Description of the issue
The rule: cpp/uncontrolled-process-operation is tagged with CWE 114. If you look at that CWE description: https://cwe.mitre.org/data/definitions/114.html, the Vulnerability Mapping to it is marked as DISCOURAGED. Meaning you shouldn't map rules to that CWE.
I haven't reviewed all the CodeQL rules but suspect this is not the only rule mapped to a DISCOURAGED CWE.
Recommendation
Seems like this rule would be better mapped to CWE 78, Command Injection.
In addition, I'd recommend you review the CWE mappings for ALL the CodeQL rules and any other mappings to DISCOURAGED CWEs should be remapped to one that is not discouraged. Or if the rule is mapped to multiple CWEs, and one of them seems like a good, not DISCOURAGED, CWE mapping, then simply drop the mapping to the DISCOURAGED CWE number.
Description of the issue
The rule: cpp/uncontrolled-process-operation is tagged with CWE 114. If you look at that CWE description: https://cwe.mitre.org/data/definitions/114.html, the Vulnerability Mapping to it is marked as DISCOURAGED. Meaning you shouldn't map rules to that CWE.
I haven't reviewed all the CodeQL rules but suspect this is not the only rule mapped to a DISCOURAGED CWE.
Recommendation
Seems like this rule would be better mapped to CWE 78, Command Injection.
In addition, I'd recommend you review the CWE mappings for ALL the CodeQL rules and any other mappings to DISCOURAGED CWEs should be remapped to one that is not discouraged. Or if the rule is mapped to multiple CWEs, and one of them seems like a good, not DISCOURAGED, CWE mapping, then simply drop the mapping to the DISCOURAGED CWE number.