From cf614a596d965f2584bfc568a9ec3dbd370ddbf6 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 30 Apr 2025 16:43:03 +0100 Subject: [PATCH 1/3] Fix cwe tags to include leading zero --- cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql | 2 +- .../src/Security/CWE/CWE-020/CountUntrustedDataToExternalAPI.ql | 2 +- .../Security/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.ql | 2 +- cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql | 2 +- cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql | 2 +- .../Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql | 2 +- csharp/ql/src/Configuration/PasswordInConfigurationFile.ql | 2 +- csharp/ql/src/Security Features/CWE-011/ASPNetDebug.ql | 2 +- .../ql/src/Security Features/CWE-016/ASPNetMaxRequestLength.ql | 2 +- .../src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql | 2 +- .../CWE-020/ExternalAPIsUsedWithUntrustedData.ql | 2 +- csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql | 2 +- .../src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql | 2 +- .../CWE-248/MissingASPNETGlobalErrorHandler.ql | 2 +- go/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql | 2 +- go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql | 2 +- go/ql/src/Security/CWE-020/MissingRegexpAnchor.ql | 2 +- go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql | 2 +- go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql | 2 +- go/ql/src/Security/CWE-020/UntrustedDataToUnknownExternalAPI.ql | 2 +- go/ql/src/experimental/CWE-090/LDAPInjection.ql | 2 +- go/ql/src/experimental/CWE-74/DsnInjection.ql | 2 +- go/ql/src/experimental/CWE-74/DsnInjectionLocal.ql | 2 +- .../src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql | 2 +- .../Security/CWE/CWE-020/ExternalAPIsUsedWithUntrustedData.ql | 2 +- java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql | 2 +- java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql | 2 +- javascript/ql/src/Electron/DisablingWebSecurity.ql | 2 +- .../src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql | 2 +- .../ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql | 2 +- .../ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql | 2 +- .../CWE-020-ExternalAPIs/ExternalAPIsUsedWithUntrustedData.ql | 2 +- .../Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql | 2 +- python/ql/src/Security/CWE-020/CookieInjection.ql | 2 +- .../src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql | 2 +- python/ql/src/experimental/Security/CWE-094/Js2Py.ql | 2 +- .../ql/src/experimental/template-injection/TemplateInjection.ql | 2 +- 37 files changed, 37 insertions(+), 37 deletions(-) diff --git a/cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql b/cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql index 33c319722958..3aff4e1dcc2e 100644 --- a/cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql +++ b/cpp/ql/src/Security/CWE/CWE-014/MemsetMayBeDeleted.ql @@ -8,7 +8,7 @@ * @security-severity 7.8 * @precision high * @tags security - * external/cwe/cwe-14 + * external/cwe/cwe-014 */ import cpp diff --git a/cpp/ql/src/Security/CWE/CWE-020/CountUntrustedDataToExternalAPI.ql b/cpp/ql/src/Security/CWE/CWE-020/CountUntrustedDataToExternalAPI.ql index bebff32a5c1d..80bf2b8a8b39 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/CountUntrustedDataToExternalAPI.ql +++ b/cpp/ql/src/Security/CWE/CWE-020/CountUntrustedDataToExternalAPI.ql @@ -5,7 +5,7 @@ * to it. * @id cpp/count-untrusted-data-external-api * @kind table - * @tags security external/cwe/cwe-20 + * @tags security external/cwe/cwe-020 */ import cpp diff --git a/cpp/ql/src/Security/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.ql b/cpp/ql/src/Security/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.ql index 69911c22c6af..3bc364c41164 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.ql +++ b/cpp/ql/src/Security/CWE/CWE-020/IRCountUntrustedDataToExternalAPI.ql @@ -5,7 +5,7 @@ * to it. * @id cpp/count-untrusted-data-external-api-ir * @kind table - * @tags security external/cwe/cwe-20 + * @tags