Go: add CWE tag and @security-severity tag to go/insecure-hostkeycallback

erik-krogh · erik-krogh · commit 33ba01927f4e · 2022-08-29T13:10:23.000+02:00
diff --git a/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql b/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql
@@ -3,9 +3,11 @@
  * @description Detects insecure SSL client configurations with an implementation of the `HostKeyCallback` that accepts all host keys.
  * @kind path-problem
  * @problem.severity warning
+ * @security-severity 8.2
  * @precision high
  * @id go/insecure-hostkeycallback
  * @tags security
+ *       external/cwe/cwe-322
  */
 
 import go
