1236 */ diff --git a/python/ql/src/experimental/Security/CWE-287/ImproperLdapAuth.ql b/python/ql/src/experimental/Security/CWE-287/ImproperLdapAuth.ql index d4d4425aa0ac..22fc39f09f58 100644 --- a/python/ql/src/experimental/Security/CWE-287/ImproperLdapAuth.ql +++ b/python/ql/src/experimental/Security/CWE-287/ImproperLdapAuth.ql @@ -5,6 +5,7 @@ * @problem.severity warning * @id py/improper-ldap-auth * @tags security + * experimental * external/cwe/cwe-287 */ diff --git a/python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql b/python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql index c9687b17821b..5799e0193ce0 100644 --- a/python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql +++ b/python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql @@ -3,6 +3,7 @@ * @description Using version v1 of Azure Storage client-side encryption is insecure, and may enable an attacker to decrypt encrypted data * @kind problem * @tags security + * experimental * cryptography * external/cwe/cwe-327 * @id py/azure-storage/unsafe-client-side-encryption-in-use diff --git a/python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql b/python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql index 730de037c1f9..476906283aa7 100644 --- a/python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql +++ b/python/ql/src/experimental/Security/CWE-338/InsecureRandomness.ql @@ -9,6 +9,7 @@ * @precision high * @id py/insecure-randomness * @tags security + * experimental * external/cwe/cwe-338 */ diff --git a/python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql b/python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql index 44f6b45c3eaf..711abdb2f33a 100644 --- a/python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql +++ b/python/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql @@ -8,6 +8,7 @@ * @security-severity 5 * @id py/predictable-token * @tags security + * experimental * external/cwe/cwe-340 */ diff --git a/python/ql/src/experimental/Security/CWE-347/JWTEmptyKeyOrAlgorithm.ql b/python/ql/src/experimental/Security/CWE-347/JWTEmptyKeyOrAlgorithm.ql index adff8dc173f2..b12ed865a8c4 100644 --- a/python/ql/src/experimental/Security/CWE-347/JWTEmptyKeyOrAlgorithm.ql +++ b/python/ql/src/experimental/Security/CWE-347/JWTEmptyKeyOrAlgorithm.ql @@ -5,6 +5,7 @@ * @problem.severity warning * @id py/jwt-empty-secret-or-algorithm * @tags security + * experimental */ // determine precision above diff --git a/python/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql b/python/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql index 0cb801cb8497..834cd885718e 100644 --- a/python/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql +++ b/python/ql/src/experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql @@ -5,6 +5,7 @@ * @problem.severity warning * @id py/jwt-missing-verification * @tags security + * experimental * external/cwe/cwe-347 */ diff --git a/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql b/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql index 667894e896e6..aec637269acb 100644 --- a/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql +++ b/python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql @@ -7,6 +7,7 @@ * @precision high * @id py/ip-address-spoofing * @tags security + * experimental * external/cwe/cwe-348 */ diff --git a/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql b/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql index 88925d56a158..960ef9a671a7 100644 --- a/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql +++ b/python/ql/src/experimental/Security/CWE-522/LDAPInsecureAuth.ql @@ -5,6 +5,7 @@ * @problem.severity error * @id py/insecure-ldap-auth * @tags security + * experimental * external/cwe/cwe-522 * external/cwe/cwe-523 */ diff --git a/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql b/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql index edd19bfdfd9e..62ca6219b8b3 100644 --- a/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql +++ b/python/ql/src/experimental/Security/CWE-611/SimpleXmlRpcServer.ql @@ -6,6 +6,7 @@ * @precision high * @id py/simple-xml-rpc-server-dos * @tags security + * experimental * external/cwe/cwe-776 */ diff --git a/python/ql/src/experimental/Security/CWE-614/CookieInjection.ql b/python/ql/src/experimental/Security/CWE-614/CookieInjection.ql index 546c3d5e7a2f..894a69753d92 100644 --- a/python/ql/src/experimental/Security/CWE-614/CookieInjection.ql +++ b/python/ql/src/experimental/Security/CWE-614/CookieInjection.ql @@ -5,6 +5,7 @@ * @problem.severity error * @id py/cookie-injection * @tags security + * experimental * external/cwe/cwe-614 */ diff --git a/python/ql/src/experimental/Security/CWE-614/InsecureCookie.ql b/python/ql/src/experimental/Security/CWE-614/InsecureCookie.ql index 2fe2aee6f3e4..78cfdc9f3df2 100644 --- a/python/ql/src/experimental/Security/CWE-614/InsecureCookie.ql +++ b/python/ql/src/experimental/Security/CWE-614/InsecureCookie.ql @@ -8,6 +8,7 @@ * @precision ??? * @id py/insecure-cookie * @tags security + * experimental * external/cwe/cwe-614 */ diff --git a/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.ql b/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.ql index 87e003fcc454..a73202ca0828 100644 --- a/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.ql +++ b/python/ql/src/experimental/Security/CWE-943/NoSQLInjection.ql @@ -6,6 +6,7 @@ * @problem.severity error * @id py/nosql-injection * @tags security + * experimental * external/cwe/cwe-943 */ diff --git a/ruby/ql/src/experimental/cwe-807/ConditionalBypass.ql b/ruby/ql/src/experimental/cwe-807/ConditionalBypass.ql index 60a05351d919..96f5dc91a8c2 100644 --- a/ruby/ql/src/experimental/cwe-807/ConditionalBypass.ql +++ b/ruby/ql/src/experimental/cwe-807/ConditionalBypass.ql @@ -7,6 +7,7 @@ * @precision medium * @id rb/user-controlled-bypass * @tags security + * experimental * external/cwe/cwe-807 * external/cwe/cwe-290 */ diff --git a/ruby/ql/src/experimental/decompression-api/DecompressionApi.ql b/ruby/ql/src/experimental/decompression-api/DecompressionApi.ql index 280569b10eed..7dc37f19bc85 100644 --- a/ruby/ql/src/experimental/decompression-api/DecompressionApi.ql +++ b/ruby/ql/src/experimental/decompression-api/DecompressionApi.ql @@ -6,7 +6,9 @@ * @security-severity 7.8 * @precision medium * @id rb/user-controlled-file-decompression - * @tags security external/cwe/cwe-409 + * @tags security + * experimental + * external/cwe/cwe-409 */ import codeql.ruby.AST diff --git a/ruby/ql/src/experimental/improper-memoization/ImproperMemoization.ql b/ruby/ql/src/experimental/improper-memoization/ImproperMemoization.ql index 0cbfa1ec7594..c3c8d2c3ec79 100644 --- a/ruby/ql/src/experimental/improper-memoization/ImproperMemoization.ql +++ b/ruby/ql/src/experimental/improper-memoization/ImproperMemoization.ql @@ -5,6 +5,7 @@ * @problem.severity warning * @precision high * @tags security + * experimental * @id rb/improper-memoization */ diff --git a/ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql b/ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql index 7a98e0cecb0f..d9360e29e29d 100644 --- a/ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql +++ b/ruby/ql/src/experimental/manually-check-http-verb/ManuallyCheckHttpVerb.ql @@ -7,6 +7,7 @@ * @precision low * @id rb/manually-checking-http-verb * @tags security + * experimental */ import codeql.ruby.AST diff --git a/ruby/ql/src/experimental/weak-params/WeakParams.ql b/ruby/ql/src/experimental/weak-params/WeakParams.ql index cf18a37283f8..e164318c8748 100644 --- a/ruby/ql/src/experimental/weak-params/WeakParams.ql +++ b/ruby/ql/src/experimental/weak-params/WeakParams.ql @@ -7,6 +7,7 @@ * @precision medium * @id rb/weak-params * @tags security + * experimental */ import codeql.ruby.AST From b35a1d420638784c808064faa1e208b02a791b75 Mon Sep 17 00:00:00 2001 From: turbo Date: Wed, 14 Dec 2022 17:16:38 +0100 Subject: [PATCH 2/5] Adjust docs referring to experimental queries to include details on new tagging system --- CONTRIBUTING.md | 1 + docs/experimental.md | 2 ++ 2 files changed, 3 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0abd13bde5eb..c97b2d962864 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -25,6 +25,7 @@ If you have an idea for a query that you would like to share with other CodeQL u Each language-specific directory contains further subdirectories that group queries based on their `@tags` or purpose. - Experimental queries and libraries are stored in the `experimental` subdirectory within each language-specific directory in the [CodeQL repository](https://github.com/github/codeql). For example, experimental Java queries and libraries are stored in `java/ql/src/experimental` and any corresponding tests in `java/ql/test/experimental`. + - Experimental queries need to include `experimental` in their `@tags` - The structure of an `experimental` subdirectory mirrors the structure of its parent directory. - Select or create an appropriate directory in `experimental` based on the existing directory structure of `experimental` or its parent directory. diff --git a/docs/experimental.md b/docs/experimental.md index 0b6eca50c177..774cc1640525 100644 --- a/docs/experimental.md +++ b/docs/experimental.md @@ -2,6 +2,8 @@ In addition to [our supported queries and libraries](supported-queries.md), this repository also contains queries and libraries of a more experimental nature. Experimental queries and libraries can be improved incrementally and may eventually reach a sufficient maturity to be included in our supported queries and libraries. +Experimental security queries are included in the `experimental` [CodeQL suite](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs). This suite is provided for testing purposes only, and should not be used in production code scanning workflows. + Experimental queries and libraries may not be actively maintained as the [supported](supported-queries.md) libraries evolve. They may also be changed in backwards-incompatible ways or may be removed entirely in the future without deprecation warnings. See [CONTRIBUTING.md](../CONTRIBUTING.md) for guidelines on submitting a new experimental query. From 5fd5ebc26e1d94813d53df483ef311dd68abc3b6 Mon Sep 17 00:00:00 2001 From: turbo Date: Wed, 14 Dec 2022 22:42:56 +0100 Subject: [PATCH 3/5] Create security-experimental suite helper and all language suite implementations --- .../cpp-security-experimental.qls | 5 +++ .../csharp-security-experimental.qls | 4 ++ .../go-security-experimental.qls | 4 ++ .../java-security-experimental.qls | 4 ++ .../security-experimental-selectors.yml | 45 +++++++++++++++++++ .../python-security-experimental.qls | 4 ++ .../ruby-security-experimental.qls | 4 ++ .../swift-security-experimental.qls | 4 ++ 8 files changed, 74 insertions(+) create mode 100644 cpp/ql/src/codeql-suites/cpp-security-experimental.qls create mode 100644 csharp/ql/src/codeql-suites/csharp-security-experimental.qls create mode 100644 go/ql/src/codeql-suites/go-security-experimental.qls create mode 100644 java/ql/src/codeql-suites/java-security-experimental.qls create mode 100644 misc/suite-helpers/security-experimental-selectors.yml create mode 100644 python/ql/src/codeql-suites/python-security-experimental.qls create mode 100644 ruby/ql/src/codeql-suites/ruby-security-experimental.qls create mode 100644 