File tree Expand file tree Collapse file tree
python/ql/src/experimental/Security-old-dataflow Expand file tree Collapse file tree Original file line number Diff line number Diff line change 33 * @description Binding a socket to all interfaces opens it up to traffic from any IPv4 address
44 * and is therefore associated with security risks.
55 * @kind problem
6+ * @id py/old/bind-socket-all-network-interfaces
7+ * @problem.severity error
68 */
79
810import python
Original file line number Diff line number Diff line change 22 * @name OLD QUERY: Uncontrolled data used in path expression
33 * @description Accessing paths influenced by users can allow an attacker to access unexpected resources.
44 * @kind path-problem
5+ * @problem.severity error
6+ * @id py/old/path-injection
57 */
68
79import python
Original file line number Diff line number Diff line change 33 * @description Using externally controlled strings in a command line may allow a malicious
44 * user to change the meaning of the command.
55 * @kind path-problem
6+ * @problem.severity error
7+ * @id py/old/command-line-injection
68 */
79
810import python
Original file line number Diff line number Diff line change 33 * @description Writing user input directly to a web page
44 * allows for a cross-site scripting vulnerability.
55 * @kind path-problem
6+ * @problem.severity error
7+ * @id py/old/reflective-xss
68 */
79
810import python
Original file line number Diff line number Diff line change 33 * @description Building a SQL query from user-controlled sources is vulnerable to insertion of
44 * malicious SQL code by the user.
55 * @kind path-problem
6+ * @problem.severity error
7+ * @id py/old/sql-injection
68 */
79
810import python
Original file line number Diff line number Diff line change 33 * @description Interpreting unsanitized user input as code allows a malicious user arbitrary
44 * code execution.
55 * @kind path-problem
6+ * @problem.severity error
7+ * @id py/old/code-injection
68 */
79
810import python
Original file line number Diff line number Diff line change 11/**
2- * @name Use of weak cryptographic key
2+ * @name OLD QUERY: Use of weak cryptographic key
33 * @description Use of a cryptographic key that is too small may allow the encryption to be broken.
44 * @kind problem
55 * @problem.severity error
6- * @precision high
7- * @id py/weak-crypto-key
8- * @tags security
9- * external/cwe/cwe-326
6+ * @id py/old/weak-crypto-key
107 */
118
129import python
Original file line number Diff line number Diff line change 22 * @name OLD QUERY: Deserializing untrusted input
33 * @description Deserializing user-controlled data may allow attackers to execute arbitrary code.
44 * @kind path-problem
5+ * @id py/old/unsafe-deserialization
6+ * @problem.severity error
57 */
68
79import python
Original file line number Diff line number Diff line change 33 * @description URL redirection based on unvalidated user input
44 * may cause redirection to malicious web sites.
55 * @kind path-problem
6+ * @problem.severity error
7+ * @id py/old/url-redirection
68 */
79
810import python
You can’t perform that action at this time.
0 commit comments