JavaScript: Assign FileAccessToHttp and HttpToFileAccess a precision.

They will now be run on LGTM, but their results won't be displayed by default.
2026-04-26 17:25:19 +02:00 · 2019-02-07 09:48:05 +00:00
parent 6243c722c6
commit 447a1db616
2 changed files with 2 additions and 0 deletions
--- a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql
+++ b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql
@@ -3,6 +3,7 @@
 * @description Directly sending file data in an outbound network request can indicate unauthorized information disclosure.
 * @kind path-problem
 * @problem.severity warning
+ * @precision medium
 * @id js/file-access-to-http
 * @tags security
 *       external/cwe/cwe-200
--- a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
+++ b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
@@ -3,6 +3,7 @@
 * @description Writing user-controlled data directly to the file system allows arbitrary file upload and might indicate a backdoor.
 * @kind path-problem
 * @problem.severity warning
+ * @precision medium
 * @id js/http-to-file-access
 * @tags security
 *       external/cwe/cwe-912