JavaScript: Make all taint-based security queries have @kind path-problem.

Max Schaefer · Max Schaefer · commit 60a1357092c4 · 2018-11-14T09:16:40.000Z
diff --git a/javascript/ql/src/Security/CWE-022/TaintedPath.ql b/javascript/ql/src/Security/CWE-022/TaintedPath.ql
@@ -2,7 +2,7 @@
  * @name Uncontrolled data used in path expression
  * @description Accessing paths influenced by users can allow an attacker to access
  *              unexpected resources.
- * @kind problem
+ * @kind path-problem
  * @problem.severity error
  * @precision high
  * @id js/path-injection
diff --git a/javascript/ql/src/Security/CWE-078/CommandInjection.ql b/javascript/ql/src/Security/CWE-078/CommandInjection.ql
@@ -2,7 +2,7 @@
  * @name Uncontrolled command line
  * @description Using externally controlled strings in a command line may allow a malicious
  *              user to change the meaning of the command.
- * @kind problem
+ * @kind path-problem
  * @problem.severity error
  * @precision high
  * @id js/command-line-injection
diff --git a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql
@@ -2,7 +2,7 @@
  * @name Reflected cross-site scripting
  * @description Writing user input directly to an HTTP response allows for
  *              a cross-site scripting vulnerability.
- * @kind problem
+ * @kind path-problem
  * @problem.severity error
  * @precision high
  * @id js/reflected-xss
diff --git a/javascript/ql/src/Security/CWE-079/StoredXss.ql b/javascript/ql/src/Security/CWE-079/StoredXss.ql
@@ -2,7 +2,7 @@
  * @name Stored cross-site scripting
  * @description Using uncontrolled stored values in HTML allows for
  *              a stored cross-site scripting vulnerability.
- * @kind problem
+ * @kind path-problem
  * @problem.severity error
  * @precision high
  * @id js/stored-xss
diff --git a/javascript/ql/src/Security/CWE-079/Xss.ql b/javascript/ql/src/Security/CWE-079/Xss.ql
@@ -2,7 +2,7 @@
  * @name Client side cross-site scripting
  * @description Writing user input directly to the DOM allows for
  *              a cross-site scripting vulnerability.
- * @kind problem
+ * @kind path-problem
  * @problem.severity error
  * @precision high
  * @id js/xss
diff --git a/javascript/ql/src/Security/CWE-089/SqlInjection.ql b/javascript/ql/src/Security/CWE-089/SqlInjection.ql
@@ -2,7 +2,7 @@
 * @name Database query built from user-controlled sources
 * @description Building a database query from user-controlled sources is vulnerable to insertion of
 *              malicious code by the user.
-* @kind problem
+* @kind path-problem
 * @problem.severity error
 * @precision high
 * @id js/sql-injection
diff --git a/javascript/ql/src/Security/CWE-094/CodeInjection.ql b/javascript/ql/src/Security/CWE-094/CodeInjection.ql
@@ -2,7 +2,7 @@
  * @name Code injection
  * @description Interpreting unsanitized user input as code allows a malicious user arbitrary
  *              code execution.
- * @kind problem
+ * @kind path-problem
  * @problem.severity error
  * @precision high
  * @id js/code-injection
diff --git a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql
@@ -1,7 +1,7 @@
 /**
  * @name Use of externally-controlled format string
  * @description Using external input in format strings can lead to garbled output.
- * @kind problem
+ * @kind path-problem
  * @problem.severity warning
  * @precision high
  * @id js/tainted-format-string
diff --git a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql
@@ -1,7 +1,7 @@
 /**
  * @name File data in outbound network request
  * @description Directly sending file data in an outbound network request can indicate unauthorized information disclosure.
- * @kind problem
+ * @kind path-problem
  * @problem.severity warning
  * @id js/file-access-to-http
  * @tags security
diff --git a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql
@@ -3,7 +3,7 @@
  * @description Propagating stack trace information to an external user can
  *              unintentionally reveal implementation details that are useful
  *              to an attacker for developing a subsequent exploit.
- * @kind problem
+ * @kind path-problem
  * @problem.severity warning
  * @precision very-high
  * @id js/stack-trace-exposure
diff --git a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql
@@ -2,7 +2,7 @@
  * @name Clear-text logging of sensitive information
  * @description Logging sensitive information without encryption or hashing can
  *              expose it to an attacker.
- * @kind problem
+ * @kind path-problem
  * @problem.severity error
  * @precision high
  * @id js/clear-text-logging
diff --git a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql
@@ -2,7 +2,7 @@
  * @name Clear text storage of sensitive information
  * @description Sensitive information stored without encryption or hashing can expose it to an
  *              attacker.
- * @kind problem
+ * @kind path-problem
  * @problem.severity error
  * @precision high
  * @id js/clear-text-storage-of-sensitive-data
diff --git a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql
@@ -1,7 +1,7 @@
 /**
  * @name Use of a broken or weak cryptographic algorithm
  * @description Using broken or weak cryptographic algorithms can compromise security.
- * @kind problem
+ * @kind path-problem
  * @problem.severity warning
  * @precision high
  * @id js/weak-cryptographic-algorithm
diff --git a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql
@@ -3,7 +3,7 @@
  * @description Using a cryptographically weak pseudo-random number generator to generate a
  *              security-sensitive value may allow an attacker to predict what value will
  *              be generated.
- * @kind problem
+ * @kind path-problem
  * @problem.severity warning
  * @precision high
  * @id js/insecure-randomness
diff --git a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql
@@ -1,7 +1,7 @@
 /**
  * @name CORS misconfiguration for credentials transfer
  * @description Misconfiguration of CORS HTTP headers allows for leaks of secret credentials.
