Add security severity and change note

2025-12-24 04:36:35 +01:00 · 2022-08-05 17:41:00 +01:00
parent 9ae652dd6a
commit 08b77493d2
2 changed files with 5 additions and 0 deletions
--- a/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
+++ b/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
@@ -3,6 +3,7 @@
 * @description Using RSA encryption without OAEP padding can lead to a padding oracle attack, weakening the encryption.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 7.5
 * @precision high
 * @id java/rsa-without-oaep
 * @tags security
--- a/java/ql/src/change-notes/2022-08-05-rsa-without-oaep.md
+++ b/java/ql/src/change-notes/2022-08-05-rsa-without-oaep.md
@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* A new query "Use of RSA algorithm without OAEP" (`java/rsa-without-oaep`) has been added. This query finds uses of RSA encryption that don't use the OAEP scheme.