Merge pull request #36 from rdmarsh2/rdmarsh/cpp/add-security-tags

jbj · web-flow · commit da02c45102d9 · 2018-08-14T12:07:28.000+02:00
C++: add security tags to more queries
diff --git a/cpp/ql/src/Critical/DescriptorMayNotBeClosed.ql b/cpp/ql/src/Critical/DescriptorMayNotBeClosed.ql
@@ -5,6 +5,7 @@
  * @id cpp/descriptor-may-not-be-closed
  * @problem.severity warning
  * @tags efficiency
+ *       security
  *       external/cwe/cwe-775
  */
 import semmle.code.cpp.pointsto.PointsTo
diff --git a/cpp/ql/src/Critical/DescriptorNeverClosed.ql b/cpp/ql/src/Critical/DescriptorNeverClosed.ql
@@ -5,6 +5,7 @@
  * @id cpp/descriptor-never-closed
  * @problem.severity warning
  * @tags efficiency
+ *       security
  *       external/cwe/cwe-775
  */
 import semmle.code.cpp.pointsto.PointsTo
diff --git a/cpp/ql/src/Critical/GlobalUseBeforeInit.ql b/cpp/ql/src/Critical/GlobalUseBeforeInit.ql
@@ -5,6 +5,7 @@
  * @id cpp/global-use-before-init
  * @problem.severity warning
  * @tags reliability
+ *       security
  *       external/cwe/cwe-457
  */
 import cpp
diff --git a/cpp/ql/src/Critical/InconsistentNullnessTesting.ql b/cpp/ql/src/Critical/InconsistentNullnessTesting.ql
@@ -5,6 +5,7 @@
  * @id cpp/inconsistent-nullness-testing
  * @problem.severity warning
  * @tags reliability
+ *       security
  *       external/cwe/cwe-476
  */
 import cpp
diff --git a/cpp/ql/src/Critical/InitialisationNotRun.ql b/cpp/ql/src/Critical/InitialisationNotRun.ql
@@ -5,6 +5,7 @@
  * @id cpp/initialization-not-run
  * @problem.severity warning
  * @tags reliability
+ *       security
  *       external/cwe/cwe-456
  */
 import cpp
diff --git a/cpp/ql/src/Critical/LateNegativeTest.ql b/cpp/ql/src/Critical/LateNegativeTest.ql
@@ -7,6 +7,7 @@
  * @id cpp/late-negative-test
  * @problem.severity warning
  * @tags reliability
+ *       security
  *       external/cwe/cwe-823
  */
 import cpp
diff --git a/cpp/ql/src/Critical/MissingNegativityTest.ql b/cpp/ql/src/Critical/MissingNegativityTest.ql
@@ -5,6 +5,7 @@
  * @id cpp/missing-negativity-test
  * @problem.severity warning
  * @tags reliability
+ *       security
  *       external/cwe/cwe-823
  */
 import cpp
diff --git a/cpp/ql/src/Critical/MissingNullTest.ql b/cpp/ql/src/Critical/MissingNullTest.ql
@@ -5,6 +5,7 @@
  * @id cpp/missing-null-test
  * @problem.severity recommendation
  * @tags reliability
+ *       security
  *       external/cwe/cwe-476
  */
 import cpp
diff --git a/cpp/ql/src/Critical/OverflowCalculated.ql b/cpp/ql/src/Critical/OverflowCalculated.ql
@@ -5,6 +5,7 @@
  * @id cpp/overflow-calculated
  * @problem.severity warning
  * @tags reliability
+ *       security
  *       external/cwe/cwe-131
  *       external/cwe/cwe-120
  */
diff --git a/cpp/ql/src/Critical/OverflowDestination.ql b/cpp/ql/src/Critical/OverflowDestination.ql
@@ -6,6 +6,7 @@
  * @id cpp/overflow-destination
  * @problem.severity warning
  * @tags reliability
+ *       security
  *       external/cwe/cwe-119
  *       external/cwe/cwe-131
  */
diff --git a/cpp/ql/src/Critical/ReturnStackAllocatedObject.ql b/cpp/ql/src/Critical/ReturnStackAllocatedObject.ql
@@ -9,6 +9,7 @@
  * @id cpp/return-stack-allocated-object
  * @problem.severity warning
  * @tags reliability
+ *       security
  *       external/cwe/cwe-562
  */
 import semmle.code.cpp.pointsto.PointsTo
diff --git a/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql b/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
@@ -10,6 +10,9 @@
  * @id cpp/bad-addition-overflow-check
  * @tags reliability
  *       correctness
+ *       security
+ *       external/cwe/190
+ *       external/cwe/192
  */
 
