From ba97b92148c2c5a2e991335b00d660a8db574550 Mon Sep 17 00:00:00 2001 From: Dilan Bhalla Date: Thu, 6 Feb 2025 23:41:09 -0800 Subject: [PATCH 1/2] microsoft public namespace edit --- cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql | 2 +- .../Likely Bugs/Leap Year/AntiPattern5InvalidLeapYearCheck.ql | 2 +- cpp/ql/src/Likely Bugs/Leap Year/LeapYearConditionalLogic.ql | 2 +- .../Leap Year/UncheckedLeapYearAfterYearModification.ql | 2 +- .../Leap Year/UncheckedReturnValueForTimeFunctions.ql | 2 +- cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql | 2 +- cpp/ql/src/Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql | 2 +- .../Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql | 2 +- .../Likely Bugs/SizeOfMisuse/ArgumentIsSizeofOrOperation.ql | 2 +- .../Microsoft/Likely Bugs/SizeOfMisuse/SizeOfConstIntMacro.ql | 2 +- cpp/ql/src/Microsoft/Security/Cryptography/BannedEncryption.ql | 2 +- cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCAPI.ql | 2 +- cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCNG.ql | 2 +- cpp/ql/src/Microsoft/Security/Cryptography/HardcodedIVCNG.ql | 2 +- .../Security/Cryptography/WeakKDFBannedHashAlgorithm.ql | 2 +- .../Microsoft/Security/Cryptography/WeakKDFLowIterationCount.ql | 2 +- .../Microsoft/Security/Cryptography/WeakKDFSmallKeyLength.ql | 2 +- .../src/Microsoft/Security/Cryptography/WeakKDFSmallSaltSize.ql | 2 +- .../MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql | 2 +- .../Microsoft/Security/Protocols/HardCodedSecurityProtocol.ql | 2 +- .../Security/Protocols/UseOfDeprecatedSecurityProtocol.ql | 2 +- powershell/ql/src/experimental/CommandInjection.ql | 2 +- powershell/ql/src/queries/security/cwe-078/CommandInjection.ql | 2 +- .../ql/src/queries/security/cwe-078/DoNotUseInvokeExpression.ql | 2 +- 24 files changed, 24 insertions(+), 24 deletions(-) diff --git a/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql b/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql index b605b529a074..e4af10ef9109 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql @@ -5,7 +5,7 @@ * into account. * @kind problem * @problem.severity error - * @id cpp/microsoft-public/leap-year/adding-365-days-per-year + * @id cpp/microsoft/microsoft-public/leap-year/adding-365-days-per-year * @precision medium * @tags leap-year * correctness diff --git a/cpp/ql/src/Likely Bugs/Leap Year/AntiPattern5InvalidLeapYearCheck.ql b/cpp/ql/src/Likely Bugs/Leap Year/AntiPattern5InvalidLeapYearCheck.ql index d1e709ae5dd2..4f2e67f96401 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/AntiPattern5InvalidLeapYearCheck.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/AntiPattern5InvalidLeapYearCheck.ql @@ -3,7 +3,7 @@ * @description An expression is used to check a year is presumably a leap year, but the conditions used are insufficient. * @kind problem * @problem.severity warning - * @id cpp/microsoft-public/leap-year/invalid-leap-year-check + * @id cpp/microsoft/microsoft-public/leap-year/invalid-leap-year-check * @precision medium * @tags leap-year * correctness diff --git a/cpp/ql/src/Likely Bugs/Leap Year/LeapYearConditionalLogic.ql b/cpp/ql/src/Likely Bugs/Leap Year/LeapYearConditionalLogic.ql index 9fe41e599344..b1c0ce1ab1aa 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/LeapYearConditionalLogic.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/LeapYearConditionalLogic.ql @@ -3,7 +3,7 @@ * @description Conditional logic is present for leap years and common years, potentially leading to untested code pathways. * @kind problem * @problem.severity warning - * @id cpp/microsoft-public/leap-year/conditional-logic-branches + * @id cpp/microsoft/microsoft-public/leap-year/conditional-logic-branches * @precision medium * @tags leap-year * correctness diff --git a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql index 0d7512a10efc..4f0d96414714 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql @@ -3,7 +3,7 @@ * @description A field that represents a year is being modified by an arithmetic operation, but no proper check for leap years can be detected afterwards. * @kind problem * @problem.severity warning - * @id cpp/microsoft-public/leap-year/unchecked-after-arithmetic-year-modification + * @id cpp/microsoft/microsoft-public/leap-year/unchecked-after-arithmetic-year-modification * @precision medium * @tags leap-year * correctness diff --git a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql index 9cf153685224..9d18630a6db9 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql @@ -5,7 +5,7 @@ * invalid dates. * @kind problem * @problem.severity warning - * @id cpp/microsoft-public/leap-year/unchecked-return-value-for-time-conversion-function + * @id cpp/microsoft/microsoft-public/leap-year/unchecked-return-value-for-time-conversion-function * @precision medium * @tags leap-year * correctness diff --git a/cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql b/cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql index af5788eda3b9..54e9b266f551 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql @@ -4,7 +4,7 @@ * An access on a leap year could result in buffer overflow bugs. * @kind problem * @problem.severity warning - * @id cpp/microsoft-public/leap-year/unsafe-array-for-days-of-the-year + * @id cpp/microsoft/microsoft-public/leap-year/unsafe-array-for-days-of-the-year * @precision low * @tags leap-year * correctness diff --git a/cpp/ql/src/Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql b/cpp/ql/src/Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql index 1c507a311851..88c99c8c3849 100644 --- a/cpp/ql/src/Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql +++ b/cpp/ql/src/Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql @@ -9,7 +9,7 @@ * @tags security * external/cwe/cwe-190 * external/cwe/cwe-191 - * @id cpp/microsoft-public/badoverflowguard + * @id cpp/microsoft/microsoft-public/badoverflowguard */ import cpp diff --git a/cpp/ql/src/Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql b/cpp/ql/src/Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql index e4ed5910db64..89e7d27d6dfe 100644 --- a/cpp/ql/src/Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql +++ b/cpp/ql/src/Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql @@ -1,5 +1,5 @@ /** - * @id cpp/microsoft-public/drivers/incorrect-usage-of-rtlcomparememory + * @id cpp/microsoft/microsoft-public/drivers/incorrect-usage-of-rtlcomparememory * @name Incorrect usage of RtlCompareMemory * @description `RtlCompareMemory` routine compares two blocks of memory and returns the number of bytes that match, not a boolean value indicating a full comparison like `RtlEqualMemory` does. * This query detects the return value of `RtlCompareMemory` being handled as a boolean. diff --git a/cpp/ql/src/Microsoft/Likely Bugs/SizeOfMisuse/ArgumentIsSizeofOrOperation.ql b/cpp/ql/src/Microsoft/Likely Bugs/SizeOfMisuse/ArgumentIsSizeofOrOperation.ql index 7337b8aaae6a..3875dbcf6295 100644 --- a/cpp/ql/src/Microsoft/Likely Bugs/SizeOfMisuse/ArgumentIsSizeofOrOperation.ql +++ b/cpp/ql/src/Microsoft/Likely Bugs/SizeOfMisuse/ArgumentIsSizeofOrOperation.ql @@ -1,5 +1,5 @@ /** - * @id cpp/microsoft-public/sizeof/sizeof-or-operation-as-argument + * @id cpp/microsoft/microsoft-public/sizeof/sizeof-or-operation-as-argument * @name Usage of an expression that is a binary operation, or sizeof call passed as an argument to a sizeof call * @description When the `expr` passed to `sizeof` is a binary operation, or a sizeof call, this is typically a sign that there is a confusion on the usage of sizeof. * @tags security diff --git a/cpp/ql/src/Microsoft/Likely Bugs/SizeOfMisuse/SizeOfConstIntMacro.ql b/cpp/ql/src/Microsoft/Likely Bugs/SizeOfMisuse/SizeOfConstIntMacro.ql index f57291f926ab..73ec4c04b44c 100644 --- a/cpp/ql/src/Microsoft/Likely Bugs/SizeOfMisuse/SizeOfConstIntMacro.ql +++ b/cpp/ql/src/Microsoft/Likely Bugs/SizeOfMisuse/SizeOfConstIntMacro.ql @@ -1,5 +1,5 @@ /** - * @id cpp/microsoft-public/sizeof/const-int-argument + * @id cpp/microsoft/microsoft-public/sizeof/const-int-argument * @name Passing a constant integer macro to sizeof * @description The expression passed to sizeof is a macro that expands to an integer constant. A data type was likely intended instead. * @kind problem diff --git a/cpp/ql/src/Microsoft/Security/Cryptography/BannedEncryption.ql b/cpp/ql/src/Microsoft/Security/Cryptography/BannedEncryption.ql index af5c861bd588..ef622148fc22 100644 --- a/cpp/ql/src/Microsoft/Security/Cryptography/BannedEncryption.ql +++ b/cpp/ql/src/Microsoft/Security/Cryptography/BannedEncryption.ql @@ -2,7 +2,7 @@ * @name Weak cryptography * @description Finds explicit uses of symmetric encryption algorithms that are weak, obsolete, or otherwise unapproved. * @kind problem - * @id cpp/microsoft-public/weak-crypto/banned-encryption-algorithms + * @id cpp/microsoft/microsoft-public/weak-crypto/banned-encryption-algorithms * @problem.severity error * @precision high * @tags security diff --git a/cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCAPI.ql b/cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCAPI.ql index bb3a794c2080..6db3ce7bc110 100644 --- a/cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCAPI.ql +++ b/cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCAPI.ql @@ -2,7 +2,7 @@ * @name Weak cryptography * @description Finds explicit uses of block cipher chaining mode algorithms that are not approved. (CAPI) * @kind problem - * @id cpp/microsoft-public/weak-crypto/capi/banned-modes + * @id cpp/microsoft/microsoft-public/weak-crypto/capi/banned-modes * @problem.severity error * @precision high * @tags security diff --git a/cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCNG.ql b/cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCNG.ql index 66d2ea49a2a4..5c1b7ac158d9 100644 --- a/cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCNG.ql +++ b/cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCNG.ql @@ -2,7 +2,7 @@ * @name Weak cryptography * @description Finds explicit uses of block cipher chaining mode algorithms that are not approved. (CNG) * @kind problem - * @id cpp/microsoft-public/weak-crypto/cng/banned-modes + * @id cpp/microsoft/microsoft-public/weak-crypto/cng/banned-modes * @problem.severity error * @precision high * @tags security diff --git a/cpp/ql/src/Microsoft/Security/Cryptography/HardcodedIVCNG.ql b/cpp/ql/src/Microsoft/Security/Cryptography/HardcodedIVCNG.ql index c7782d2dea84..280da912dc8d 100644 --- a/cpp/ql/src/Microsoft/Security/Cryptography/HardcodedIVCNG.ql +++ b/cpp/ql/src/Microsoft/Security/Cryptography/HardcodedIVCNG.ql @@ -2,7 +2,7 @@ * @name Weak cryptography * @description Finds usage of a static (hardcoded) IV. (CNG) * @kind problem - * @id cpp/microsoft-public/weak-crypto/cng/hardcoded-iv + * @id cpp/microsoft/microsoft-public/weak-crypto/cng/hardcoded-iv * @problem.severity error * @precision high * @tags security diff --git a/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFBannedHashAlgorithm.ql b/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFBannedHashAlgorithm.ql index 628aa0fc4788..28cae5d2263e 100644 --- a/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFBannedHashAlgorithm.ql +++ b/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFBannedHashAlgorithm.ql @@ -2,7 +2,7 @@ * @name KDF may only use SHA256/384/512 in generating a key. * @description KDF may only use SHA256/384/512 in generating a key. * @kind problem - * @id cpp/microsoft-public/kdf-insecure-hash + * @id cpp/microsoft/microsoft-public/kdf-insecure-hash * @problem.severity error * @precision high * @tags security diff --git a/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFLowIterationCount.ql b/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFLowIterationCount.ql index bf990d33bb27..e3e18b5ea020 100644 --- a/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFLowIterationCount.ql +++ b/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFLowIterationCount.ql @@ -7,7 +7,7 @@ * The rationale currently is that this query is meant to validate common uses of key derivation. * Non-common uses (modifying the iteration count somehow or getting the count from outside sources) are assumed to be intentional. * @kind problem - * @id cpp/microsoft-public/kdf-low-iteration-count + * @id cpp/microsoft/microsoft-public/kdf-low-iteration-count * @problem.severity error * @precision high * @tags security diff --git a/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFSmallKeyLength.ql b/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFSmallKeyLength.ql index 40c48f799681..5304c44f57ee 100644 --- a/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFSmallKeyLength.ql +++ b/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFSmallKeyLength.ql @@ -6,7 +6,7 @@ * The rationale currently is that this query is meant to validate common uses of key derivation. * Non-common uses (modifying the values somehow or getting the count from outside sources) are assumed to be intentional. * @kind problem - * @id cpp/microsoft-public/kdf-small-key-size + * @id cpp/microsoft/microsoft-public/kdf-small-key-size * @problem.severity error * @precision high * @tags security diff --git