security external/cwe/cwe-020 */ import cpp diff --git a/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql b/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql index 432f47f67355..07c97ed77fd2 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql +++ b/cpp/ql/src/Security/CWE/CWE-020/IRUntrustedDataToExternalAPI.ql @@ -6,7 +6,7 @@ * @precision low * @problem.severity error * @security-severity 7.8 - * @tags security external/cwe/cwe-20 + * @tags security external/cwe/cwe-020 */ import cpp diff --git a/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql b/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql index 1cfd0a7132f8..34ea739e6753 100644 --- a/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql +++ b/cpp/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql @@ -6,7 +6,7 @@ * @precision low * @problem.severity error * @security-severity 7.8 - * @tags security external/cwe/cwe-20 + * @tags security external/cwe/cwe-020 */ import cpp diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql b/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql index 07d18992db66..be53ba1fc683 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-020/LateCheckOfFunctionArgument.ql @@ -10,7 +10,7 @@ * @tags correctness * security * experimental - * external/cwe/cwe-20 + * external/cwe/cwe-020 */ import cpp diff --git a/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql b/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql index c6f004789a7d..a2fe7cf2290e 100644 --- a/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql +++ b/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql @@ -7,7 +7,7 @@ * @precision medium * @id cs/password-in-configuration * @tags security - * external/cwe/cwe-13 + * external/cwe/cwe-013 * external/cwe/cwe-256 * external/cwe/cwe-313 */ diff --git a/csharp/ql/src/Security Features/CWE-011/ASPNetDebug.ql b/csharp/ql/src/Security Features/CWE-011/ASPNetDebug.ql index 308f3eeeac2c..4e0e52352b47 100644 --- a/csharp/ql/src/Security Features/CWE-011/ASPNetDebug.ql +++ b/csharp/ql/src/Security Features/CWE-011/ASPNetDebug.ql @@ -10,7 +10,7 @@ * @tags security * maintainability * frameworks/asp.net - * external/cwe/cwe-11 + * external/cwe/cwe-011 * external/cwe/cwe-532 */ diff --git a/csharp/ql/src/Security Features/CWE-016/ASPNetMaxRequestLength.ql b/csharp/ql/src/Security Features/CWE-016/ASPNetMaxRequestLength.ql index 89bd133d59ae..b9ac41e0e39e 100644 --- a/csharp/ql/src/Security Features/CWE-016/ASPNetMaxRequestLength.ql +++ b/csharp/ql/src/Security Features/CWE-016/ASPNetMaxRequestLength.ql @@ -8,7 +8,7 @@ * @id cs/web/large-max-request-length * @tags security * frameworks/asp.net - * external/cwe/cwe-16 + * external/cwe/cwe-016 */ import csharp diff --git a/csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql b/csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql index 68902a0622d8..3c51b7a8e2e0 100644 --- a/csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql +++ b/csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.ql @@ -8,7 +8,7 @@ * @id cs/web/request-validation-disabled * @tags security * frameworks/asp.net - * external/cwe/cwe-16 + * external/cwe/cwe-016 */ import csharp diff --git a/csharp/ql/src/Security Features/CWE-020/ExternalAPIsUsedWithUntrustedData.ql b/csharp/ql/src/Security Features/CWE-020/ExternalAPIsUsedWithUntrustedData.ql index b07b1093ec88..8427ceb87eb0 100644 --- a/csharp/ql/src/Security Features/CWE-020/ExternalAPIsUsedWithUntrustedData.ql +++ b/csharp/ql/src/Security Features/CWE-020/ExternalAPIsUsedWithUntrustedData.ql @@ -5,7 +5,7 @@ * to it. * @id cs/count-untrusted-data-external-api * @kind table - * @tags security external/cwe/cwe-20 + * @tags security external/cwe/cwe-020 */ import csharp diff --git a/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql b/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql index 6148f0f6ae91..af0294590331 100644 --- a/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql +++ b/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql @@ -7,7 +7,7 @@ * @security-severity 7.8 * @precision medium * @tags security - * external/cwe/cwe-20 + * external/cwe/cwe-020 */ import semmle.code.csharp.serialization.Serialization diff --git a/csharp/ql/src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql b/csharp/ql/src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql index a71a2705bdda..0543f198d229 100644 --- a/csharp/ql/src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql +++ b/csharp/ql/src/Security Features/CWE-020/UntrustedDataToExternalAPI.ql @@ -6,7 +6,7 @@ * @precision low * @problem.severity error * @security-severity 7.8 - * @tags security external/cwe/cwe-20 + * @tags security external/cwe/cwe-020 */ import csharp diff --git a/csharp/ql/src/Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql b/csharp/ql/src/Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql index f37d4c497de9..14d73c02e1ef 100644 --- a/csharp/ql/src/Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql +++ b/csharp/ql/src/Security Features/CWE-248/MissingASPNETGlobalErrorHandler.ql @@ -8,7 +8,7 @@ * @precision high * @id cs/web/missing-global-error-handler * @tags security - * external/cwe/cwe-12 + * external/cwe/cwe-012 * external/cwe/cwe-248 */ diff --git a/go/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql b/go/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql index b23cd0030232..2b32d8ffecc2 100644 --- a/go/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql +++ b/go/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql @@ -5,7 +5,7 @@ * to it. * @id go/count-untrusted-data-external-api * @kind table - * @tags security external/cwe/cwe-20 + * @tags security external/cwe/cwe-020 */ import go diff --git a/go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql b/go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql index 03018ee1c32d..89954b08f991 100644 --- a/go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql +++ b/go/ql/src/Security/CWE-020/IncompleteHostnameRegexp.ql @@ -9,7 +9,7 @@ * @id go/incomplete-hostname-regexp * @tags correctness * security - * external/cwe/cwe-20 + * external/cwe/cwe-020 */ import go diff --git a/go/ql/src/Security/CWE-020/MissingRegexpAnchor.ql b/go/ql/src/Security/CWE-020/MissingRegexpAnchor.ql index df93440ac526..a478968e58b9 100644 --- a/go/ql/src/Security/CWE-020/MissingRegexpAnchor.ql +++ b/go/ql/src/Security/CWE-020/MissingRegexpAnchor.ql @@ -8,7 +8,7 @@ * @id go/regex/missing-regexp-anchor * @tags correctness * security - * external/cwe/cwe-20 + * external/cwe/cwe-020 */ import go diff --git a/go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql b/go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql index 81cc634346a3..e58cf8644904 100644 --- a/go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql +++ b/go/ql/src/Security/CWE-020/SuspiciousCharacterInRegexp.ql @@ -8,7 +8,7 @@ * @id go/suspicious-character-in-regex * @tags correctness * security - * external/cwe/cwe-20 + * external/cwe/cwe-020 */ import go diff --git a/go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql b/go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql index 4ab22af3a459..6e8d99471ee4 100644 --- a/go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql +++ b/go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql @@ -6,7 +6,7 @@ * @precision low * @problem.severity error * @security-severity 7.8 - * @tags security external/cwe/cwe-20 + * @tags security external/cwe/cwe-020 */ import go diff --git a/go/ql/src/Security/CWE-020/UntrustedDataToUnknownExternalAPI.ql b/go/ql/src/Security/CWE-020/UntrustedDataToUnknownExternalAPI.ql index 23945e38d465..451980479040 100644 --- a/go/ql/src/Security/CWE-020/UntrustedDataToUnknownExternalAPI.ql +++ b/go/ql/src/Security/CWE-020/UntrustedDataToUnknownExternalAPI.ql @@ -6,7 +6,7 @@ * @precision low * @problem.severity error * @security-severity 7.8 - * @tags security external/cwe/cwe-20 + * @tags security external/cwe/cwe-020 */ import go diff --git a/go/ql/src/experimental/CWE-090/LDAPInjection.ql b/go/ql/src/experimental/CWE-090/LDAPInjection.ql