Merge pull request #12 from GitHubSecurityLab/rename_query_ids

Rename query IDs

Author: Alvaro Muñoz

csharp/src/audit/CWE-078/CommandInjectionAudit.ql

@@ -6,7 +6,7 @@
  * @problem.severity error
  * @security-severity 2.0
  * @precision low
- * @id cs/audit/command-line-injection
+ * @id githubsecuritylab/audit/command-line-injection
  * @tags security
  *       external/cwe/cwe-078
  *       external/cwe/cwe-088

csharp/src/audit/CWE-094/CodeInjectionAudit.ql

@@ -6,7 +6,7 @@
  * @problem.severity warning
  * @security-severity 2.0
  * @precision low
- * @id cs/audit/code-injection
+ * @id githubsecuritylab/audit/code-injection
  * @tags security
  *       external/cwe/cwe-094
  *       external/cwe/cwe-095

csharp/src/audit/CWE-502/UnsafeDeserializationAudit.ql

@@ -3,7 +3,7 @@
  * @description Calling an unsafe deserializer with data controlled by an attacker
  *              can lead to denial of service and other security problems.
  * @kind problem
- * @id cs/audit/unsafe-deserialization
+ * @id githubsecuritylab/audit/unsafe-deserialization
  * @problem.severity warning
  * @security-severity 2.0
  * @precision low
@@ -12,7 +12,6 @@
  *       audit
  */
 
-// https://github.com/advanced-security/codeql-queries/blob/audit-csharp/codeql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserialization.ql
 import csharp
 import semmle.code.csharp.security.dataflow.UnsafeDeserializationQuery
 

csharp/src/audit/CWE-611/UnsafeXMLResolverAudit.ql

@@ -6,15 +6,14 @@
  * @problem.severity warning
  * @security-severity 2.0
  * @precision low
- * @id cs/audit/insecure-xml-read
+ * @id githubsecuritylab/audit/insecure-xml-read
  * @tags security
  *       external/cwe/cwe-611
  *       external/cwe/cwe-827
  *       external/cwe/cwe-776
  *       audit
  */
 
-// https://github.com/advanced-security/codeql-queries/blob/c8cfb6a0cc44da3d2baae4b985262a84652f71ee/csharp/ql/src/Security Features/CWE-611/UseXmlSecureResolver.ql#L22s
 import csharp
 import semmle.code.csharp.security.xml.InsecureXMLQuery
 

csharp/src/library_sources/ExternalAPIsUsedWithUntrustedData.ql

@@ -3,7 +3,7 @@
  * @description This reports the external APIs that are used with untrusted data, along with how
  *              frequently the API is called, and how many unique sources of untrusted data flow
  *              to it.
- * @id cs/count-untrusted-data-external-api
+ * @id githubsecuritylab/count-untrusted-data-external-api
  * @kind table
  * @tags security external/cwe/cwe-20
  */

csharp/src/security/CWE-328/WeakHashingAlgorithms.ql

@@ -6,7 +6,7 @@
  * @security-severity 5.0
  * @sub-severity medium
  * @precision medium
- * @id cs/weak-cryptographic-hash-algorithms
+ * @id githubsecuritylab/weak-cryptographic-hash-algorithms
  * @tags security
  *       audit
  *       external/cwe/cwe-328

csharp/src/security/CWE-328/WeakPasswordHashing.ql

@@ -5,7 +5,7 @@
  * @problem.severity warning
  * @security-severity 7.5
  * @precision high
- * @id csharp/weak-password-hashing
+ * @id githubsecuritylab/weak-password-hashing
  * @tags security
  *       external/cwe/cwe-327
  *       external/cwe/cwe-328

csharp/src/security/CWE-328/WeakSensitiveDataHashing.ql

@@ -5,7 +5,7 @@
  * @problem.severity warning
  * @security-severity 7.5
  * @precision high
- * @id csharp/weak-sensitive-data-hashing
+ * @id githubsecuritylab/weak-sensitive-data-hashing
  * @tags security
  *       external/cwe/cwe-327
  *       external/cwe/cwe-328

csharp/src/security/CWE-760/HardcodedSalt.ql

@@ -5,7 +5,7 @@
  * @problem.severity error
  * @security-severity 6.1
  * @precision medium
- * @id cs/hardcoded-salt
+ * @id githubsecuritylab/hardcoded-salt
  * @tags security
  *       external/cwe/cwe-760
  */

csharp/src/security/CWE-798/HardcodedCredentialsSymmetricSecurityKey.ql

@@ -5,20 +5,17 @@
  * @problem.severity error
  * @security-severity 9.8
  * @precision high
- * @id cs/hardcoded-credentials-symmetricsecuritykey
+ * @id githubsecuritylab/hardcoded-credentials-symmetricsecuritykey
  * @tags security
  *       external/cwe/cwe-259
  *       external/cwe/cwe-321
  *       external/cwe/cwe-798
  */
 
 import csharp
-
 private import DataFlow::PathGraph
-
 private import github.HardcodedCredentials
 