a/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFSmallSaltSize.ql b/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFSmallSaltSize.ql index a7164af6f74d..d2c8bae30f89 100644 --- a/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFSmallSaltSize.ql +++ b/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFSmallSaltSize.ql @@ -6,7 +6,7 @@ * The rationale currently is that this query is meant to validate common uses of key derivation. * Non-common uses (modifying the values somehow or getting the count from outside sources) are assumed to be intentional. * @kind problem - * @id cpp/microsoft-public/kdf-small-salt-size + * @id cpp/microsoft/microsoft-public/kdf-small-salt-size * @problem.severity error * @precision high * @tags security diff --git a/cpp/ql/src/Microsoft/Security/MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql b/cpp/ql/src/Microsoft/Security/MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql index 93077249d920..bc092c90e5b7 100644 --- a/cpp/ql/src/Microsoft/Security/MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql +++ b/cpp/ql/src/Microsoft/Security/MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql @@ -9,7 +9,7 @@ * @kind problem * @problem.severity error * @precision high - * @id cpp/microsoft-public/enum-index + * @id cpp/microsoft/microsoft-public/enum-index * @tags security * external/cwe/cwe-125 * external/microsoft/c33010 diff --git a/cpp/ql/src/Microsoft/Security/Protocols/HardCodedSecurityProtocol.ql b/cpp/ql/src/Microsoft/Security/Protocols/HardCodedSecurityProtocol.ql index 963fc666c459..45c64b5af375 100644 --- a/cpp/ql/src/Microsoft/Security/Protocols/HardCodedSecurityProtocol.ql +++ b/cpp/ql/src/Microsoft/Security/Protocols/HardCodedSecurityProtocol.ql @@ -4,7 +4,7 @@ * risky because the protocol may become deprecated in future. * @kind problem * @problem.severity warning - * @id cpp/microsoft-public/hardcoded-security-protocol + * @id cpp/microsoft/microsoft-public/hardcoded-security-protocol */ import cpp diff --git a/cpp/ql/src/Microsoft/Security/Protocols/UseOfDeprecatedSecurityProtocol.ql b/cpp/ql/src/Microsoft/Security/Protocols/UseOfDeprecatedSecurityProtocol.ql index b367c5c5bf04..36ff1c26dc27 100644 --- a/cpp/ql/src/Microsoft/Security/Protocols/UseOfDeprecatedSecurityProtocol.ql +++ b/cpp/ql/src/Microsoft/Security/Protocols/UseOfDeprecatedSecurityProtocol.ql @@ -3,7 +3,7 @@ * @description Using a deprecated security protocol rather than the system default is risky. * @kind problem * @problem.severity error - * @id cpp/microsoft-public/use-of-deprecated-security-protocol + * @id cpp/microsoft/microsoft-public/use-of-deprecated-security-protocol */ import cpp diff --git a/powershell/ql/src/experimental/CommandInjection.ql b/powershell/ql/src/experimental/CommandInjection.ql index 01dff40c9f1e..7e2855af2b85 100644 --- a/powershell/ql/src/experimental/CommandInjection.ql +++ b/powershell/ql/src/experimental/CommandInjection.ql @@ -2,7 +2,7 @@ * @name Command Injection * @description Variable expression executed as command * @kind problem - * @id powershell/microsoft-public/tainted-command + * @id powershell/microsoft/microsoft-public/tainted-command * @problem.severity warning * @precision low * @tags security diff --git a/powershell/ql/src/queries/security/cwe-078/CommandInjection.ql b/powershell/ql/src/queries/security/cwe-078/CommandInjection.ql index 1f50bb224955..70decd7725c6 100644 --- a/powershell/ql/src/queries/security/cwe-078/CommandInjection.ql +++ b/powershell/ql/src/queries/security/cwe-078/CommandInjection.ql @@ -6,7 +6,7 @@ * @problem.severity error * @security-severity 9.8 * @precision high - * @id powershell/microsoft-public/command-injection + * @id powershell/microsoft/microsoft-public/command-injection * @tags correctness * security * external/cwe/cwe-078 diff --git a/powershell/ql/src/queries/security/cwe-078/DoNotUseInvokeExpression.ql b/powershell/ql/src/queries/security/cwe-078/DoNotUseInvokeExpression.ql index 561b776f5ffc..cc3d52bf9cc3 100644 --- a/powershell/ql/src/queries/security/cwe-078/DoNotUseInvokeExpression.ql +++ b/powershell/ql/src/queries/security/cwe-078/DoNotUseInvokeExpression.ql @@ -5,7 +5,7 @@ * @problem.severity error * @security-severity 9.8 * @precision high - * @id powershell/microsoft-public/do-not-use-invoke-expression + * @id powershell/microsoft/microsoft-public/do-not-use-invoke-expression * @tags security */ import powershell