Merge pull request #908 from xiemaisi/js/enable-ms-queries

Approved by esben-semmle
2026-04-28 02:05:14 +02:00 · 2019-02-08 17:38:27 +00:00
parent 9319d66c13 447a1db616
commit 232d81a4ed
2 changed files with 2 additions and 0 deletions
--- a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql
+++ b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql
@@ -3,6 +3,7 @@
 * @description Directly sending file data in an outbound network request can indicate unauthorized information disclosure.
 * @kind path-problem
 * @problem.severity warning
+ * @precision medium
 * @id js/file-access-to-http
 * @tags security
 *       external/cwe/cwe-200
--- a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
+++ b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
@@ -3,6 +3,7 @@
 * @description Writing user-controlled data directly to the file system allows arbitrary file upload and might indicate a backdoor.
 * @kind path-problem
 * @problem.severity warning
+ * @precision medium
 * @id js/http-to-file-access
 * @tags security
 *       external/cwe/cwe-912