swift/ql/src/codeql-suites/swift-security-experimental.qls diff --git a/cpp/ql/src/codeql-suites/cpp-security-experimental.qls b/cpp/ql/src/codeql-suites/cpp-security-experimental.qls new file mode 100644 index 000000000000..e8781f7cd1f6 --- /dev/null +++ b/cpp/ql/src/codeql-suites/cpp-security-experimental.qls @@ -0,0 +1,5 @@ +- description: Extended and experimental security queries for C and C++ +- queries: . +- apply: security-experimental-selectors.yml + from: codeql/suite-helpers +- apply: codeql-suites/exclude-slow-queries.yml diff --git a/csharp/ql/src/codeql-suites/csharp-security-experimental.qls b/csharp/ql/src/codeql-suites/csharp-security-experimental.qls new file mode 100644 index 000000000000..b47176b0e878 --- /dev/null +++ b/csharp/ql/src/codeql-suites/csharp-security-experimental.qls @@ -0,0 +1,4 @@ +- description: Extended and experimental security queries for C# +- queries: . +- apply: security-experimental-selectors.yml + from: codeql/suite-helpers \ No newline at end of file diff --git a/go/ql/src/codeql-suites/go-security-experimental.qls b/go/ql/src/codeql-suites/go-security-experimental.qls new file mode 100644 index 000000000000..ad0bee0fbf59 --- /dev/null +++ b/go/ql/src/codeql-suites/go-security-experimental.qls @@ -0,0 +1,4 @@ +- description: Extended and experimental security queries for Go +- queries: . +- apply: security-experimental-selectors.yml + from: codeql/suite-helpers \ No newline at end of file diff --git a/java/ql/src/codeql-suites/java-security-experimental.qls b/java/ql/src/codeql-suites/java-security-experimental.qls new file mode 100644 index 000000000000..cb0b26d64445 --- /dev/null +++ b/java/ql/src/codeql-suites/java-security-experimental.qls @@ -0,0 +1,4 @@ +- description: Extended and experimental security queries for Java and Kotlin +- queries: . +- apply: security-experimental-selectors.yml + from: codeql/suite-helpers \ No newline at end of file diff --git a/misc/suite-helpers/security-experimental-selectors.yml b/misc/suite-helpers/security-experimental-selectors.yml new file mode 100644 index 000000000000..1ea42707b751 --- /dev/null +++ b/misc/suite-helpers/security-experimental-selectors.yml @@ -0,0 +1,45 @@ +- description: Selectors for selecting the security-extended and experimental security queries for a language +- include: + kind: + - problem + - path-problem + precision: + - high + - very-high + tags contain: + - security +- include: + kind: + - problem + - path-problem + precision: + - medium + problem.severity: + - error + - warning + tags contain: + - security +- include: + kind: + - diagnostic +- include: + kind: + - metric + tags contain: + - summary +- exclude: + query path: + - /^experimental\/.*/ +- include: + tags contain all: + - security + - experimental +- exclude: + deprecated: // +- exclude: + query path: + - Metrics/Summaries/FrameworkCoverage.ql + - /Diagnostics/Internal/.*/ +- exclude: + tags contain: + - model-generator diff --git a/python/ql/src/codeql-suites/python-security-experimental.qls b/python/ql/src/codeql-suites/python-security-experimental.qls new file mode 100644 index 000000000000..09004e85f4a0 --- /dev/null +++ b/python/ql/src/codeql-suites/python-security-experimental.qls @@ -0,0 +1,4 @@ +- description: Extended and experimental security queries for Python +- queries: . +- apply: security-experimental-selectors.yml + from: codeql/suite-helpers \ No newline at end of file diff --git a/ruby/ql/src/codeql-suites/ruby-security-experimental.qls b/ruby/ql/src/codeql-suites/ruby-security-experimental.qls new file mode 100644 index 000000000000..3e3dd73d466f --- /dev/null +++ b/ruby/ql/src/codeql-suites/ruby-security-experimental.qls @@ -0,0 +1,4 @@ +- description: Extended and experimental security queries for Ruby +- queries: . +- apply: