Add security severity + fix qhelp

2026-04-25 08:45:14 +02:00 · 2024-11-21 16:59:12 +00:00
parent 02f395f5f8
commit e4e02ec674
2 changed files with 2 additions and 1 deletions
--- a/python/ql/src/Security/CWE-074/TemplateInjection.qhelp
+++ b/python/ql/src/Security/CWE-074/TemplateInjection.qhelp
@@ -12,7 +12,7 @@
        </p>
    </recommendation>
    <example>
-        <p>In the following case <code>template<code> is used to generate a Jinja2 template string. This can lead to remote code execution. </p>
+        <p>In the following case, <code>template</code> is used to generate a Jinja2 template string. This can lead to remote code execution. </p>
        <sample src="examples/JinjaBad.py" />

        <p>The following is an example of a string that could be used to cause remote code execution when interpreted as a template:</p>
--- a/python/ql/src/Security/CWE-074/TemplateInjection.ql
+++ b/python/ql/src/Security/CWE-074/TemplateInjection.ql
@@ -4,6 +4,7 @@
 * @kind path-problem
 * @problem.severity error
 * @precision high
+ * @security-severity 9.3
 * @id py/template-injection
 * @tags security
 *       external/cwe/cwe-074