From 2ae79d0f1e3b749f9706255c6f3b4e5c6bf01b11 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 9 Jul 2026 17:09:07 +0200 Subject: [PATCH 1/3] C#: Remove misplaced change note After almost 4 years it does not seem to be relevant anymore to propagate this to the change log. --- .../change-notes/released/2022-11-07-constant-expression.md | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 csharp/ql/src/change-notes/released/2022-11-07-constant-expression.md diff --git a/csharp/ql/src/change-notes/released/2022-11-07-constant-expression.md b/csharp/ql/src/change-notes/released/2022-11-07-constant-expression.md deleted file mode 100644 index 9e2d667d2ebb..000000000000 --- a/csharp/ql/src/change-notes/released/2022-11-07-constant-expression.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The `Constant Condition` query was extended to catch cases when `String.IsNullOrEmpty` returns a constant value. \ No newline at end of file From 66fea698a20b62b1c1afb867d6bfea9400710397 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 9 Jul 2026 17:10:13 +0200 Subject: [PATCH 2/3] C#: Add CWE-73 tag to `cs/assembly-path-injection` Use of CWE-114 is discoraged, and CWE-73 seems appropriate as the assembly path is user controlled here. --- .../ql/src/Security Features/CWE-114/AssemblyPathInjection.ql | 1 + csharp/ql/src/change-notes/2026-07-09-CWE-114.md | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 csharp/ql/src/change-notes/2026-07-09-CWE-114.md diff --git a/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql b/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql index 9cd6fc68b4ce..a17e23fc37d6 100644 --- a/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql +++ b/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql @@ -9,6 +9,7 @@ * @security-severity 8.2 * @precision high * @tags security + * external/cwe/cwe-073 * external/cwe/cwe-114 */ diff --git a/csharp/ql/src/change-notes/2026-07-09-CWE-114.md b/csharp/ql/src/change-notes/2026-07-09-CWE-114.md new file mode 100644 index 000000000000..928a4cc497aa --- /dev/null +++ b/csharp/ql/src/change-notes/2026-07-09-CWE-114.md @@ -0,0 +1,4 @@ +--- +category: queryMetadata +--- +* Added the tag `external/cwe/cwe-073` to `cs/assembly-path-injection`. From 72efb6a0586e860727fe39598ccc931f24895ea9 Mon Sep 17 00:00:00 2001 From: Jeroen Ketema Date: Thu, 9 Jul 2026 17:11:58 +0200 Subject: [PATCH 3/3] C++: Add CWE 73 and CWE 78 tags to `cpp/uncontrolled-process-operation` User controlled data here either leads to the loading of an uncontrolled library (CWE 73) or the execution of an uncontrolled command (CWE 78). --- .../src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql | 2 ++ cpp/ql/src/change-notes/2026-07-09-CWE-114.md | 4 ++++ 2 files changed, 6 insertions(+) create mode 100644 cpp/ql/src/change-notes/2026-07-09-CWE-114.md diff --git a/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql b/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql index 7d2513d25e33..f321fc37c284 100644 --- a/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql +++ b/cpp/ql/src/Security/CWE/CWE-114/UncontrolledProcessOperation.ql @@ -9,6 +9,8 @@ * @precision medium * @id cpp/uncontrolled-process-operation * @tags security + * external/cwe/cwe-073 + * external/cwe/cwe-078 * external/cwe/cwe-114 */ diff --git a/cpp/ql/src/change-notes/2026-07-09-CWE-114.md b/cpp/ql/src/change-notes/2026-07-09-CWE-114.md new file mode 100644 index 000000000000..f766678232ef --- /dev/null +++ b/cpp/ql/src/change-notes/2026-07-09-CWE-114.md @@ -0,0 +1,4 @@ +--- +category: queryMetadata +--- +* Added the tags `external/cwe/cwe-073` and `external/cwe/cwe-078` to `cpp/uncontrolled-process-operation`.