From 414feffcaabb0864b45909105c6450799d7e2c81 Mon Sep 17 00:00:00 2001 From: Dilan Bhalla Date: Fri, 7 Feb 2025 10:09:34 -0800 Subject: [PATCH 2/2] microsoft-public -> public --- cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql | 2 +- .../Likely Bugs/Leap Year/AntiPattern5InvalidLeapYearCheck.ql | 2 +- cpp/ql/src/Likely Bugs/Leap Year/LeapYearConditionalLogic.ql | 2 +- .../Leap Year/UncheckedLeapYearAfterYearModification.ql | 2 +- .../Leap Year/UncheckedReturnValueForTimeFunctions.ql | 2 +- cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql | 2 +- cpp/ql/src/Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql | 2 +- .../Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql | 2 +- .../Likely Bugs/SizeOfMisuse/ArgumentIsSizeofOrOperation.ql | 2 +- .../Microsoft/Likely Bugs/SizeOfMisuse/SizeOfConstIntMacro.ql | 2 +- cpp/ql/src/Microsoft/Security/Cryptography/BannedEncryption.ql | 2 +- cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCAPI.ql | 2 +- cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCNG.ql | 2 +- cpp/ql/src/Microsoft/Security/Cryptography/HardcodedIVCNG.ql | 2 +- .../Security/Cryptography/WeakKDFBannedHashAlgorithm.ql | 2 +- .../Microsoft/Security/Cryptography/WeakKDFLowIterationCount.ql | 2 +- .../Microsoft/Security/Cryptography/WeakKDFSmallKeyLength.ql | 2 +- .../src/Microsoft/Security/Cryptography/WeakKDFSmallSaltSize.ql | 2 +- .../MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql | 2 +- .../Microsoft/Security/Protocols/HardCodedSecurityProtocol.ql | 2 +- .../Security/Protocols/UseOfDeprecatedSecurityProtocol.ql | 2 +- powershell/ql/src/experimental/CommandInjection.ql | 2 +- powershell/ql/src/queries/security/cwe-078/CommandInjection.ql | 2 +- .../ql/src/queries/security/cwe-078/DoNotUseInvokeExpression.ql | 2 +- 24 files changed, 24 insertions(+), 24 deletions(-) diff --git a/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql b/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql index e4af10ef9109..341d014dae7d 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql @@ -5,7 +5,7 @@ * into account. * @kind problem * @problem.severity error - * @id cpp/microsoft/microsoft-public/leap-year/adding-365-days-per-year + * @id cpp/microsoft/public/leap-year/adding-365-days-per-year * @precision medium * @tags leap-year * correctness diff --git a/cpp/ql/src/Likely Bugs/Leap Year/AntiPattern5InvalidLeapYearCheck.ql b/cpp/ql/src/Likely Bugs/Leap Year/AntiPattern5InvalidLeapYearCheck.ql index 4f2e67f96401..7a2cb9b04df4 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/AntiPattern5InvalidLeapYearCheck.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/AntiPattern5InvalidLeapYearCheck.ql @@ -3,7 +3,7 @@ * @description An expression is used to check a year is presumably a leap year, but the conditions used are insufficient. * @kind problem * @problem.severity warning - * @id cpp/microsoft/microsoft-public/leap-year/invalid-leap-year-check + * @id cpp/microsoft/public/leap-year/invalid-leap-year-check * @precision medium * @tags leap-year * correctness diff --git a/cpp/ql/src/Likely Bugs/Leap Year/LeapYearConditionalLogic.ql b/cpp/ql/src/Likely Bugs/Leap Year/LeapYearConditionalLogic.ql index b1c0ce1ab1aa..43c8690c591a 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/LeapYearConditionalLogic.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/LeapYearConditionalLogic.ql @@ -3,7 +3,7 @@ * @description Conditional logic is present for leap years and common years, potentially leading to untested code pathways. * @kind problem * @problem.severity warning - * @id cpp/microsoft/microsoft-public/leap-year/conditional-logic-branches + * @id cpp/microsoft/public/leap-year/conditional-logic-branches * @precision medium * @tags leap-year * correctness diff --git a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql index 4f0d96414714..18ad003eb71f 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql @@ -3,7 +3,7 @@ * @description A field that represents a year is being modified by an arithmetic operation, but no proper check for leap years can be detected afterwards. * @kind problem * @problem.severity warning - * @id cpp/microsoft/microsoft-public/leap-year/unchecked-after-arithmetic-year-modification + * @id cpp/microsoft/public/leap-year/unchecked-after-arithmetic-year-modification * @precision medium * @tags leap-year * correctness diff --git a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql