Merge pull request #19723 from apsscolari/update-precision-java-concatenated-command-line

Update precision java concatenated command line
2026-04-22 15:25:18 +02:00 · 2025-06-12 09:23:00 +01:00
parent fdf1dca28f a07ce30d30
commit 23cbc6abc4
3 changed files with 5 additions and 2 deletions
--- a/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected
+++ b/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected
@@ -12,7 +12,6 @@ ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql
 ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql
 ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql
 ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql
-ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
 ql/java/ql/src/Security/CWE/CWE-079/XSS.ql
 ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
 ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql
--- a/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
+++ b/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
@@ -5,7 +5,7 @@
 * @kind problem
 * @problem.severity error
 * @security-severity 9.8
- * @precision high
+ * @precision medium
 * @id java/concatenated-command-line
 * @tags security
 *       external/cwe/cwe-078
--- a/java/ql/src/change-notes/2025-06-10-reduce-precision-for-building-cmdline-with-string-concatenation.md
+++ b/java/ql/src/change-notes/2025-06-10-reduce-precision-for-building-cmdline-with-string-concatenation.md
@@ -0,0 +1,4 @@
+---
+category: queryMetadata
+---
+* Adjusts the `@precision` from high to medium for `java/concatenated-command-line` because it is producing false positive alerts when the concatenated strings are hard-coded.