- * @kind problem
+ * @kind path-problem
  * @problem.severity error
  * @precision high
  * @id js/cors-misconfiguration-for-credentials
diff --git a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql
@@ -3,7 +3,7 @@
  * @description Allowing writes to arbitrary properties or calls to arbitrary 
  *       methods of an object may lead to denial-of-service attacks. 
  *   
- * @kind problem
+ * @kind path-problem
  * @problem.severity warning
  * @precision medium
  * @id js/remote-property-injection
diff --git a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql
@@ -2,7 +2,7 @@
  * @name Deserialization of user-controlled data
  * @description Deserializing user-controlled data may allow attackers to
  *              execute arbitrary code.
- * @kind problem
+ * @kind path-problem
  * @problem.severity warning
  * @precision high
  * @id js/unsafe-deserialization
diff --git a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql
@@ -2,7 +2,7 @@
  * @name Client-side URL redirect
  * @description Client-side URL redirection based on unvalidated user input
  *              may cause redirection to malicious web sites.
- * @kind problem
+ * @kind path-problem
  * @problem.severity error
  * @precision high
  * @id js/client-side-unvalidated-url-redirection
diff --git a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql
@@ -2,7 +2,7 @@
  * @name Server-side URL redirect
  * @description Server-side URL redirection based on unvalidated user input
  *              may cause redirection to malicious web sites.
- * @kind problem
+ * @kind path-problem
  * @problem.severity warning
  * @id js/server-side-unvalidated-url-redirection
  * @tags security
diff --git a/javascript/ql/src/Security/CWE-611/Xxe.ql b/javascript/ql/src/Security/CWE-611/Xxe.ql
@@ -2,7 +2,7 @@
  * @name XML external entity expansion
  * @description Parsing user input as an XML document with external
  *              entity expansion is vulnerable to XXE attacks.
- * @kind problem
+ * @kind path-problem
  * @problem.severity error
  * @precision high
  * @id js/xxe
diff --git a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql
@@ -2,7 +2,7 @@
  * @name Host header poisoning in email generation
  * @description Using the HTTP Host header to construct a link in an email can facilitate phishing
  *              attacks and leak password reset tokens.
- * @kind problem
+ * @kind path-problem
  * @problem.severity error
  * @precision high
  * @id js/host-header-forgery-in-email-generation
diff --git a/javascript/ql/src/Security/CWE-643/XpathInjection.ql b/javascript/ql/src/Security/CWE-643/XpathInjection.ql
@@ -2,7 +2,7 @@
  * @name XPath injection
  * @description Building an XPath expression from user-controlled sources is vulnerable to insertion of
  *              malicious code by the user.
- * @kind problem
+ * @kind path-problem
  * @problem.severity error
  * @precision high
  * @id js/xpath-injection
diff --git a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql
@@ -3,7 +3,7 @@
  * @description User input should not be used in regular expressions without first being escaped,
  *              otherwise a malicious user may be able to inject an expression that could require
  *              exponential time on certain inputs.
- * @kind problem
+ * @kind path-problem
  * @problem.severity error
  * @precision high
  * @id js/regex-injection
diff --git a/javascript/ql/src/Security/CWE-776/XmlBomb.ql b/javascript/ql/src/Security/CWE-776/XmlBomb.ql
@@ -2,7 +2,7 @@
  * @name XML internal entity expansion
  * @description Parsing user input as an XML document with arbitrary internal
  *              entity expansion is vulnerable to denial-of-service attacks.
- * @kind problem
+ * @kind path-problem
  * @problem.severity warning
  * @precision high
  * @id js/xml-bomb
diff --git a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql
@@ -2,7 +2,7 @@
  * @name Hard-coded credentials
  * @description Hard-coding credentials in source code may enable an attacker
  *              to gain unauthorized access.
- * @kind problem
+ * @kind path-problem
  * @problem.severity warning
  * @precision high
  * @id js/hardcoded-credentials
diff --git a/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql b/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql
@@ -1,7 +1,7 @@
 /**
  * @name User-controlled bypass of security check
  * @description Conditions that the user controls are not suited for making security-related decisions.
- * @kind problem
+ * @kind path-problem
  * @problem.severity error
  * @precision medium
  * @id js/user-controlled-bypass
diff --git a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql
@@ -1,7 +1,7 @@
 /**
  * @name Type confusion through parameter tampering
  * @description Sanitizing an HTTP request parameter may be ineffective if the user controls its type.
- * @kind problem
+ * @kind path-problem
  * @problem.severity error
  * @precision high
  * @id js/type-confusion-through-parameter-tampering
diff --git a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
@@ -1,7 +1,7 @@
 /**
  * @name User-controlled data written to file
  * @description Writing user-controlled data directly to the file system allows arbitrary file upload and might indicate a backdoor.
- * @kind problem
+ * @kind path-problem
  * @problem.severity warning
  * @id js/http-to-file-access
  * @tags security
diff --git a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql
@@ -1,7 +1,7 @@
 /**
  * @name Use of password hash with insufficient computational effort
  * @description Creating a hash of a password with low computational effort makes the hash vulnerable to password cracking attacks.
- * @kind problem
+ * @kind path-problem
  * @problem.severity warning
  * @precision high
  * @id js/insufficient-password-hash
diff --git a/javascript/ql/src/Security/CWE-918/RequestForgery.ql b/javascript/ql/src/Security/CWE-918/RequestForgery.ql
@@ -1,7 +1,7 @@
 /**
  * @name Uncontrolled data used in network request
  * @description Sending network requests with user-controlled data allows for request forgery attacks.
- * @kind problem
+ * @kind path-problem
  * @problem.severity error
  * @precision medium
  * @id js/request-forgery
