Merge branch 'main' into post-release-prep/codeql-cli-2.25.0

2026-04-28 18:25:24 +02:00 · 2026-03-19 13:07:00 +01:00
parent e3dbf5b022 7d538988a6
commit 2139b97628
71 changed files with 2031 additions and 1831 deletions
--- a/swift/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md
+++ b/swift/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md
@@ -0,0 +1,4 @@
+---
+category: queryMetadata
+---
+* The `@security-severity` metadata of `swift/unsafe-webview-fetch` has been increased from 6.1 (medium) to 7.8 (high).
--- a/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql
+++ b/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql
@@ -3,7 +3,7 @@
 * @description Fetching data in a WebView without restricting the base URL may allow an attacker to access sensitive local data, or enable cross-site scripting attack.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 6.1
+ * @security-severity 7.8
 * @precision high
 * @id swift/unsafe-webview-fetch
 * @tags security