Merge pull request #15720 from RasmusWL/nosql-precision

yoff · web-flow · commit 00e77a3ddbe5 · 2024-03-04T14:44:46.000+01:00
Python: Add precision to NoSQL query
diff --git a/python/ql/src/Security/CWE-943/NoSqlInjection.ql b/python/ql/src/Security/CWE-943/NoSqlInjection.ql
@@ -3,6 +3,7 @@
  * @description Building a NoSQL query from user-controlled sources is vulnerable to insertion of
  *              malicious NoSQL code by the user.
  * @kind path-problem
+ * @precision high
  * @problem.severity error
  * @security-severity 8.8
  * @id py/nosql-injection
diff --git a/python/ql/src/change-notes/2024-03-04-nosql-injection.md b/python/ql/src/change-notes/2024-03-04-nosql-injection.md
@@ -0,0 +1,4 @@
+---
+category: newQuery
+---
+* The query `py/nosql-injection` for finding NoSQL injection vulnerabilities is now part of the default security suite.

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: newQuery
 +---
 +* The query `py/nosql-injection` for finding NoSQL injection vulnerabilities is now part of the default security suite.