Merge pull request #234 from github/calumgrant/security-severities

calumgrant · web-flow · commit 8d71d09b9404 · 2021-07-16T15:40:03.000+01:00
Add security-severity metadata
diff --git a/ql/src/queries/security/cwe-089/SqlInjection.ql b/ql/src/queries/security/cwe-089/SqlInjection.ql
@@ -4,6 +4,7 @@
  *              malicious SQL code by the user.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 8.8
  * @precision high
  * @id rb/sql-injection
  * @tags security
diff --git a/ql/src/queries/security/cwe-1333/ReDoS.ql b/ql/src/queries/security/cwe-1333/ReDoS.ql
@@ -5,6 +5,7 @@
  *              attacks.
  * @kind problem
  * @problem.severity error
+ * @security-severity 7.5
  * @precision high
  * @id rb/redos
  * @tags security
diff --git a/ql/src/queries/security/cwe-732/WeakFilePermissions.ql b/ql/src/queries/security/cwe-732/WeakFilePermissions.ql
@@ -3,6 +3,7 @@
  * @description Allowing files to be readable or writable by users other than the owner may allow sensitive information to be accessed.
  * @kind path-problem
  * @problem.severity warning
+ * @security-severity 7.8
  * @id rb/overly-permissive-file
  * @tags external/cwe/cwe-732
  *       security
diff --git a/ql/src/queries/security/cwe-798/HardcodedCredentials.ql b/ql/src/queries/security/cwe-798/HardcodedCredentials.ql
@@ -3,6 +3,7 @@
  * @description Credentials are hard coded in the source code of the application.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 9.8
  * @precision high
  * @id rb/hardcoded-credentials
  * @tags security