 import cpp
diff --git a/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql b/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql
@@ -9,6 +9,7 @@
  * @precision high
  * @tags correctness
  *       reliability
+ *       security
  *       external/cwe/cwe-119
  *       external/cwe/cwe-843
  * @id cpp/upcast-array-pointer-arithmetic
diff --git a/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql b/cpp/ql/src/Likely Bugs/Format/NonConstantFormat.ql
@@ -10,6 +10,7 @@
  * @id cpp/non-constant-format
  * @tags maintainability
  *       correctness
+ *       security
  *       external/cwe/cwe-134
  */
 import cpp
diff --git a/cpp/ql/src/Likely Bugs/Format/SnprintfOverflow.ql b/cpp/ql/src/Likely Bugs/Format/SnprintfOverflow.ql
@@ -8,6 +8,7 @@
  * @id cpp/overflowing-snprintf
  * @tags reliability
  *       correctness
+ *       security
  */
 
 import cpp
diff --git a/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql b/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql
@@ -8,6 +8,7 @@
  * @id cpp/wrong-number-format-arguments
  * @tags reliability
  *       correctness
+ *       security
  *       external/cwe/cwe-685
  */
 import cpp
diff --git a/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql b/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql
@@ -8,6 +8,7 @@
  * @id cpp/wrong-type-format-argument
  * @tags reliability
  *       correctness
+ *       security
  *       external/cwe/cwe-686
  */
 
diff --git a/cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql b/cpp/ql/src/Likely Bugs/Memory Management/StrncpyFlippedArgs.ql
@@ -8,6 +8,7 @@
  * @id cpp/bad-strncpy-size
  * @tags reliability
  *       correctness
+ *       security
  *       external/cwe/cwe-676
  *       external/cwe/cwe-119
  *       external/cwe/cwe-251
diff --git a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToMemset.ql b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToMemset.ql
@@ -10,6 +10,7 @@
  * @precision medium
  * @tags reliability
  *       correctness
+ *       security
  *       external/cwe/cwe-676
  */
 import cpp
diff --git a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousCallToStrncat.ql
@@ -8,6 +8,7 @@
  * @id cpp/unsafe-strncat
  * @tags reliability
  *       correctness
+ *       security
  *       external/cwe/cwe-676
  *       external/cwe/cwe-119
  *       external/cwe/cwe-251
diff --git a/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousSizeof.ql b/cpp/ql/src/Likely Bugs/Memory Management/SuspiciousSizeof.ql
@@ -9,6 +9,7 @@
  * @id cpp/suspicious-sizeof
  * @tags reliability
  *       correctness
+ *       security
  *       external/cwe/cwe-467
  */
 import cpp
diff --git a/cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql b/cpp/ql/src/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql
@@ -8,6 +8,7 @@
  * @id cpp/unsafe-strcat
  * @tags reliability
  *       correctness
+ *       security
  *       external/cwe/cwe-676
  *       external/cwe/cwe-120
  *       external/cwe/cwe-251
diff --git a/cpp/ql/src/Likely Bugs/OO/SelfAssignmentCheck.ql b/cpp/ql/src/Likely Bugs/OO/SelfAssignmentCheck.ql
@@ -7,6 +7,8 @@
  * @id cpp/self-assignment-check
  * @problem.severity warning
  * @tags reliability
+ *       security
+ *       external/cwe/cwe-826
  */
 import cpp
 