security-experimental-selectors.yml + from: codeql/suite-helpers \ No newline at end of file diff --git a/swift/ql/src/codeql-suites/swift-security-experimental.qls b/swift/ql/src/codeql-suites/swift-security-experimental.qls new file mode 100644 index 000000000000..e44478a232da --- /dev/null +++ b/swift/ql/src/codeql-suites/swift-security-experimental.qls @@ -0,0 +1,4 @@ +- description: Extended and experimental security queries for Swift +- queries: . +- apply: security-experimental-selectors.yml + from: codeql/suite-helpers \ No newline at end of file From 1e5426fca209034d2964335bd05fbd5f018c3aae Mon Sep 17 00:00:00 2001 From: turbo Date: Wed, 14 Dec 2022 22:42:56 +0100 Subject: [PATCH 4/5] Create security-experimental suite helper and all language suite implementations --- .../cpp-security-experimental.qls | 5 +++ .../csharp-security-experimental.qls | 4 ++ .../go-security-experimental.qls | 4 ++ .../java-security-experimental.qls | 4 ++ .../javascript-security-experimental.qls | 4 ++ .../security-experimental-selectors.yml | 45 +++++++++++++++++++ .../python-security-experimental.qls | 4 ++ .../ruby-security-experimental.qls | 4 ++ .../swift-security-experimental.qls | 4 ++ 9 files changed, 78 insertions(+) create mode 100644 cpp/ql/src/codeql-suites/cpp-security-experimental.qls create mode 100644 csharp/ql/src/codeql-suites/csharp-security-experimental.qls create mode 100644 go/ql/src/codeql-suites/go-security-experimental.qls create mode 100644 java/ql/src/codeql-suites/java-security-experimental.qls create mode 100644 javascript/ql/src/codeql-suites/javascript-security-experimental.qls create mode 100644 misc/suite-helpers/security-experimental-selectors.yml create mode 100644 python/ql/src/codeql-suites/python-security-experimental.qls create mode 100644 ruby/ql/src/codeql-suites/ruby-security-experimental.qls create mode 100644 swift/ql/src/codeql-suites/swift-security-experimental.qls diff --git a/cpp/ql/src/codeql-suites/cpp-security-experimental.qls b/cpp/ql/src/codeql-suites/cpp-security-experimental.qls new file mode 100644 index 000000000000..e8781f7cd1f6 --- /dev/null +++ b/cpp/ql/src/codeql-suites/cpp-security-experimental.qls @@ -0,0 +1,5 @@ +- description: Extended and experimental security queries for C and C++ +- queries: . +- apply: security-experimental-selectors.yml + from: codeql/suite-helpers +- apply: codeql-suites/exclude-slow-queries.yml diff --git a/csharp/ql/src/codeql-suites/csharp-security-experimental.qls b/csharp/ql/src/codeql-suites/csharp-security-experimental.qls new file mode 100644 index 000000000000..b47176b0e878 --- /dev/null +++ b/csharp/ql/src/codeql-suites/csharp-security-experimental.qls @@ -0,0 +1,4 @@ +- description: Extended and experimental security queries for C# +- queries: . +- apply: security-experimental-selectors.yml + from: codeql/suite-helpers \ No newline at end of file diff --git a/go/ql/src/codeql-suites/go-security-experimental.qls b/go/ql/src/codeql-suites/go-security-experimental.qls new file mode 100644 index 000000000000..ad0bee0fbf59 --- /dev/null +++ b/go/ql/src/codeql-suites/go-security-experimental.qls @@ -0,0 +1,4 @@ +- description: Extended and experimental security queries for Go +- queries: . +- apply: security-experimental-selectors.yml + from: codeql/suite-helpers \ No newline at end of file diff --git a/java/ql/src/codeql-suites/java-security-experimental.qls b/java/ql/src/codeql-suites/java-security-experimental.qls new file mode 100644 index 000000000000..cb0b26d64445 --- /dev/null +++ b/java/ql/src/codeql-suites/java-security-experimental.qls @@ -0,0 +1,4 @@ +- description: Extended and experimental security queries for Java and Kotlin +- queries: . +- apply: security-experimental-selectors.yml + from: codeql/suite-helpers \ No newline at end of file diff --git