-
 from DataFlow::PathNode source, DataFlow::PathNode sink, LiteralToSecurityKeyConfig config
 where config.hasFlowPath(source, sink)
 select source, sink, source, "Hard-coded credential $@ used as SymmetricSecurityKey $@",

go/src/audit/CWE-078/ArgumentInjection.ql

@@ -6,7 +6,7 @@
  * @problem.severity error
  * @security-severity 9.8
  * @precision high
- * @id go/injection
+ * @id githubsecuritylab/audit/argument-injection
  * @tags security
  *       external/cwe/cwe-078
  *       audit

go/src/audit/CWE-089/SqlInjectionAudit.ql

@@ -5,11 +5,12 @@
  * @security-severity 2.5
  * @sub-severity low
  * @precision very-low
- * @id go/audit/sql-injection
+ * @id githubsecuritylab/audit/sql-injection
  * @tags security
  *       external/cwe/cwe-089
  *       audit
  */
+
 import go
 import semmle.go.security.SqlInjection
 import DataFlow::PathGraph

go/src/audit/explore/Dependencies.ql

@@ -2,7 +2,7 @@
  * @name External dependencies
  * @description Count the number of dependencies that a Java project has on external packages.
  * @kind treemap
- * @id githubsecuritylab/external-dependencies
+ * @id githubsecuritylab/audit/external-dependencies
  * @metricType externalDependency
  * @tags audit
  */

go/src/audit/explore/Files.ql

@@ -2,7 +2,7 @@
  * @name Files
  * @description List of all files in the repository
  * @kind table
- * @id githubsecuritylab/files
+ * @id githubsecuritylab/audit/files
  * @tags audit
  */
 

go/src/audit/explore/RemoteFlowSources.ql

@@ -2,7 +2,7 @@
  * @name Attack Surface
  * @description Application attack surface
  * @kind table
- * @id githubsecuritylab/attack-surface
+ * @id githubsecuritylab/audit/attack-surface
  * @tags audit
  */
 

go/src/security/CWE-078/CommandInjection.ql

@@ -6,7 +6,7 @@
  * @problem.severity error
  * @security-severity 9.8
  * @precision high
- * @id go/command-injection
+ * @id githubsecuritylab/command-injection
  * @tags security
  *       external/cwe/cwe-078
  */

go/src/security/CWE-117/LogInjection.ql

@@ -6,7 +6,7 @@
  * @problem.severity error
  * @security-severity 7.8
  * @precision high
- * @id go/log-injection
+ * @id githubsecuritylab/log-injection
  * @tags security
  *       external/cwe/cwe-117
  */

java/src/CVEs/.gitkeep

@@ -4,7 +4,7 @@
  * @kind path-problem
  * @problem.severity error
  * @precision high
- * @id seclab/log4shell
+ * @id githubsecuritylab/log4shell
  * @tags security
  */
 

java/src/CVEs/CVE-2021-44228.ql

@@ -3,7 +3,7 @@
  * @kind path-problem
  * @problem.severity error
  * @precision high
- * @id java/acc-script-injection
+ * @id githubsecuritylab/acc-script-injection
  * @tags security
  *       external/cwe/cwe-094
  */

java/src/CVEs/CVE-2022-33980.ql

@@ -3,7 +3,7 @@
  * @kind path-problem
  * @problem.severity error
  * @precision high
- * @id java/act-script-injection
+ * @id githubsecuritylab/act-script-injection
  * @tags security
  *       external/cwe/cwe-094
  */

java/src/CVEs/CVE-2022-42889.ql

@@ -1,6 +1,6 @@
 # Cross-Site Scripting (XSS) in JSP (Lenient)
 
-This query is similar to [CWE-079/XSSJSP](https://github.com/advanced-security/codeql-queries/blob/main/java/CWE-079/XSSJSP.ql) but it is lenient with the analysis leading potentially to more results (including false positives).
+This query is similar to CWE-079/XSSJSP but is lenient with the analysis leading potentially to more results (including false positives).
 
 ## Summary
 

java/src/audit/CWE-079/XSSJSPLenient.md

@@ -5,7 +5,7 @@
  * @problem.severity error
  * @security-severity 6.1
  * @precision high
- * @id java/xss-jsp
+ * @id githubsecuritylab/xss-jsp
  * @tags security
  *       external/cwe/cwe-079
  *       audit

java/src/audit/CWE-079/XSSJSPLenient.ql

@@ -1,3 +1,13 @@
+/**
+ * @name Frequency counts for external APIs that are used with untrusted data
+ * @description This reports the external APIs that are used with untrusted data, along with how
+ *              frequently the API is called, and how many unique sources of untrusted data flow
+ *              to it.
+ * @id githubsecuritylab/count-untrusted-data-external-api
+ * @kind table
+ * @tags security external/cwe/cwe-20
+ */
+
 import java
 import semmle.code.java.dataflow.DataFlow
 import ExternalAPIs

java/src/library_sources/ExternalAPIsUsedWithUntrustedData.ql

@@ -5,29 +5,34 @@
  * @problem.severity error
  * @security-severity 6.1
  * @precision high
- * @id java/command-line-injection-extra
+ * @id githubsecuritylab/command-line-injection-extra
  * @tags security
  *       external/cwe/cwe-078
  */
 
