cleanup

chanel-y · chanel-y · commit e91912e30df1 · 2025-04-21T16:50:36.000-07:00
diff --git a/powershell/ql/src/experimental/HardcodedComputerName.ql b/powershell/ql/src/experimental/HardcodedComputerName.ql
@@ -1,12 +1,11 @@
 /**
  * @name Hardcoded Computer Name
- * @description Using externally controlled strings in a command line may allow a malicious
- *              user to change the meaning of the command.
+ * @description Do not hardcode computer names in powershell scripts.
  * @kind problem
  * @problem.severity error
- * @security-severity 9.8
+ * @security-severity 7.0
  * @precision high
- * @id powershell/microsoft/public/command-injection
+ * @id powershell/microsoft/public/hardcoded-computer-name
  * @tags correctness
  *       security
  *       external/cwe/cwe-078
diff --git a/powershell/ql/src/experimental/UseOfReservedCmdletChar.ql b/powershell/ql/src/experimental/UseOfReservedCmdletChar.ql
@@ -1,12 +1,11 @@
 /**
- * @name Hardcoded Computer Name
- * @description Using externally controlled strings in a command line may allow a malicious
- *              user to change the meaning of the command.
+ * @name Reserved Characters in Function Name
+ * @description Do not use reserved characters in function names
  * @kind problem
  * @problem.severity error
- * @security-severity 9.8
+ * @security-severity 7.0
  * @precision high
- * @id powershell/microsoft/public/command-injection
+ * @id powershell/microsoft/public/reserved-characters-in-function-name
  * @tags correctness
  *       security
  *       external/cwe/cwe-078
diff --git a/powershell/ql/src/experimental/UsernameOrPasswordParameter.ql b/powershell/ql/src/experimental/UsernameOrPasswordParameter.ql
@@ -1,12 +1,11 @@
 /**
- * @name Hardcoded Computer Name
- * @description Using externally controlled strings in a command line may allow a malicious
- *              user to change the meaning of the command.
+ * @name Use of Username or Password parameter
+ * @description Do not use username or password parameters
  * @kind problem
  * @problem.severity error
- * @security-severity 9.8
+ * @security-severity 7.0
  * @precision high
- * @id powershell/microsoft/public/command-injection
+ * @id powershell/microsoft/public/username-or-password-parameter
  * @tags correctness
  *       security
  *       external/cwe/cwe-078
@@ -15,10 +14,6 @@
 
  import powershell
 
-// from Expr e 
-// where e.getLocation().getFile().getBaseName() = "AvoidUsingUsernameAndPasswordParams.ps1"
-// select e, e.getAQlClass()
-
 from Parameter p
 where p.getName().toLowerCase() = ["username", "password"]
 select p, "Do not use username or password parameters."