index 9d18630a6db9..b223080fb6b3 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql @@ -5,7 +5,7 @@ * invalid dates. * @kind problem * @problem.severity warning - * @id cpp/microsoft/microsoft-public/leap-year/unchecked-return-value-for-time-conversion-function + * @id cpp/microsoft/public/leap-year/unchecked-return-value-for-time-conversion-function * @precision medium * @tags leap-year * correctness diff --git a/cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql b/cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql index 54e9b266f551..72aa653c4dff 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql @@ -4,7 +4,7 @@ * An access on a leap year could result in buffer overflow bugs. * @kind problem * @problem.severity warning - * @id cpp/microsoft/microsoft-public/leap-year/unsafe-array-for-days-of-the-year + * @id cpp/microsoft/public/leap-year/unsafe-array-for-days-of-the-year * @precision low * @tags leap-year * correctness diff --git a/cpp/ql/src/Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql b/cpp/ql/src/Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql index 88c99c8c3849..8d220bdd62eb 100644 --- a/cpp/ql/src/Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql +++ b/cpp/ql/src/Microsoft/Likely Bugs/Conversion/BadOverflowGuard.ql @@ -9,7 +9,7 @@ * @tags security * external/cwe/cwe-190 * external/cwe/cwe-191 - * @id cpp/microsoft/microsoft-public/badoverflowguard + * @id cpp/microsoft/public/badoverflowguard */ import cpp diff --git a/cpp/ql/src/Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql b/cpp/ql/src/Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql index 89e7d27d6dfe..1470a0905465 100644 --- a/cpp/ql/src/Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql +++ b/cpp/ql/src/Microsoft/Likely Bugs/Drivers/IncorrectUsageOfRtlCompareMemory.ql @@ -1,5 +1,5 @@ /** - * @id cpp/microsoft/microsoft-public/drivers/incorrect-usage-of-rtlcomparememory + * @id cpp/microsoft/public/drivers/incorrect-usage-of-rtlcomparememory * @name Incorrect usage of RtlCompareMemory * @description `RtlCompareMemory` routine compares two blocks of memory and returns the number of bytes that match, not a boolean value indicating a full comparison like `RtlEqualMemory` does. * This query detects the return value of `RtlCompareMemory` being handled as a boolean. diff --git a/cpp/ql/src/Microsoft/Likely Bugs/SizeOfMisuse/ArgumentIsSizeofOrOperation.ql b/cpp/ql/src/Microsoft/Likely Bugs/SizeOfMisuse/ArgumentIsSizeofOrOperation.ql index 3875dbcf6295..a503cfd0cbce 100644 --- a/cpp/ql/src/Microsoft/Likely Bugs/SizeOfMisuse/ArgumentIsSizeofOrOperation.ql +++ b/cpp/ql/src/Microsoft/Likely Bugs/SizeOfMisuse/ArgumentIsSizeofOrOperation.ql @@ -1,5 +1,5 @@ /** - * @id cpp/microsoft/microsoft-public/sizeof/sizeof-or-operation-as-argument + * @id cpp/microsoft/public/sizeof/sizeof-or-operation-as-argument * @name Usage of an expression that is a binary operation, or sizeof call passed as an argument to a sizeof call * @description When the `expr` passed to `sizeof` is a binary operation, or a sizeof call, this is typically a sign that there is a confusion on the usage of sizeof. * @tags security diff --git a/cpp/ql/src/Microsoft/Likely Bugs/SizeOfMisuse/SizeOfConstIntMacro.ql b/cpp/ql/src/Microsoft/Likely Bugs/SizeOfMisuse/SizeOfConstIntMacro.ql index 73ec4c04b44c..709a33865924 100644 --- a/cpp/ql/src/Microsoft/Likely Bugs/SizeOfMisuse/SizeOfConstIntMacro.ql +++ b/cpp/ql/src/Microsoft/Likely Bugs/SizeOfMisuse/SizeOfConstIntMacro.ql @@ -1,5 +1,5 @@ /** - * @id cpp/microsoft/microsoft-public/sizeof/const-int-argument + * @id cpp/microsoft/public/sizeof/const-int-argument * @name Passing a constant integer macro to sizeof * @description The expression passed to sizeof is a macro that expands to an integer constant. A data type was likely intended instead. * @kind problem diff --git a/cpp/ql/src/Microsoft/Security/Cryptography/BannedEncryption.ql b/cpp/ql/src/Microsoft/Security/Cryptography/BannedEncryption.ql index ef622148fc22..0be6cf70086f 100644 --- a/cpp/ql/src/Microsoft/Security/Cryptography/BannedEncryption.ql +++ b/cpp/ql/src/Microsoft/Security/Cryptography/BannedEncryption.ql @@ -2,7 +2,7 @@ * @name Weak cryptography * @description Finds explicit uses of symmetric encryption algorithms that are weak, obsolete, or otherwise unapproved. * @kind problem - * @id