add missing severities to JS queries

erik-krogh · erik-krogh · commit 2442beaf9a12 · 2022-03-16T10:40:34.000+01:00
diff --git a/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql b/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql
@@ -4,6 +4,7 @@
  *              user to execute arbitrary code.
  * @kind path-problem
  * @problem.severity warning
+ * @security-severity 6.1
  * @precision medium
  * @id js/unsafe-code-construction
  * @tags security
diff --git a/javascript/ql/src/Security/CWE-347/MissingJWTKeyVerification.ql b/javascript/ql/src/Security/CWE-347/MissingJWTKeyVerification.ql
@@ -3,6 +3,7 @@
  * @description The application does not verify the JWT payload with a cryptographic secret or public key.
  * @kind problem
  * @problem.severity warning
+ * @security-severity 7.0
  * @precision high
  * @id js/jwt-missing-verification
  * @tags security
