Update ExecUnescaped.ql - causing FPs with hard coded strings

This query is generating False positives with hard coded strings declared within the function - issue reported by customer. We had a discussion on code_scanning channel on 6/5/25 and the team agreed upon reducing its precision to Medium.
2026-02-26 11:53:42 +01:00 · 2025-06-10 16:06:22 -07:00
parent d659d40d58
commit 857b51be58
1 changed files with 1 additions and 1 deletions
--- a/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
+++ b/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
@@ -5,7 +5,7 @@
 * @kind problem
 * @problem.severity error
 * @security-severity 9.8
- * @precision high
+ * @precision medium
 * @id java/concatenated-command-line
 * @tags security
 *       external/cwe/cwe-078