Merge pull request #15720 from RasmusWL/nosql-precision

Python: Add precision to NoSQL query
2026-04-28 18:25:24 +02:00 · 2024-03-04 14:44:46 +01:00
parent 569bb991d4 fbf6727809
commit 00e77a3ddb
2 changed files with 5 additions and 0 deletions
--- a/python/ql/src/Security/CWE-943/NoSqlInjection.ql
+++ b/python/ql/src/Security/CWE-943/NoSqlInjection.ql
@@ -3,6 +3,7 @@
 * @description Building a NoSQL query from user-controlled sources is vulnerable to insertion of
 *              malicious NoSQL code by the user.
 * @kind path-problem
+ * @precision high
 * @problem.severity error
 * @security-severity 8.8
 * @id py/nosql-injection
--- a/python/ql/src/change-notes/2024-03-04-nosql-injection.md
+++ b/python/ql/src/change-notes/2024-03-04-nosql-injection.md
@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* The query `py/nosql-injection` for finding NoSQL injection vulnerabilities is now part of the default security suite.