JS: Update CWE tags and severity score of code injection query

asgerf · asgerf · commit 3a20ca96c4e3 · 2021-10-05T10:12:19.000+02:00
The derived security-severity score of the JS code injection query
was much lower than for other languages (6.1 versus 9.3), possibly due
some differences in CWE tags, such as the inclusion of CWE-079.

We also add the more specific CWE-095 ("eval injection") for consistency
with other languages. It is a child of CWE-094 ("code injection") which
was already tagged.
diff --git a/javascript/ql/src/Security/CWE-094/CodeInjection.ql b/javascript/ql/src/Security/CWE-094/CodeInjection.ql
@@ -4,11 +4,12 @@
  *              code execution.
  * @kind path-problem
  * @problem.severity error
- * @security-severity 6.1
+ * @security-severity 9.3
  * @precision high
  * @id js/code-injection
  * @tags security
  *       external/cwe/cwe-094
+ *       external/cwe/cwe-095
  *       external/cwe/cwe-079
  *       external/cwe/cwe-116
  */
