Merge pull request #20671 from github/napalys/adjust_query_severity

Adjust query severity ratings

Author: Napalys

java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql

@@ -4,7 +4,7 @@
  *              This may allow an attacker to bypass a filter or sanitizer.
  * @kind problem
  * @problem.severity warning
- * @security-severity 5.0
+ * @security-severity 4.0
  * @precision high
  * @id java/overly-large-range
  * @tags correctness

java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql

@@ -4,7 +4,7 @@
  *              interception.
  * @kind problem
  * @problem.severity error
- * @security-severity 5.0
+ * @security-severity 4.0
  * @precision high
  * @id java/insecure-cookie
  * @tags security

java/ql/src/change-notes/2025-10-22-adjust-query-severity.md

@@ -0,0 +1,5 @@
+---
+category: queryMetadata
+---
+* Reduced the `security-severity` score of the `java/overly-large-range` query from 5.0 to 4.0 to better reflect its impact.
+* Reduced the `security-severity` score of the `java/insecure-cookie` query from 5.0 to 4.0 to better reflect its impact.

javascript/ql/src/Security/CWE-020/OverlyLargeRange.ql

@@ -4,7 +4,7 @@
  *              This may allow an attacker to bypass a filter or sanitizer.
  * @kind problem
  * @problem.severity warning
- * @security-severity 5.0
+ * @security-severity 4.0
  * @precision high
  * @id js/overly-large-range
  * @tags correctness

javascript/ql/src/Security/CWE-079/XssThroughDom.ql

@@ -4,7 +4,7 @@
  *              can lead to a cross-site scripting vulnerability.
  * @kind path-problem
  * @problem.severity warning
- * @security-severity 6.1
+ * @security-severity 7.8
  * @precision high
  * @id js/xss-through-dom
  * @tags security

javascript/ql/src/change-notes/2025-10-22-adjust-query-severity.md

@@ -0,0 +1,5 @@
+---
+category: queryMetadata
+---
+* Increased the `security-severity` score of the `js/xss-through-dom` query from 6.1 to 7.8 to align with other XSS queries.
+* Reduced the `security-severity` score of the `js/overly-large-range` query from 5.0 to 4.0 to better reflect its impact.

python/ql/src/Security/CWE-020/OverlyLargeRange.ql

@@ -4,7 +4,7 @@
  *              This may allow an attacker to bypass a filter or sanitizer.
  * @kind problem
  * @problem.severity warning
- * @security-severity 5.0
+ * @security-severity 4.0
  * @precision high
  * @id py/overly-large-range
  * @tags correctness

python/ql/src/change-notes/2025-10-22-adjust-query-severity.md

@@ -0,0 +1,4 @@
+---
+category: queryMetadata
+---
+* Reduced the `security-severity` score of the `py/overly-large-range` query from 5.0 to 4.0 to better reflect its impact.

ruby/ql/src/change-notes/2025-10-22-adjust-query-severity.md

@@ -0,0 +1,4 @@
+---
+category: queryMetadata
+---
+* Reduced the `security-severity` score of the `rb/overly-large-range` query from 5.0 to 4.0 to better reflect its impact. 

ruby/ql/src/queries/security/cwe-020/OverlyLargeRange.ql

@@ -4,7 +4,7 @@
  *              This may allow an attacker to bypass a filter or sanitizer.
  * @kind problem
  * @problem.severity warning
- * @security-severity 5.0
+ * @security-severity 4.0
  * @precision high
  * @id rb/overly-large-range
  * @tags correctness