Merge pull request #234 from github/calumgrant/security-severities

Add security-severity metadata

ql/src/queries/security/cwe-089/SqlInjection.ql

@@ -4,6 +4,7 @@
  *              malicious SQL code by the user.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 8.8
  * @precision high
  * @id rb/sql-injection
  * @tags security

ql/src/queries/security/cwe-1333/ReDoS.ql

@@ -5,6 +5,7 @@
  *              attacks.
  * @kind problem
  * @problem.severity error
+ * @security-severity 7.5
  * @precision high
  * @id rb/redos
  * @tags security

ql/src/queries/security/cwe-732/WeakFilePermissions.ql

@@ -3,6 +3,7 @@
  * @description Allowing files to be readable or writable by users other than the owner may allow sensitive information to be accessed.
  * @kind path-problem
  * @problem.severity warning
+ * @security-severity 7.8
  * @id rb/overly-permissive-file
  * @tags external/cwe/cwe-732
  *       security

ql/src/queries/security/cwe-798/HardcodedCredentials.ql

@@ -3,6 +3,7 @@
  * @description Credentials are hard coded in the source code of the application.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 9.8
  * @precision high
  * @id rb/hardcoded-credentials
  * @tags security