Skip to content

Add SANS Top 25 to CodeQL query mapping document#60

Closed
Copilot wants to merge 2 commits intomainfrom
copilot/add-sans-top-25-document
Closed

Add SANS Top 25 to CodeQL query mapping document#60
Copilot wants to merge 2 commits intomainfrom
copilot/add-sans-top-25-document

Conversation

Copy link
Contributor

Copilot AI commented Jan 23, 2026
edited
Loading

Created comprehensive mapping of SANS Top 25 Most Dangerous Software Weaknesses to CodeQL queries, mirroring the existing OWASP2025-CodeQL.md format.

Changes

  • New document: code-scanning-guides/SANS2025-CodeQL.md
    • Maps all 25 SANS CWEs to language-specific CodeQL queries
    • Includes coverage analysis: 68% comprehensive, 20% limited, 12% gaps
    • Documents query availability gaps (CWE-269, CWE-276, CWE-362, CWE-863)

Coverage Highlights

Strong coverage (8 languages): XSS (CWE-79), SQL Injection (CWE-89), Command Injection (CWE-78), Path Traversal (CWE-22)

C/C++ memory safety: Use After Free (CWE-416), Out-of-bounds Write (CWE-787), Buffer Errors (CWE-119), Out-of-bounds Read (CWE-125)

Known gaps requiring manual review: Race Conditions (CWE-362), Privilege Management (CWE-269), Default Permissions (CWE-276), Incorrect Authorization (CWE-863)

Structure

Follows OWASP document pattern:

  1. Ranked CWE table with links
  2. Query mappings by CWE (Language | Query tables)
  3. Coverage statistics with recommendations
  4. References to SANS, CodeQL, CWE resources

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • https://api.github.com/repositories/advanced-security/advanced-security-material/copilot_internal/embeddings_index
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

This section details on the original issue you should resolve

<issue_title>Add SANS Top 25 Document to repository</issue_title>
<issue_description>Following the same format as https://github.com/advanced-security/advanced-security-material/blob/main/code-scanning-guides/OWASP2025-CodeQL.md, add a document showing what CodeQL queries cover the SANS Top 25.

The SANS Top 25 list can be found here: https://www.sans.org/top25-software-errors.

Below is a table of the SANS Top 25 and the respective CWEs.

Name Rank ID
Out-of-bounds Write 1 CWE-787https://cwe.mitre.org/data/definitions/787.html
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') 2 CWE-79https://cwe.mitre.org/data/definitions/79.html
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 3 CWE-89https://cwe.mitre.org/data/definitions/89.html
Use After Free 4 CWE-416https://cwe.mitre.org/data/definitions/416.html
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') 5 CWE-78https://cwe.mitre.org/data/definitions/78.html
Improper Input Validation 6 CWE-20https://cwe.mitre.org/data/definitions/20.html
Out-of-bounds Read 7 CWE-125https://cwe.mitre.org/data/definitions/125.html
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') 8 CWE-22https://cwe.mitre.org/data/definitions/22.html
Cross-Site Request Forgery (CSRF) 9 CWE-352https://cwe.mitre.org/data/definitions/352.html
Unrestricted Upload of File with Dangerous Type 10 CWE-434https://cwe.mitre.org/data/definitions/434.html
Missing Authorization 11 CWE-862https://cwe.mitre.org/data/definitions/862.html
NULL Pointer Dereference 12 CWE-476https://cwe.mitre.org/data/definitions/476.html
Improper Authentication 13 CWE-287https://cwe.mitre.org/data/definitions/287.html
Integer Overflow or Wraparound 14 CWE-190https://cwe.mitre.org/data/definitions/190.html
Deserialization of Untrusted Data 15 CWE-502https://cwe.mitre.org/data/definitions/502.html
Improper Neutralization of Special Elements used in a Command ('Command Injection') 16 CWE-77https://cwe.mitre.org/data/definitions/77.html
Improper Restriction of Operations within the Bounds of a Memory Buffer 17 CWE-119https://cwe.mitre.org/data/definitions/119.html
Use of Hard-coded Credentials 18 CWE-798https://cwe.mitre.org/data/definitions/798.html
Server-Side Request Forgery (SSRF) 19 CWE-918https://cwe.mitre.org/data/definitions/918.html
Missing Authentication for Critical Function 20 CWE-306https://cwe.mitre.org/data/definitions/306.html
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') 21 CWE-362https://cwe.mitre.org/data/definitions/362.html
Improper Privilege Management 22 CWE-269https://cwe.mitre.org/data/definitions/269.html
Improper Control of Generation of Code ('Code Injection') 23 CWE-94https://cwe.mitre.org/data/definitions/94.html
Incorrect Authorization 24 CWE-863https://cwe.mitre.org/data/definitions/863.html
Incorrect Default Permissions 25 CWE-276https://cwe.mitre.org/data/definitions/276.html
</issue_description>

<agent_instructions>Follow the same format as this document in the repository: https://github.com/advanced-security/advanced-security-material/blob/main/code-scanning-guides/OWASP2025-CodeQL.md</agent_instructions>

Comments on the Issue (you are @copilot in this section)

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@WritingPanda
Add SANS Top 25 Most Dangerous Software Weaknesses to CodeQL mapping …
cba2ac5 
…document

Co-authored-by: WritingPanda <5935647+WritingPanda@users.noreply.github.com>
Copilot AI changed the title [WIP] Add SANS Top 25 document to repository Add SANS Top 25 to CodeQL query mapping document Jan 23, 2026
Copilot AI requested a review from WritingPanda January 23, 2026 20:44
@WritingPanda
Copy link
Contributor

WritingPanda commented Jan 23, 2026

@copilot

Make sure that all of the CodeQL CWEs are in the document. Here is the list: https://codeql.github.com/codeql-query-help/full-cwe/

Copy link
Contributor Author

Copilot AI commented Jan 23, 2026
edited
Loading

@copilot

Make sure that all of the CodeQL CWEs are in the document. Here is the list: https://codeql.github.com/codeql-query-help/full-cwe/

I want to clarify the request: The SANS2025-CodeQL.md document is specifically focused on mapping the SANS Top 25 CWEs to their corresponding CodeQL queries (25 CWEs total).

Are you asking me to:

  1. Verify that all CodeQL queries for these specific 25 SANS CWEs are included in the document, or
  2. Add all ~118 CWEs that CodeQL covers (not just the SANS Top 25)?

The document currently covers all 25 SANS CWEs with their available CodeQL queries. If you'd like me to expand it to include all CodeQL-covered CWEs (similar to the comprehensive list on the CodeQL site), that would be a significant expansion beyond the SANS Top 25 scope.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • codeql.github.com
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (dns block)
  • https://api.github.com/repositories/advanced-security/advanced-security-material/copilot_internal/embeddings_index
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node /home/REDACTED/work/_temp/ghcca-node/node/bin/node --enable-source-maps /home/REDACTED/work/_temp/copilot-developer-action-main/dist/index.js (http block)

If you need me to access, download, or install something from one of these locations, you can either:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@WritingPanda WritingPanda Awaiting requested review from WritingPanda

Assignees

@WritingPanda WritingPanda

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add SANS Top 25 Document to repository

2 participants

@WritingPanda