-
 import DataFlow::PathGraph
 import github.CommandInjectionRuntimeExec
 
-class RemoteSource extends Source { RemoteSource() { this instanceof RemoteFlowSource } }
+class RemoteSource extends Source {
+  RemoteSource() { this instanceof RemoteFlowSource }
+}
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, ExecTaintConfiguration2 conf, MethodAccess call, DataFlow::Node sourceCmd, DataFlow::Node sinkCmd, ExecTaintConfiguration confCmd
-where call.getMethod() instanceof RuntimeExecMethod
-// this is a command-accepting call to exec, e.g. rt.exec(new String[]{"/bin/sh", ...})
-and (
-    confCmd.hasFlow(sourceCmd, sinkCmd)
-    and sinkCmd.asExpr() = call.getArgument(0)
-)
-// it is tainted by untrusted user input
-and (
-    conf.hasFlow(source.getNode(), sink.getNode())
-    and sink.getNode().asExpr() = call.getArgument(0)
-)
-select sink, source, sink, "Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@'",
-    sourceCmd, sourceCmd.toString(),
-    source.getNode(), source.toString()
+from
+  DataFlow::PathNode source, DataFlow::PathNode sink, ExecTaintConfiguration2 conf,
+  MethodAccess call, DataFlow::Node sourceCmd, DataFlow::Node sinkCmd,
+  ExecTaintConfiguration confCmd
+where
+  call.getMethod() instanceof RuntimeExecMethod and
+  // this is a command-accepting call to exec, e.g. rt.exec(new String[]{"/bin/sh", ...})
+  (
+    confCmd.hasFlow(sourceCmd, sinkCmd) and
+    sinkCmd.asExpr() = call.getArgument(0)
+  ) and
+  // it is tainted by untrusted user input
+  (
+    conf.hasFlow(source.getNode(), sink.getNode()) and
+    sink.getNode().asExpr() = call.getArgument(0)
+  )
+select sink, source, sink,
+  "Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@'",
+  sourceCmd, sourceCmd.toString(), source.getNode(), source.toString()

java/src/security/.gitkeep

@@ -5,30 +5,35 @@
  * @problem.severity error
  * @security-severity 6.1
  * @precision high
- * @id java/command-line-injection-extra-local
+ * @id githubsecuritylab/command-line-injection-extra-local
  * @tags security
  *       local
  *       external/cwe/cwe-078
  */
 
-
 import DataFlow::PathGraph
 import github.CommandInjectionRuntimeExec
 
-class LocalSource extends Source { LocalSource() { this instanceof LocalUserInput } }
+class LocalSource extends Source {
+  LocalSource() { this instanceof LocalUserInput }
+}
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, ExecTaintConfiguration2 conf, MethodAccess call, DataFlow::Node sourceCmd, DataFlow::Node sinkCmd, ExecTaintConfiguration confCmd
-where call.getMethod() instanceof RuntimeExecMethod
-// this is a command-accepting call to exec, e.g. rt.exec(new String[]{"/bin/sh", ...})
-and (
-    confCmd.hasFlow(sourceCmd, sinkCmd)
-    and sinkCmd.asExpr() = call.getArgument(0)
-)
-// it is tainted by untrusted user input
-and (
-    conf.hasFlow(source.getNode(), sink.getNode())
-    and sink.getNode().asExpr() = call.getArgument(0)
-)
-select sink, source, sink, "Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@'",
-    sourceCmd, sourceCmd.toString(),
-    source.getNode(), source.toString()
+from
+  DataFlow::PathNode source, DataFlow::PathNode sink, ExecTaintConfiguration2 conf,
+  MethodAccess call, DataFlow::Node sourceCmd, DataFlow::Node sinkCmd,
+  ExecTaintConfiguration confCmd
+where
+  call.getMethod() instanceof RuntimeExecMethod and
+  // this is a command-accepting call to exec, e.g. rt.exec(new String[]{"/bin/sh", ...})
+  (
+    confCmd.hasFlow(sourceCmd, sinkCmd) and
+    sinkCmd.asExpr() = call.getArgument(0)
+  ) and
+  // it is tainted by untrusted user input
+  (
+    conf.hasFlow(source.getNode(), sink.getNode()) and
+    sink.getNode().asExpr() = call.getArgument(0)
+  )
+select sink, source, sink,
+  "Call to dangerous java.lang.Runtime.exec() with command '$@' with arg from untrusted input '$@'",
+  sourceCmd, sourceCmd.toString(), source.getNode(), source.toString()