a/javascript/ql/src/codeql-suites/javascript-security-experimental.qls b/javascript/ql/src/codeql-suites/javascript-security-experimental.qls new file mode 100644 index 000000000000..c823aba4b676 --- /dev/null +++ b/javascript/ql/src/codeql-suites/javascript-security-experimental.qls @@ -0,0 +1,4 @@ +- description: Extended and experimental security queries for JavaScript and TypeScript +- queries: . +- apply: security-experimental-selectors.yml + from: codeql/suite-helpers \ No newline at end of file diff --git a/misc/suite-helpers/security-experimental-selectors.yml b/misc/suite-helpers/security-experimental-selectors.yml new file mode 100644 index 000000000000..1ea42707b751 --- /dev/null +++ b/misc/suite-helpers/security-experimental-selectors.yml @@ -0,0 +1,45 @@ +- description: Selectors for selecting the security-extended and experimental security queries for a language +- include: + kind: + - problem + - path-problem + precision: + - high + - very-high + tags contain: + - security +- include: + kind: + - problem + - path-problem + precision: + - medium + problem.severity: + - error + - warning + tags contain: + - security +- include: + kind: + - diagnostic +- include: + kind: + - metric + tags contain: + - summary +- exclude: + query path: + - /^experimental\/.*/ +- include: + tags contain all: + - security + - experimental +- exclude: + deprecated: // +- exclude: + query path: + - Metrics/Summaries/FrameworkCoverage.ql + - /Diagnostics/Internal/.*/ +- exclude: + tags contain: + - model-generator diff --git a/python/ql/src/codeql-suites/python-security-experimental.qls b/python/ql/src/codeql-suites/python-security-experimental.qls new file mode 100644 index 000000000000..09004e85f4a0 --- /dev/null +++ b/python/ql/src/codeql-suites/python-security-experimental.qls @@ -0,0 +1,4 @@ +- description: Extended and experimental security queries for Python +- queries: . +- apply: security-experimental-selectors.yml + from: codeql/suite-helpers \ No newline at end of file diff --git a/ruby/ql/src/codeql-suites/ruby-security-experimental.qls b/ruby/ql/src/codeql-suites/ruby-security-experimental.qls new file mode 100644 index 000000000000..3e3dd73d466f --- /dev/null +++ b/ruby/ql/src/codeql-suites/ruby-security-experimental.qls @@ -0,0 +1,4 @@ +- description: Extended and experimental security queries for Ruby +- queries: . +- apply: security-experimental-selectors.yml + from: codeql/suite-helpers \ No newline at end of file diff --git a/swift/ql/src/codeql-suites/swift-security-experimental.qls b/swift/ql/src/codeql-suites/swift-security-experimental.qls new file mode 100644 index 000000000000..e44478a232da --- /dev/null +++ b/swift/ql/src/codeql-suites/swift-security-experimental.qls @@ -0,0 +1,4 @@ +- description: Extended and experimental security queries for Swift +- queries: . +- apply: security-experimental-selectors.yml + from: codeql/suite-helpers \ No newline at end of file From d1d4163b795d2b1a19b7c00b542df8c8644e3ecd Mon Sep 17 00:00:00 2001 From: turbo Date: Sun, 18 Dec 2022 15:55:04 +0100 Subject: [PATCH 5/5] Exclude cpp/wrong-use-of-the-umask --- cpp/ql/src/codeql-suites/cpp-security-experimental.qls | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cpp/ql/src/codeql-suites/cpp-security-experimental.qls b/cpp/ql/src/codeql-suites/cpp-security-experimental.qls index e8781f7cd1f6..ec9699b1ad16 100644 --- a/cpp/ql/src/codeql-suites/cpp-security-experimental.qls +++ b/cpp/ql/src/codeql-suites/cpp-security-experimental.qls @@ -3,3 +3,7 @@ - apply: security-experimental-selectors.yml from: codeql/suite-helpers - apply: codeql-suites/exclude-slow-queries.yml +# Excluding problematically slow experimental queries +- exclude: + query path: + - experimental/Security/CWE/CWE-266/IncorrectPrivilegeAssignment.ql \ No newline at end of file