lower the precision of js/unsafe-code-construction

erik-krogh · erik-krogh · commit 6f28cb92019d · 2022-02-07T13:35:29.000+01:00
diff --git a/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql b/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql
@@ -4,7 +4,7 @@
  *              user to execute arbitrary code.
  * @kind path-problem
  * @problem.severity warning
- * @precision high
+ * @precision warning
  * @id js/unsafe-code-construction
  * @tags security
  *       external/cwe/cwe-094
diff --git a/javascript/ql/src/change-notes/2022-02-04-unsafe-code-construction.md b/javascript/ql/src/change-notes/2022-02-04-unsafe-code-construction.md
@@ -1,5 +1,5 @@
 ---
 category: newQuery
 ---
-* A new query, `js/unsafe-code-construction`, has been added to the query suite,
-  highlighting libraries that may leave clients vulnerable to arbitary code execution.
+* A new query, `js/unsafe-code-construction`, has been added to the query suite, highlighting libraries that may leave clients vulnerable to arbitary code execution.
+  The query is not run by default.
