Add security tag to java/random-used-once

smowton · web-flow · commit 16aa53a92858 · 2022-01-17T10:35:34.000Z
Raised in #7601, this is one of the only .ql files that has a security-severity score but not the tag "security", including many other queries that live outside the `Security/` subdirectory. Besides this the only other files with this security-severity-but-no-security-tag combination are: ``` java/ql/src/Frameworks/JavaEE/EJB/EjbContainerInterference.ql java/ql/src/Frameworks/JavaEE/EJB/EjbFileIO.ql java/ql/src/Frameworks/JavaEE/EJB/EjbNative.ql java/ql/src/Frameworks/JavaEE/EJB/EjbReflection.ql java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.ql java/ql/src/Frameworks/JavaEE/EJB/EjbSerialization.ql java/ql/src/Frameworks/JavaEE/EJB/EjbSetSocketOrUrlFactory.ql ``` Given their location I'm assuming these queries are disabled by default and likely shouldn't changed?
diff --git a/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql b/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql
@@ -9,6 +9,7 @@
  * @id java/random-used-once
  * @tags reliability
  *       maintainability
+ *       security
  *       external/cwe/cwe-335
  */
 
