Update ExecUnescaped.ql - causing FPs with hard coded strings

apsscolari · web-flow · commit 857b51be5895 · 2025-06-10T16:06:22.000-07:00
This query is generating False positives with hard coded strings declared within the function - issue reported by customer. We had a discussion on code_scanning channel on 6/5/25 and the team agreed upon reducing its precision to Medium.
diff --git a/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql b/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
@@ -5,7 +5,7 @@
  * @kind problem
  * @problem.severity error
  * @security-severity 9.8
- * @precision high
+ * @precision medium
  * @id java/concatenated-command-line
  * @tags security
  *       external/cwe/cwe-078