cpp/microsoft/microsoft-public/weak-crypto/banned-encryption-algorithms + * @id cpp/microsoft/public/weak-crypto/banned-encryption-algorithms * @problem.severity error * @precision high * @tags security diff --git a/cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCAPI.ql b/cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCAPI.ql index 6db3ce7bc110..16d83e54abc6 100644 --- a/cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCAPI.ql +++ b/cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCAPI.ql @@ -2,7 +2,7 @@ * @name Weak cryptography * @description Finds explicit uses of block cipher chaining mode algorithms that are not approved. (CAPI) * @kind problem - * @id cpp/microsoft/microsoft-public/weak-crypto/capi/banned-modes + * @id cpp/microsoft/public/weak-crypto/capi/banned-modes * @problem.severity error * @precision high * @tags security diff --git a/cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCNG.ql b/cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCNG.ql index 5c1b7ac158d9..d7184114b0a7 100644 --- a/cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCNG.ql +++ b/cpp/ql/src/Microsoft/Security/Cryptography/BannedModesCNG.ql @@ -2,7 +2,7 @@ * @name Weak cryptography * @description Finds explicit uses of block cipher chaining mode algorithms that are not approved. (CNG) * @kind problem - * @id cpp/microsoft/microsoft-public/weak-crypto/cng/banned-modes + * @id cpp/microsoft/public/weak-crypto/cng/banned-modes * @problem.severity error * @precision high * @tags security diff --git a/cpp/ql/src/Microsoft/Security/Cryptography/HardcodedIVCNG.ql b/cpp/ql/src/Microsoft/Security/Cryptography/HardcodedIVCNG.ql index 280da912dc8d..86b98d807723 100644 --- a/cpp/ql/src/Microsoft/Security/Cryptography/HardcodedIVCNG.ql +++ b/cpp/ql/src/Microsoft/Security/Cryptography/HardcodedIVCNG.ql @@ -2,7 +2,7 @@ * @name Weak cryptography * @description Finds usage of a static (hardcoded) IV. (CNG) * @kind problem - * @id cpp/microsoft/microsoft-public/weak-crypto/cng/hardcoded-iv + * @id cpp/microsoft/public/weak-crypto/cng/hardcoded-iv * @problem.severity error * @precision high * @tags security diff --git a/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFBannedHashAlgorithm.ql b/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFBannedHashAlgorithm.ql index 28cae5d2263e..27f15531df56 100644 --- a/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFBannedHashAlgorithm.ql +++ b/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFBannedHashAlgorithm.ql @@ -2,7 +2,7 @@ * @name KDF may only use SHA256/384/512 in generating a key. * @description KDF may only use SHA256/384/512 in generating a key. * @kind problem - * @id cpp/microsoft/microsoft-public/kdf-insecure-hash + * @id cpp/microsoft/public/kdf-insecure-hash * @problem.severity error * @precision high * @tags security diff --git a/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFLowIterationCount.ql b/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFLowIterationCount.ql index e3e18b5ea020..53f7ab79a74d 100644 --- a/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFLowIterationCount.ql +++ b/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFLowIterationCount.ql @@ -7,7 +7,7 @@ * The rationale currently is that this query is meant to validate common uses of key derivation. * Non-common uses (modifying the iteration count somehow or getting the count from outside sources) are assumed to be intentional. * @kind problem - * @id cpp/microsoft/microsoft-public/kdf-low-iteration-count + * @id cpp/microsoft/public/kdf-low-iteration-count * @problem.severity error * @precision high * @tags security diff --git a/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFSmallKeyLength.ql b/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFSmallKeyLength.ql index 5304c44f57ee..b70e68fba371 100644 --- a/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFSmallKeyLength.ql +++ b/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFSmallKeyLength.ql @@ -6,7 +6,7 @@ * The rationale currently is that this query is meant to validate common uses of key derivation. * Non-common uses (modifying the values somehow or getting the count from outside sources) are assumed to be intentional. * @kind problem - * @id cpp/microsoft/microsoft-public/kdf-small-key-size + * @id cpp/microsoft/public/kdf-small-key-size * @problem.severity error * @precision high * @tags security diff --git