Merge pull request #8459 from erik-krogh/addSeverities

JS: add missing @security-severity to JS queries
2026-04-30 11:15:13 +02:00 · 2022-03-16 12:03:19 +01:00
parent 82ef2a12f6 d47b0a68e7
commit f53df255b9
3 changed files with 6 additions and 1 deletions
--- a/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql
+++ b/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql
@@ -4,6 +4,7 @@
 *              user to execute arbitrary code.
 * @kind path-problem
 * @problem.severity warning
+ * @security-severity 6.1
 * @precision medium
 * @id js/unsafe-code-construction
 * @tags security
--- a/javascript/ql/src/Security/CWE-347/MissingJWTKeyVerification.ql
+++ b/javascript/ql/src/Security/CWE-347/MissingJWTKeyVerification.ql
@@ -3,6 +3,7 @@
 * @description The application does not verify the JWT payload with a cryptographic secret or public key.
 * @kind problem
 * @problem.severity warning
+ * @security-severity 7.0
 * @precision high
 * @id js/jwt-missing-verification
 * @tags security