Python: Fix query metadata for old queries that have been ported

RasmusWL · RasmusWL · commit 9abe02f419d4 · 2021-03-25T16:01:56.000+01:00
I'm not sure even I want to keep these around much longer. They seem to be
causing more problem than they are doing good.
diff --git a/python/ql/src/experimental/Security-old-dataflow/CVE-2018-1281/BindToAllInterfaces.ql b/python/ql/src/experimental/Security-old-dataflow/CVE-2018-1281/BindToAllInterfaces.ql
@@ -3,6 +3,8 @@
  * @description Binding a socket to all interfaces opens it up to traffic from any IPv4 address
  * and is therefore associated with security risks.
  * @kind problem
+ * @id py/old/bind-socket-all-network-interfaces
+ * @problem.severity error
  */
 
 import python
diff --git a/python/ql/src/experimental/Security-old-dataflow/CWE-022/PathInjection.ql b/python/ql/src/experimental/Security-old-dataflow/CWE-022/PathInjection.ql
@@ -2,6 +2,8 @@
  * @name OLD QUERY: Uncontrolled data used in path expression
  * @description Accessing paths influenced by users can allow an attacker to access unexpected resources.
  * @kind path-problem
+ * @problem.severity error
+ * @id py/old/path-injection
  */
 
 import python
diff --git a/python/ql/src/experimental/Security-old-dataflow/CWE-078/CommandInjection.ql b/python/ql/src/experimental/Security-old-dataflow/CWE-078/CommandInjection.ql
@@ -3,6 +3,8 @@
  * @description Using externally controlled strings in a command line may allow a malicious
  *              user to change the meaning of the command.
  * @kind path-problem
+ * @problem.severity error
+ * @id py/old/command-line-injection
  */
 
 import python
diff --git a/python/ql/src/experimental/Security-old-dataflow/CWE-079/ReflectedXss.ql b/python/ql/src/experimental/Security-old-dataflow/CWE-079/ReflectedXss.ql
@@ -3,6 +3,8 @@
  * @description Writing user input directly to a web page
  *              allows for a cross-site scripting vulnerability.
  * @kind path-problem
+ * @problem.severity error
+ * @id py/old/reflective-xss
  */
 
 import python
diff --git a/python/ql/src/experimental/Security-old-dataflow/CWE-089/SqlInjection.ql b/python/ql/src/experimental/Security-old-dataflow/CWE-089/SqlInjection.ql
@@ -3,6 +3,8 @@
  * @description Building a SQL query from user-controlled sources is vulnerable to insertion of
  *              malicious SQL code by the user.
  * @kind path-problem
+ * @problem.severity error
+ * @id py/old/sql-injection
  */
 
 import python
diff --git a/python/ql/src/experimental/Security-old-dataflow/CWE-094/CodeInjection.ql b/python/ql/src/experimental/Security-old-dataflow/CWE-094/CodeInjection.ql
@@ -3,6 +3,8 @@
  * @description Interpreting unsanitized user input as code allows a malicious user arbitrary
  *              code execution.
  * @kind path-problem
+ * @problem.severity error
+ * @id py/old/code-injection
  */
 
 import python
diff --git a/python/ql/src/experimental/Security-old-dataflow/CWE-326/WeakCrypto.ql b/python/ql/src/experimental/Security-old-dataflow/CWE-326/WeakCrypto.ql
@@ -1,12 +1,9 @@
 /**
- * @name Use of weak cryptographic key
+ * @name OLD QUERY: Use of weak cryptographic key
  * @description Use of a cryptographic key that is too small may allow the encryption to be broken.
  * @kind problem
  * @problem.severity error
- * @precision high
- * @id py/weak-crypto-key
- * @tags security
- *       external/cwe/cwe-326
+ * @id py/old/weak-crypto-key
  */
 
 import python
diff --git a/python/ql/src/experimental/Security-old-dataflow/CWE-502/UnsafeDeserialization.ql b/python/ql/src/experimental/Security-old-dataflow/CWE-502/UnsafeDeserialization.ql
@@ -2,6 +2,8 @@
  * @name OLD QUERY: Deserializing untrusted input
  * @description Deserializing user-controlled data may allow attackers to execute arbitrary code.
  * @kind path-problem
+ * @id py/old/unsafe-deserialization
+ * @problem.severity error
  */
 
 import python
diff --git a/python/ql/src/experimental/Security-old-dataflow/CWE-601/UrlRedirect.ql b/python/ql/src/experimental/Security-old-dataflow/CWE-601/UrlRedirect.ql
@@ -3,6 +3,8 @@
  * @description URL redirection based on unvalidated user input
  *              may cause redirection to malicious web sites.
  * @kind path-problem
+ * @problem.severity error
+ * @id py/old/url-redirection
  */
 
 import python