a/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFSmallSaltSize.ql b/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFSmallSaltSize.ql index d2c8bae30f89..8f42679c584a 100644 --- a/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFSmallSaltSize.ql +++ b/cpp/ql/src/Microsoft/Security/Cryptography/WeakKDFSmallSaltSize.ql @@ -6,7 +6,7 @@ * The rationale currently is that this query is meant to validate common uses of key derivation. * Non-common uses (modifying the values somehow or getting the count from outside sources) are assumed to be intentional. * @kind problem - * @id cpp/microsoft/microsoft-public/kdf-small-salt-size + * @id cpp/microsoft/public/kdf-small-salt-size * @problem.severity error * @precision high * @tags security diff --git a/cpp/ql/src/Microsoft/Security/MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql b/cpp/ql/src/Microsoft/Security/MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql index bc092c90e5b7..963538355c0b 100644 --- a/cpp/ql/src/Microsoft/Security/MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql +++ b/cpp/ql/src/Microsoft/Security/MemoryAccess/EnumIndex/UncheckedBoundsEnumAsIndex.ql @@ -9,7 +9,7 @@ * @kind problem * @problem.severity error * @precision high - * @id cpp/microsoft/microsoft-public/enum-index + * @id cpp/microsoft/public/enum-index * @tags security * external/cwe/cwe-125 * external/microsoft/c33010 diff --git a/cpp/ql/src/Microsoft/Security/Protocols/HardCodedSecurityProtocol.ql b/cpp/ql/src/Microsoft/Security/Protocols/HardCodedSecurityProtocol.ql index 45c64b5af375..64c1be93c24e 100644 --- a/cpp/ql/src/Microsoft/Security/Protocols/HardCodedSecurityProtocol.ql +++ b/cpp/ql/src/Microsoft/Security/Protocols/HardCodedSecurityProtocol.ql @@ -4,7 +4,7 @@ * risky because the protocol may become deprecated in future. * @kind problem * @problem.severity warning - * @id cpp/microsoft/microsoft-public/hardcoded-security-protocol + * @id cpp/microsoft/public/hardcoded-security-protocol */ import cpp diff --git a/cpp/ql/src/Microsoft/Security/Protocols/UseOfDeprecatedSecurityProtocol.ql b/cpp/ql/src/Microsoft/Security/Protocols/UseOfDeprecatedSecurityProtocol.ql index 36ff1c26dc27..f9d957e15e26 100644 --- a/cpp/ql/src/Microsoft/Security/Protocols/UseOfDeprecatedSecurityProtocol.ql +++ b/cpp/ql/src/Microsoft/Security/Protocols/UseOfDeprecatedSecurityProtocol.ql @@ -3,7 +3,7 @@ * @description Using a deprecated security protocol rather than the system default is risky. * @kind problem * @problem.severity error - * @id cpp/microsoft/microsoft-public/use-of-deprecated-security-protocol + * @id cpp/microsoft/public/use-of-deprecated-security-protocol */ import cpp diff --git a/powershell/ql/src/experimental/CommandInjection.ql b/powershell/ql/src/experimental/CommandInjection.ql index 7e2855af2b85..695c69a573e4 100644 --- a/powershell/ql/src/experimental/CommandInjection.ql +++ b/powershell/ql/src/experimental/CommandInjection.ql @@ -2,7 +2,7 @@ * @name Command Injection * @description Variable expression executed as command * @kind problem - * @id powershell/microsoft/microsoft-public/tainted-command + * @id powershell/microsoft/public/tainted-command * @problem.severity warning * @precision low * @tags security diff --git a/powershell/ql/src/queries/security/cwe-078/CommandInjection.ql b/powershell/ql/src/queries/security/cwe-078/CommandInjection.ql index 70decd7725c6..b0640aa0a1f9 100644 --- a/powershell/ql/src/queries/security/cwe-078/CommandInjection.ql +++ b/powershell/ql/src/queries/security/cwe-078/CommandInjection.ql @@ -6,7 +6,7 @@ * @problem.severity error * @security-severity 9.8 * @precision high - * @id powershell/microsoft/microsoft-public/command-injection + * @id powershell/microsoft/public/command-injection * @tags correctness * security * external/cwe/cwe-078 diff --git a/powershell/ql/src/queries/security/cwe-078/DoNotUseInvokeExpression.ql b/powershell/ql/src/queries/security/cwe-078/DoNotUseInvokeExpression.ql index cc3d52bf9cc3..aaa4ec8c306a 100644 --- a/powershell/ql/src/queries/security/cwe-078/DoNotUseInvokeExpression.ql +++ b/powershell/ql/src/queries/security/cwe-078/DoNotUseInvokeExpression.ql @@ -5,7 +5,7 @@ * @problem.severity error * @security-severity 9.8 * @precision high - * @id powershell/microsoft/microsoft-public/do-not-use-invoke-expression + * @id powershell/microsoft/public/do-not-use-invoke-expression * @tags security */ import powershell