hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19738 from owen-mc/pr/felickz/19530

Browse Source 
Set CWE-134 from 9.3 to 7.3 CVSS score for memory safe languages (#2)
This commit is contained in:
Owen Mansel-Chan
2025-06-12 10:27:28 +01:00
committed by GitHub
parent d667f7d411 0135cf661f
commit 538a5af1d1
6 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql
View File

@@ -4,7 +4,7 @@
* and cause a denial of service.
* @kind path-problem
* @problem.severity error
* @security-severity 9.3
* @security-severity 7.3
* @precision high
* @id cs/uncontrolled-format-string
* @tags security

4
csharp/ql/src/change-notes/2025-06-06-reduce-CWE-134-for-memory-safe-languages.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: queryMetadata
---
* Adjusts the `@security-severity` from 9.3 to 7.3 for `cs/uncontrolled-format-string` to align `CWE-134` severity for memory safe languages to better reflect their impact.

2
java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
View File

@@ -3,7 +3,7 @@
* @description Using external input in format strings can lead to exceptions or information leaks.
* @kind path-problem
* @problem.severity error
* @security-severity 9.3
* @security-severity 7.3
* @precision high
* @id java/tainted-format-string
* @tags security

4
java/ql/src/change-notes/2025-06-06-reduce-CWE-134-for-memory-safe-languages.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: queryMetadata
---
* Adjusts the `@security-severity` from 9.3 to 7.3 for `java/tainted-format-string` to align `CWE-134` severity for memory safe languages to better reflect their impact.

4
swift/ql/src/change-notes/2025-06-06-reduce-CWE-134-for-memory-safe-languages.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: queryMetadata
---
* Adjusts the `@security-severity` from 9.3 to 7.3 for `swift/uncontrolled-format-string` to align `CWE-134` severity for memory safe languages to better reflect their impact.

2
swift/ql/src/queries/Security/CWE-134/UncontrolledFormatString.ql
View File

@@ -3,7 +3,7 @@
* @description Using external input in format strings can lead to exceptions or information leaks.
* @kind path-problem
* @problem.severity error
* @security-severity 9.3
* @security-severity 7.3
* @precision high
* @id swift/uncontrolled-format-string
* @tags security