index 7da669aa6120..6b269df20baf 100644 --- a/go/ql/src/experimental/CWE-090/LDAPInjection.ql +++ b/go/ql/src/experimental/CWE-090/LDAPInjection.ql @@ -7,7 +7,7 @@ * @id go/ldap-injection * @tags security * experimental - * external/cwe/cwe-90 + * external/cwe/cwe-090 */ import go diff --git a/go/ql/src/experimental/CWE-74/DsnInjection.ql b/go/ql/src/experimental/CWE-74/DsnInjection.ql index 2b2ee0a62e4c..c8df87e296ea 100644 --- a/go/ql/src/experimental/CWE-74/DsnInjection.ql +++ b/go/ql/src/experimental/CWE-74/DsnInjection.ql @@ -6,7 +6,7 @@ * @id go/dsn-injection * @tags security * experimental - * external/cwe/cwe-74 + * external/cwe/cwe-074 */ import go diff --git a/go/ql/src/experimental/CWE-74/DsnInjectionLocal.ql b/go/ql/src/experimental/CWE-74/DsnInjectionLocal.ql index 1744a25848b5..d741199ac229 100644 --- a/go/ql/src/experimental/CWE-74/DsnInjectionLocal.ql +++ b/go/ql/src/experimental/CWE-74/DsnInjectionLocal.ql @@ -6,7 +6,7 @@ * @id go/dsn-injection-local * @tags security * experimental - * external/cwe/cwe-74 + * external/cwe/cwe-074 */ import go diff --git a/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql b/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql index 0aff713f26bc..ff63f6bfbec7 100644 --- a/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql +++ b/go/ql/src/experimental/CWE-79/HTMLTemplateEscapingPassthrough.ql @@ -7,7 +7,7 @@ * @id go/html-template-escaping-passthrough * @tags security * experimental - * external/cwe/cwe-79 + * external/cwe/cwe-079 */ import go diff --git a/java/ql/src/Security/CWE/CWE-020/ExternalAPIsUsedWithUntrustedData.ql b/java/ql/src/Security/CWE/CWE-020/ExternalAPIsUsedWithUntrustedData.ql index 23c82397de08..ffdfcaf9f80b 100644 --- a/java/ql/src/Security/CWE/CWE-020/ExternalAPIsUsedWithUntrustedData.ql +++ b/java/ql/src/Security/CWE/CWE-020/ExternalAPIsUsedWithUntrustedData.ql @@ -5,7 +5,7 @@ * to it. * @id java/count-untrusted-data-external-api * @kind table - * @tags security external/cwe/cwe-20 + * @tags security external/cwe/cwe-020 */ import java diff --git a/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql b/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql index fdbb34b2247f..a75672445fb1 100644 --- a/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql +++ b/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql @@ -6,7 +6,7 @@ * @precision low * @problem.severity error * @security-severity 7.8 - * @tags security external/cwe/cwe-20 + * @tags security external/cwe/cwe-020 */ import java diff --git a/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql b/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql index 7376aa51e584..fb7a40052f0b 100644 --- a/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql +++ b/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql @@ -9,7 +9,7 @@ * @precision high * @id java/netty-http-request-or-response-splitting * @tags security - * external/cwe/cwe-93 + * external/cwe/cwe-093 * external/cwe/cwe-113 */ diff --git a/javascript/ql/src/Electron/DisablingWebSecurity.ql b/javascript/ql/src/Electron/DisablingWebSecurity.ql index a2b0c0a8a01f..392d8fb73223 100644 --- a/javascript/ql/src/Electron/DisablingWebSecurity.ql +++ b/javascript/ql/src/Electron/DisablingWebSecurity.ql @@ -7,7 +7,7 @@ * @precision very-high * @tags security * frameworks/electron - * external/cwe/cwe-79 + * external/cwe/cwe-079 * @id js/disabling-electron-websecurity */ diff --git a/javascript/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql b/javascript/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql index 045edc172f3f..9f811c85c971 100644 --- a/javascript/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql +++ b/javascript/ql/src/Security/CWE-020/ExternalAPIsUsedWithUntrustedData.ql @@ -5,7 +5,7 @@ * to it. * @id js/count-untrusted-data-external-api * @kind table - * @tags security external/cwe/cwe-20 + * @tags security external/cwe/cwe-020 */ import javascript diff --git a/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql