Merge pull request #8153 from github/henrymercer/atm-add-cwe-tags

henrymercer · web-flow · commit e42f759f6b47 · 2022-02-21T17:24:02.000Z
JS: Add CWE tags for ML-powered queries
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/NosqlInjectionATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/src/NosqlInjectionATM.ql
@@ -10,6 +10,7 @@
  * @security-severity 8.8
  * @id js/ml-powered/nosql-injection
  * @tags experimental security
+ *       external/cwe/cwe-943
  */
 
 import ATM::ResultsInfo
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/SqlInjectionATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/src/SqlInjectionATM.ql
@@ -10,6 +10,7 @@
  * @security-severity 8.8
  * @id js/ml-powered/sql-injection
  * @tags experimental security
+ *       external/cwe/cwe-089
  */
 
 import experimental.adaptivethreatmodeling.SqlInjectionATM
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/TaintedPathATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/src/TaintedPathATM.ql
@@ -10,6 +10,11 @@
  * @security-severity 7.5
  * @id js/ml-powered/path-injection
  * @tags experimental security
+ *       external/cwe/cwe-022
+ *       external/cwe/cwe-023
+ *       external/cwe/cwe-036
+ *       external/cwe/cwe-073
+ *       external/cwe/cwe-099
  */
 
 import ATM::ResultsInfo
diff --git a/javascript/ql/experimental/adaptivethreatmodeling/src/XssATM.ql b/javascript/ql/experimental/adaptivethreatmodeling/src/XssATM.ql
@@ -10,6 +10,7 @@
  * @security-severity 6.1
  * @id js/ml-powered/xss
  * @tags experimental security
+ *       external/cwe/cwe-079
  */
 
 import javascript
