Merge pull request #8035 from tamasvajk/feature/hardcoded-cred-medium-prec

yo-h · web-flow · commit cfcb06cad909 · 2022-02-15T08:09:27.000-05:00
C#: Downgrade hardcoded credentials queries to medium precision
diff --git a/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql b/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql
@@ -4,7 +4,7 @@
  * @kind path-problem
  * @problem.severity error
  * @security-severity 9.8
- * @precision high
+ * @precision medium
  * @id cs/hardcoded-connection-string-credentials
  * @tags security
  *       external/cwe/cwe-259
diff --git a/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql b/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql
@@ -4,7 +4,7 @@
  * @kind path-problem
  * @problem.severity error
  * @security-severity 9.8
- * @precision high
+ * @precision medium
  * @id cs/hardcoded-credentials
  * @tags security
  *       external/cwe/cwe-259
diff --git a/csharp/ql/src/change-notes/2022-02-15-hardcoded-credentials-downgrade.md b/csharp/ql/src/change-notes/2022-02-15-hardcoded-credentials-downgrade.md
@@ -0,0 +1,5 @@
+---
+category: queryMetadata
+---
+The precision of hardcoded credentials queries (`cs/hardcoded-credentials` and
+`cs/hardcoded-connection-string-credentials`) have been downgraded to medium.
