Merge branch 'main' into post-release-prep/codeql-cli-2.25.0

2026-04-05 15:18:20 +02:00 · 2026-03-19 13:07:00 +01:00
parent e3dbf5b022 7d538988a6
commit 2139b97628
71 changed files with 2031 additions and 1831 deletions
--- a/python/ql/src/Security/CWE-079/Jinja2WithoutEscaping.ql
+++ b/python/ql/src/Security/CWE-079/Jinja2WithoutEscaping.ql
@@ -4,7 +4,7 @@
 *              cause a cross-site scripting vulnerability.
 * @kind problem
 * @problem.severity error
- * @security-severity 6.1
+ * @security-severity 7.8
 * @precision medium
 * @id py/jinja2/autoescape-false
 * @tags security
--- a/python/ql/src/Security/CWE-079/ReflectedXss.ql
+++ b/python/ql/src/Security/CWE-079/ReflectedXss.ql
@@ -4,7 +4,7 @@
 *              allows for a cross-site scripting vulnerability.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 6.1
+ * @security-severity 7.8
 * @sub-severity high
 * @precision high
 * @id py/reflective-xss
--- a/python/ql/src/Security/CWE-117/LogInjection.ql
+++ b/python/ql/src/Security/CWE-117/LogInjection.ql
@@ -4,7 +4,7 @@
 *              insertion of forged log entries by a malicious user.
 * @kind path-problem
 * @problem.severity error
- * @security-severity 7.8
+ * @security-severity 6.1
 * @precision medium
 * @id py/log-injection
 * @tags security
--- a/python/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md
+++ b/python/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md
@@ -0,0 +1,5 @@
+---
+category: queryMetadata
+---
+* The `@security-severity` metadata of `py/log-injection` has been reduced from 7.8 (high) to 6.1 (medium).
+* The `@security-severity` metadata of `py/jinja2/autoescape-false` and `py/reflective-xss` has been increased from 6.1 (medium) to 7.8 (high).