lower the precision of js/unsafe-code-construction

2026-05-03 04:39:29 +02:00 · 2022-02-07 13:35:29 +01:00
parent 06f9924194
commit 6f28cb9201
2 changed files with 3 additions and 3 deletions
--- a/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql
+++ b/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql
@@ -4,7 +4,7 @@
 *              user to execute arbitrary code.
 * @kind path-problem
 * @problem.severity warning
- * @precision high
+ * @precision warning
 * @id js/unsafe-code-construction
 * @tags security
 *       external/cwe/cwe-094
--- a/javascript/ql/src/change-notes/2022-02-04-unsafe-code-construction.md
+++ b/javascript/ql/src/change-notes/2022-02-04-unsafe-code-construction.md
@@ -1,5 +1,5 @@
 ---
 category: newQuery
 ---
-* A new query, `js/unsafe-code-construction`, has been added to the query suite,
-  highlighting libraries that may leave clients vulnerable to arbitary code execution.
+* A new query, `js/unsafe-code-construction`, has been added to the query suite, highlighting libraries that may leave clients vulnerable to arbitary code execution.
+  The query is not run by default.