b/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql index 30931a6a5823..1fd1df14887b 100644 --- a/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql +++ b/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql @@ -6,7 +6,7 @@ * @precision low * @problem.severity error * @security-severity 7.8 - * @tags security external/cwe/cwe-20 + * @tags security external/cwe/cwe-020 */ import javascript diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql index 4bf06b544474..fa7f313e9e51 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql @@ -7,7 +7,7 @@ * @problem.severity error * @security-severity 7.8 * @tags experimental - * security external/cwe/cwe-20 + * security external/cwe/cwe-020 */ import javascript diff --git a/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIsUsedWithUntrustedData.ql b/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIsUsedWithUntrustedData.ql index ac374311ee8a..a0905e6626d3 100644 --- a/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIsUsedWithUntrustedData.ql +++ b/python/ql/src/Security/CWE-020-ExternalAPIs/ExternalAPIsUsedWithUntrustedData.ql @@ -5,7 +5,7 @@ * to it. * @id py/count-untrusted-data-external-api * @kind table - * @tags security external/cwe/cwe-20 + * @tags security external/cwe/cwe-020 */ import python diff --git a/python/ql/src/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql b/python/ql/src/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql index f5706ccc3a6d..feb5b77c02a8 100644 --- a/python/ql/src/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql +++ b/python/ql/src/Security/CWE-020-ExternalAPIs/UntrustedDataToExternalAPI.ql @@ -6,7 +6,7 @@ * @precision low * @problem.severity error * @security-severity 7.8 - * @tags security external/cwe/cwe-20 + * @tags security external/cwe/cwe-020 */ import python diff --git a/python/ql/src/Security/CWE-020/CookieInjection.ql b/python/ql/src/Security/CWE-020/CookieInjection.ql index 0cb9c2dadbb6..e0600648eac2 100644 --- a/python/ql/src/Security/CWE-020/CookieInjection.ql +++ b/python/ql/src/Security/CWE-020/CookieInjection.ql @@ -7,7 +7,7 @@ * @security-severity 5.0 * @id py/cookie-injection * @tags security - * external/cwe/cwe-20 + * external/cwe/cwe-020 */ import python diff --git a/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql b/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql index 5ab77438d637..1dbd95d5533e 100644 --- a/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql +++ b/python/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql @@ -8,7 +8,7 @@ * @id py/incomplete-url-substring-sanitization * @tags correctness * security - * external/cwe/cwe-20 + * external/cwe/cwe-020 */ import python diff --git a/python/ql/src/experimental/Security/CWE-094/Js2Py.ql b/python/ql/src/experimental/Security/CWE-094/Js2Py.ql index 2bb3fea1b329..53c919d97327 100644 --- a/python/ql/src/experimental/Security/CWE-094/Js2Py.ql +++ b/python/ql/src/experimental/Security/CWE-094/Js2Py.ql @@ -8,7 +8,7 @@ * @id py/js2py-rce * @tags security * experimental - * external/cwe/cwe-94 + * external/cwe/cwe-094 */ import python diff --git a/ruby/ql/src/experimental/template-injection/TemplateInjection.ql b/ruby/ql/src/experimental/template-injection/TemplateInjection.ql index 7ad81c34123a..7ad670d6ec12 100644 --- a/ruby/ql/src/experimental/template-injection/TemplateInjection.ql +++ b/ruby/ql/src/experimental/template-injection/TemplateInjection.ql @@ -8,7 +8,7 @@ * @precision high * @id rb/server-side-template-injection * @tags security - * external/cwe/cwe-94 + * external/cwe/cwe-094 */ import codeql.ruby.DataFlow From a9132c43d0072ec2fb270aef24183349cfc5121c Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 30 Apr 2025 16:47:35 +0100 Subject: [PATCH 2/3] Fix incorrect CWE tags --- python/ql/src/Expressions/UseofInput.ql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/python/ql/src/Expressions/UseofInput.ql b/python/ql/src/Expressions/UseofInput.ql index b7e9b6f7d9d8..b5e49a65f989 100644 --- a/python/ql/src/Expressions/UseofInput.ql +++ b/python/ql/src/Expressions/UseofInput.ql @@ -4,8 +4,8 @@ * @kind problem * @tags security * correctness - * security/cwe/cwe-94 - * security/cwe/cwe-95 + * external/cwe/cwe-094 + * external/cwe/cwe-095 * @problem.severity error * @security-severity 9.8 * @sub-severity high From 0863c87572a3867de8fa9a571e8ee3574f809ea1 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 1 May 2025 10:33:24 +0100 Subject: [PATCH 3/3] Add change notes --- .../src/change-notes/2025-05-01-cwe-tag-changed.md | 9 +++++++++ .../src/change-notes/2025-05-01-cwe-tag-changed.md | 12 ++++++++++++ .../src/change-notes/2025-05-01-cwe-tag-changed.md | 14 ++++++++++++++ .../src/change-notes/2025-05-01-cwe-tag-changed.md | 7 +++++++ .../src/change-notes/2025-05-01-cwe-tag-changed.md | 8 ++++++++ .../src/change-notes/2025-05-01-cwe-tag-changed.md | 10 ++++++++++ .../src/change-notes/2025-05-01-cwe-tag-changed.md | 5 +++++ 7 files changed, 65 insertions(+) create mode 100644 cpp/ql/src/change-notes/2025-05-01-cwe-tag-changed.md create mode 100644 csharp/ql/src/change-notes/2025-05-01-cwe-tag-changed.md create mode 100644 go/ql/src/change-notes/2025-05-01-cwe-tag-changed.md create mode 100644 java/ql/src/change-notes/2025-05-01-cwe-tag-changed.md create mode 100644 javascript/ql/src/change-notes/2025-05-01-cwe-tag-changed.md create mode 100644 python/ql/src/change-notes/2025-05-01-cwe-tag-changed.md create mode 100644 ruby/ql/src/change-notes/2025-05-01-cwe-tag-changed.md diff --git a/cpp/ql/src/change-notes/2025-05-01-cwe-tag-changed.md b/cpp/ql/src/change-notes/2025-05-01-cwe-tag-changed.md new file mode 100644 index 000000000000..daefff65c31e --- /dev/null +++ b/cpp/ql/src/change-notes/2025-05-01-cwe-tag-changed.md @@ -0,0 +1,9 @@ +--- +category: queryMetadata +--- +* The tag `external/cwe/cwe-14` has been removed from `cpp/memset-may-be-deleted` and the tag `external/cwe/cwe-014` has been added. +* The tag `external/cwe/cwe-20` has been removed from `cpp/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-20` has been removed from `cpp/count-untrusted-data-external-api-ir` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-20` has been removed from `cpp/untrusted-data-to-external-api-ir` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-20` has been removed from `cpp/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-20` has been removed from `cpp/late-check-of-function-argument` and the tag `external/cwe/cwe-020` has been added. diff --git a/csharp/ql/src/change-notes/2025-05-01-cwe-tag-changed.md b/csharp/ql/src/change-notes/2025-05-01-cwe-tag-changed.md new file mode 100644 index 000000000000..8b84ae3f0774 --- /dev/null +++ b/csharp/ql/src/change-notes/2025-05-01-cwe-tag-changed.md @@ -0,0 +1,12 @@ +--- +category: queryMetadata +--- + +* The tag `external/cwe/cwe-13` has been removed from `cs/password-in-configuration` and the tag `external/cwe/cwe-013` has been added. +* The tag `external/cwe/cwe-11` has been removed from `cs/web/debug-binary` and the tag `external/cwe/cwe-011` has been added. +* The tag `external/cwe/cwe-16` has been removed from `cs/web/large-max-request-length` and the tag `external/cwe/cwe-016` has been added. +* The tag `external/cwe/cwe-16` has been removed from `cs/web/request-validation-disabled` and the tag `external/cwe/cwe-016` has been added. +* The tag `external/cwe/cwe-20` has been removed from `cs/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-20` has been removed from `cs/serialization-check-bypass` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-20` has been removed from `cs/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-12` has been removed from `cs/web/missing-global-error-handler` and the tag `external/cwe/cwe-012` has been added. diff --git a/go/ql/src/change-notes/2025-05-01-cwe-tag-changed.md b/go/ql/src/change-notes/2025-05-01-cwe-tag-changed.md new file mode 100644 index 000000000000..d084aeeaf48a --- /dev/null +++ b/go/ql/src/change-notes/2025-05-01-cwe-tag-changed.md @@ -0,0 +1,14 @@ +--- +category: queryMetadata +--- + +* The tag `external/cwe/cwe-20` has been removed from `go/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-20` has been removed from `go/incomplete-hostname-regexp` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-20` has been removed from `go/regex/missing-regexp-anchor` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-20` has been removed from `go/suspicious-character-in-regex` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-20` has been removed from `go/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-20` has been removed from `go/untrusted-data-to-unknown-external-api` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-90` has been removed from `go/ldap-injection` and the tag `external/cwe/cwe-090` has been added. +* The tag `external/cwe/cwe-74` has been removed from `go/dsn-injection` and the tag `external/cwe/cwe-074` has been added. +* The tag `external/cwe/cwe-74` has been removed from `go/dsn-injection-local` and the tag `external/cwe/cwe-074` has been added. +* The tag `external/cwe/cwe-79` has been removed from `go/html-template-escaping-passthrough` and the tag `external/cwe/cwe-079` has been added. diff --git a/java/ql/src/change-notes/2025-05-01-cwe-tag-changed.md b/java/ql/src/change-notes/2025-05-01-cwe-tag-changed.md new file mode 100644 index 000000000000..2bbc6a6d7764 --- /dev/null +++ b/java/ql/src/change-notes/2025-05-01-cwe-tag-changed.md @@ -0,0 +1,7 @@ +--- +category: queryMetadata +--- + +* The tag `external/cwe/cwe-20` has been removed from `java/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-20` has been removed from `java/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-93` has been removed from `java/netty-http-request-or-response-splitting` and the tag `external/cwe/cwe-093` has been added. diff --git a/javascript/ql/src/change-notes/2025-05-01-cwe-tag-changed.md b/javascript/ql/src/change-notes/2025-05-01-cwe-tag-changed.md new file mode 100644 index 000000000000..01e53adf5f5e --- /dev/null +++ b/javascript/ql/src/change-notes/2025-05-01-cwe-tag-changed.md @@ -0,0 +1,8 @@ +--- +category: queryMetadata +--- + +* The tag `external/cwe/cwe-79` has been removed from `js/disabling-electron-websecurity` and the tag `external/cwe/cwe-079` has been added. +* The tag `external/cwe/cwe-20` has been removed from `js/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-20` has been removed from `js/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-20` has been removed from `js/untrusted-data-to-external-api-more-sources` and the tag `external/cwe/cwe-020` has been added. diff --git a/python/ql/src/change-notes/2025-05-01-cwe-tag-changed.md b/python/ql/src/change-notes/2025-05-01-cwe-tag-changed.md new file mode 100644 index 000000000000..0267e9a3fbb8 --- /dev/null +++ b/python/ql/src/change-notes/2025-05-01-cwe-tag-changed.md @@ -0,0 +1,10 @@ +--- +category: queryMetadata +--- + +* The tags `security/cwe/cwe-94` and `security/cwe/cwe-95` have been removed from `py/use-of-input` and the tags `external/cwe/cwe-094` and `external/cwe/cwe-095` have been added. +* The tag `external/cwe/cwe-20` has been removed from `py/count-untrusted-data-external-api` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-20` has been removed from `py/untrusted-data-to-external-api` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-20` has been removed from `py/cookie-injection` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-20` has been removed from `py/incomplete-url-substring-sanitization` and the tag `external/cwe/cwe-020` has been added. +* The tag `external/cwe/cwe-94` has been removed from `py/js2py-rce` and the tag `external/cwe/cwe-094` has been added. diff --git a/ruby/ql/src/change-notes/2025-05-01-cwe-tag-changed.md b/ruby/ql/src/change-notes/2025-05-01-cwe-tag-changed.md new file mode 100644 index 000000000000..c8fd8d626866 --- /dev/null +++ b/ruby/ql/src/change-notes/2025-05-01-cwe-tag-changed.md @@ -0,0 +1,5 @@ +--- +category: queryMetadata +--- + +* The tag `external/cwe/cwe-94` has been removed from `rb/server-side-template-injection` and the tag `external/cwe/cwe-094` has been added.