From 295fd686cef30c260df7c7a9b1390917c685bbb0 Mon Sep 17 00:00:00 2001
From: Artem Smotrakov <artem.smotrakov@gmail.com>
Date: Sat, 19 Jun 2021 17:16:23 +0200
Subject: [PATCH] Make java/non-constant-time-crypto-comparison a warning

---
 .../Security/CWE/CWE-208/NonConstantTimeCryptoComparison.ql     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCryptoComparison.ql b/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCryptoComparison.ql
index 3956d76c60a..b315b3e42d6 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCryptoComparison.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCryptoComparison.ql
@@ -4,7 +4,7 @@
  *              Otherwise, an attacker may be able to implement a timing attack.
  *              A successful attack may result in leaking secrets or authentication bypass.
  * @kind path-problem
- * @problem.severity error
+ * @problem.severity warning
  * @precision high
  * @id java/non-constant-time-crypto-comparison
  * @tags security