Skip to content

Commit 447a1db

Browse files
author
Max Schaefer
committed
JavaScript: Assign FileAccessToHttp and HttpToFileAccess a precision.
They will now be run on LGTM, but their results won't be displayed by default.
1 parent 6243c72 commit 447a1db

File tree

2 files changed

+2
-0
lines changed

2 files changed

+2
-0
lines changed

javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
* @description Directly sending file data in an outbound network request can indicate unauthorized information disclosure.
44
* @kind path-problem
55
* @problem.severity warning
6+
* @precision medium
67
* @id js/file-access-to-http
78
* @tags security
89
* external/cwe/cwe-200

javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
* @description Writing user-controlled data directly to the file system allows arbitrary file upload and might indicate a backdoor.
44
* @kind path-problem
55
* @problem.severity warning
6+
* @precision medium
67
* @id js/http-to-file-access
78
* @tags security
89
* external/cwe/cwe-912

0 commit comments

Comments
 (0)