Merge pull request github#6297 from aschackmull/java/query-metadata4

smowton · web-flow · commit 712b0d866edd · 2021-07-15T14:32:47.000+01:00
Java: More missing metadata.
diff --git a/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql b/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql
@@ -3,6 +3,8 @@
  * @description Sensitive cookies without the 'HttpOnly' flag set leaves session cookies vulnerable to
  *              an XSS attack.
  * @kind path-problem
+ * @problem.severity warning
+ * @precision medium
  * @id java/sensitive-cookie-not-httponly
  * @tags security
  *       external/cwe/cwe-1004
