hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add security-severity metadata

Browse Source
This commit is contained in:
Calum Grant
2021-05-24 17:16:22 +01:00
parent e7b9603c5b
commit a594afb828
352 changed files with 364 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
javascript/ql/src/Electron/AllowRunningInsecureContent.ql
View File

@@ -3,9 +3,11 @@
* @description Enabling allowRunningInsecureContent can allow remote code execution.
* @kind problem
* @problem.severity error
* @security-severity 5.9
* @precision very-high
* @tags security
* frameworks/electron
* external/cwe/cwe-494
* @id js/enabling-electron-insecure-content
*/

2
javascript/ql/src/Electron/DisablingWebSecurity.ql
View File

@@ -3,9 +3,11 @@
* @description Disabling webSecurity can cause critical security vulnerabilities.
* @kind problem
* @problem.severity error
* @security-severity 2.9
* @precision very-high
* @tags security
* frameworks/electron
* external/cwe/cwe-79
* @id js/disabling-electron-websecurity
*/

1
javascript/ql/src/Electron/EnablingNodeIntegration.ql
View File

@@ -3,6 +3,7 @@
* @description Enabling `nodeIntegration` or `nodeIntegrationInWorker` can expose the application to remote code execution.
* @kind problem
* @problem.severity warning
* @security-severity 10.0
* @precision low
* @id js/enabling-electron-renderer-node-integration
* @tags security