Merge pull request #20671 from github/napalys/adjust_query_severity

Adjust query severity ratings
2025-12-16 16:53:25 +01:00 · 2025-11-11 12:37:31 +01:00
parent 8624f9c660 9c70ae04fb
commit d122534398
10 changed files with 24 additions and 6 deletions
--- a/ruby/ql/src/change-notes/2025-10-22-adjust-query-severity.md
+++ b/ruby/ql/src/change-notes/2025-10-22-adjust-query-severity.md
@@ -0,0 +1,4 @@
+---
+category: queryMetadata
+---
+* Reduced the `security-severity` score of the `rb/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. 
--- a/ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.ql
+++ b/ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.ql
@@ -4,7 +4,7 @@
 *              This may allow an attacker to bypass a filter or sanitizer.
 * @kind problem
 * @problem.severity warning
- * @security-severity 5.0
+ * @security-severity 4.0
 * @precision high
 * @id rb/overly-large-range
 * @tags correctness