Add change note + update severity

2026-04-21 23:14:03 +02:00 · 2024-02-12 14:01:27 +00:00
parent 16a7d68780
commit 3a4a841844
2 changed files with 5 additions and 1 deletions
--- a/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql
+++ b/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql
@@ -3,7 +3,7 @@
 * @description Keys used for local biometric authentication should be generated with secure parameters.
 * @kind problem
 * @problem.severity warning
- * @security-severity 9.3
+ * @security-severity 4.4
 * @precision medium
 * @id java/android/insecure-local-key-gen
 * @tags security
--- a/java/ql/src/change-notes/2024-02-12-android-insecure-keys.md
+++ b/java/ql/src/change-notes/2024-02-12-android-insecure-keys.md
@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* Added a new query `java/android/insecure-local-key-gen` for finding instances of keys generated for biometric authentication in an insecure way.