Merge pull request #6539 from smowton/smowton/admin/downgrade-sql-unescaped

yo-h · web-flow · commit 2b4635c4e055 · 2021-08-24T17:22:01.000-04:00
Downgrade precision of java/concatenated-sql-query
diff --git a/java/change-notes/2021-08-24-downgrade-sql-unescaped.md b/java/change-notes/2021-08-24-downgrade-sql-unescaped.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* Query `java/concatenated-sql-query` has been downgraded to medium precision in view of its heuristic nature, which is inherently prone to false positives. This means its alerts will not be visible by default on lgtm.com. Code Scanning will also no longer run the query by default. 
diff --git a/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql b/java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql
@@ -5,7 +5,7 @@
  * @kind problem
  * @problem.severity error
  * @security-severity 8.8
- * @precision high
+ * @precision medium
  * @id java/concatenated-sql-query
  * @tags security
  *       external/cwe/cwe-089

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+lgtm,codescanning`
	`2`	+* Query `java/concatenated-sql-query` has been downgraded to medium precision in view of its heuristic nature, which is inherently prone to false positives. This means its alerts will not be visible by default on lgtm.com. Code Scanning will also no longer run the query by default.