Merge pull request #4301 from lcartey/java/update-cwe-claims

aschackmull · web-flow · commit b3bf570fb701 · 2020-09-18T16:08:40.000+02:00
Java: Update some CWE claims
diff --git a/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql b/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql
@@ -9,6 +9,7 @@
  * @tags reliability
  *       correctness
  *       exceptions
+ *       external/cwe/cwe-193
  */
 
 import java
diff --git a/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql b/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
@@ -8,6 +8,7 @@
  * @id java/sql-injection
  * @tags security
  *       external/cwe/cwe-089
+ *       external/cwe/cwe-564
  */
 
 import java
diff --git a/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql b/java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql
@@ -8,6 +8,7 @@
  * @id java/sql-injection-local
  * @tags security
  *       external/cwe/cwe-089
+ *       external/cwe/cwe-564
  */
 
 import semmle.code.java.Expr
diff --git a/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql b/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql
@@ -8,6 +8,7 @@
  * @id java/concatenated-sql-query
  * @tags security
  *       external/cwe/cwe-089
+ *       external/cwe/cwe-564
  */
 
 import java
diff --git a/java/ql/src/Security/CWE/CWE-611/XXE.ql b/java/ql/src/Security/CWE/CWE-611/XXE.ql
@@ -8,6 +8,8 @@
  * @id java/xxe
  * @tags security
  *       external/cwe/cwe-611
+ *       external/cwe/cwe-776
+ *       external/cwe/cwe-827
  */
 
 import java
