From 7b6720ce2c68e2637ffbfba6971cca46acd2c45d Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Wed, 22 Oct 2025 11:30:34 +0000 Subject: [PATCH 1/4] JS: Align DOM XSS query severity with other XSS queries --- javascript/ql/src/Security/CWE-079/XssThroughDom.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/src/Security/CWE-079/XssThroughDom.ql b/javascript/ql/src/Security/CWE-079/XssThroughDom.ql index e690e2bab28e..fb8f32cbaca2 100644 --- a/javascript/ql/src/Security/CWE-079/XssThroughDom.ql +++ b/javascript/ql/src/Security/CWE-079/XssThroughDom.ql @@ -4,7 +4,7 @@ * can lead to a cross-site scripting vulnerability. * @kind path-problem * @problem.severity warning - * @security-severity 6.1 + * @security-severity 7.8 * @precision high * @id js/xss-through-dom * @tags security From fa471740138190d4ea96b4bcba6690a6ec5c3ac5 Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Wed, 22 Oct 2025 11:32:33 +0000 Subject: [PATCH 2/4] CWE-020: Lower security-severity for OverlyLargeRange queries to 4.0 --- java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql | 2 +- javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql | 2 +- python/ql/src/Security/CWE-020/OverlyLargeRange.ql | 2 +- ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.ql | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql b/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql index b8ea3e52dbd0..5762785949ef 100644 --- a/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql +++ b/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql @@ -4,7 +4,7 @@ * This may allow an attacker to bypass a filter or sanitizer. * @kind problem * @problem.severity warning - * @security-severity 5.0 + * @security-severity 4.0 * @precision high * @id java/overly-large-range * @tags correctness diff --git a/javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql b/javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql index 582a8975c8f8..c5435e347583 100644 --- a/javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql +++ b/javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql @@ -4,7 +4,7 @@ * This may allow an attacker to bypass a filter or sanitizer. * @kind problem * @problem.severity warning - * @security-severity 5.0 + * @security-severity 4.0 * @precision high * @id js/overly-large-range * @tags correctness diff --git a/python/ql/src/Security/CWE-020/OverlyLargeRange.ql b/python/ql/src/Security/CWE-020/OverlyLargeRange.ql index 25acc667430f..94bc74238bcb 100644 --- a/python/ql/src/Security/CWE-020/OverlyLargeRange.ql +++ b/python/ql/src/Security/CWE-020/OverlyLargeRange.ql @@ -4,7 +4,7 @@ * This may allow an attacker to bypass a filter or sanitizer. * @kind problem * @problem.severity warning - * @security-severity 5.0 + * @security-severity 4.0 * @precision high * @id py/overly-large-range * @tags correctness diff --git a/ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.ql b/ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.ql index 62b088355b54..6f0f529a31dd 100644 --- a/ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.ql +++ b/ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.ql @@ -4,7 +4,7 @@ * This may allow an attacker to bypass a filter or sanitizer. * @kind problem * @problem.severity warning - * @security-severity 5.0 + * @security-severity 4.0 * @precision high * @id rb/overly-large-range * @tags correctness From 91b0aaa631216f4f5a39b7dee7e53f20f3fc2539 Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Wed, 22 Oct 2025 11:33:23 +0000 Subject: [PATCH 3/4] Java: Lower security-severity for Insecure Cookie query to 4.0 --- java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql b/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql index b8d64d22e295..44107281feba 100644 --- a/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql +++ b/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql @@ -4,7 +4,7 @@ * interception. * @kind problem * @problem.severity error - * @security-severity 5.0 + * @security-severity 4.0 * @precision high * @id java/insecure-cookie * @tags security From 9c70ae04fbb111b64a950c64778f73ec6d02ce80 Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Wed, 22 Oct 2025 11:48:16 +0000 Subject: [PATCH 4/4] Add change note --- java/ql/src/change-notes/2025-10-22-adjust-query-severity.md | 5 +++++ .../ql/src/change-notes/2025-10-22-adjust-query-severity.md | 5 +++++ .../ql/src/change-notes/2025-10-22-adjust-query-severity.md | 4 ++++ ruby/ql/src/change-notes/2025-10-22-adjust-query-severity.md | 4 ++++ 4 files changed, 18 insertions(+) create mode 100644 java/ql/src/change-notes/2025-10-22-adjust-query-severity.md create mode 100644 javascript/ql/src/change-notes/2025-10-22-adjust-query-severity.md create mode 100644 python/ql/src/change-notes/2025-10-22-adjust-query-severity.md create mode 100644 ruby/ql/src/change-notes/2025-10-22-adjust-query-severity.md diff --git a/java/ql/src/change-notes/2025-10-22-adjust-query-severity.md b/java/ql/src/change-notes/2025-10-22-adjust-query-severity.md new file mode 100644 index 000000000000..61cc9402a786 --- /dev/null +++ b/java/ql/src/change-notes/2025-10-22-adjust-query-severity.md @@ -0,0 +1,5 @@ +--- +category: queryMetadata +--- +* Reduced the `security-severity` score of the `java/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. +* Reduced the `security-severity` score of the `java/insecure-cookie` query from 5.0 to 4.0 to better reflect its impact. \ No newline at end of file diff --git a/javascript/ql/src/change-notes/2025-10-22-adjust-query-severity.md b/javascript/ql/src/change-notes/2025-10-22-adjust-query-severity.md new file mode 100644 index 000000000000..ca81037f44bc --- /dev/null +++ b/javascript/ql/src/change-notes/2025-10-22-adjust-query-severity.md @@ -0,0 +1,5 @@ +--- +category: queryMetadata +--- +* Increased the `security-severity` score of the `js/xss-through-dom` query from 6.1 to 7.8 to align with other XSS queries. +* Reduced the `security-severity` score of the `js/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. \ No newline at end of file diff --git a/python/ql/src/change-notes/2025-10-22-adjust-query-severity.md b/python/ql/src/change-notes/2025-10-22-adjust-query-severity.md new file mode 100644 index 000000000000..bc314358a6f8 --- /dev/null +++ b/python/ql/src/change-notes/2025-10-22-adjust-query-severity.md @@ -0,0 +1,4 @@ +--- +category: queryMetadata +--- +* Reduced the `security-severity` score of the `py/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. \ No newline at end of file diff --git a/ruby/ql/src/change-notes/2025-10-22-adjust-query-severity.md b/ruby/ql/src/change-notes/2025-10-22-adjust-query-severity.md new file mode 100644 index 000000000000..4da73769e279 --- /dev/null +++ b/ruby/ql/src/change-notes/2025-10-22-adjust-query-severity.md @@ -0,0 +1,4 @@ +--- +category: queryMetadata +--- +* Reduced the `security-severity` score of the `rb/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. \ No newline at end of file