hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-31 12:48:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into post-release-prep/codeql-cli-2.25.0

Browse Source
This commit is contained in:
Óscar San José
2026-03-19 13:07:00 +01:00
committed by GitHub
parent e3dbf5b022 7d538988a6
commit 2139b97628
71 changed files with 2031 additions and 1831 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
View File

@@ -4,7 +4,7 @@
* @description Exposing a Java object in a WebView with a JavaScript interface can lead to malicious JavaScript controlling the application.
* @kind problem
* @problem.severity warning
* @security-severity 6.1
* @security-severity 7.8
* @precision medium
* @tags security
* external/cwe/cwe-079

2
java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
View File

@@ -4,7 +4,7 @@
* @kind problem
* @id java/android/websettings-javascript-enabled
* @problem.severity warning
* @security-severity 6.1
* @security-severity 7.8
* @precision medium
* @tags security
* external/cwe/cwe-079

2
java/ql/src/Security/CWE/CWE-079/XSS.ql
View File

@@ -4,7 +4,7 @@
* allows for a cross-site scripting vulnerability.
* @kind path-problem
* @problem.severity error
* @security-severity 6.1
* @security-severity 7.8
* @precision high
* @id java/xss
* @tags security

2
java/ql/src/Security/CWE/CWE-117/LogInjection.ql
View File

@@ -4,7 +4,7 @@
* insertion of forged log entries by malicious users.
* @kind path-problem
* @problem.severity error
* @security-severity 7.8
* @security-severity 6.1
* @precision medium
* @id java/log-injection
* @tags security

5
java/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: queryMetadata
---
* The `@security-severity` metadata of `java/log-injection` has been reduced from 7.8 (high) to 6.1 (medium).
* The `@security-severity` metadata of `java/android/webview-addjavascriptinterface`, `java/android/websettings-javascript-enabled` and `java/xss` has been increased from 6.1 (medium) to 7.8 (high).