add missing severities to JS queries

2026-05-01 19:55:15 +02:00 · 2022-03-16 10:40:34 +01:00
parent b45f56ac08
commit 2442beaf9a
2 changed files with 2 additions and 0 deletions
--- a/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql
+++ b/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql
@@ -4,6 +4,7 @@
 *              user to execute arbitrary code.
 * @kind path-problem
 * @problem.severity warning
+ * @security-severity 6.1
 * @precision medium
 * @id js/unsafe-code-construction
 * @tags security
--- a/javascript/ql/src/Security/CWE-347/MissingJWTKeyVerification.ql
+++ b/javascript/ql/src/Security/CWE-347/MissingJWTKeyVerification.ql
@@ -3,6 +3,7 @@
 * @description The application does not verify the JWT payload with a cryptographic secret or public key.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 7.0
 * @precision high
 * @id js/jwt-missing-verification
 * @tags security