Add security severity + fix qhelp

github · Nov 21, 2024 · 9ef3cd1 · 9ef3cd1
1 parent 1a0a392
commit 9ef3cd1
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/python/ql/src/Security/CWE-074/TemplateInjection.qhelp b/python/ql/src/Security/CWE-074/TemplateInjection.qhelp
@@ -12,7 +12,7 @@
         </p>
     </recommendation>
     <example>
-        <p>In the following case <code>template<code> is used to generate a Jinja2 template string. This can lead to remote code execution. </p>
+        <p>In the following case, <code>template</code> is used to generate a Jinja2 template string. This can lead to remote code execution. </p>
         <sample src="examples/JinjaBad.py" />
 
         <p>The following is an example of a string that could be used to cause remote code execution when interpreted as a template:</p>

diff --git a/python/ql/src/Security/CWE-074/TemplateInjection.ql b/python/ql/src/Security/CWE-074/TemplateInjection.ql
@@ -4,6 +4,7 @@
  * @kind path-problem
  * @problem.severity error
  * @precision high
+ * @security-severity 9.3
  * @id py/template-injection
  * @tags security
  *       external/cwe/cwe-074