From 472cca9221c027e507025998a0ba5b962ed34c8d Mon Sep 17 00:00:00 2001
From: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
Date: Fri, 21 Jun 2024 10:29:27 -0400
Subject: [PATCH] Align Java CommandInjectionRuntimeExec.ql Severity

Align severity with other command injection vulnerabilities:

- https://github.com/github/codeql/blob/4a448f445e79b9baa07a302d8062fe9f0fcb00b9/cpp/ql/src/Security/CWE/CWE-078/ExecTainted.ql#L8
- https://github.com/github/codeql/blob/4a448f445e79b9baa07a302d8062fe9f0fcb00b9/go/ql/src/Security/CWE-078/CommandInjection.ql#L7
- https://github.com/github/codeql/blob/4a448f445e79b9baa07a302d8062fe9f0fcb00b9/swift/ql/src/queries/Security/CWE-078/CommandInjection.ql#L7
- https://github.com/github/codeql/blob/4a448f445e79b9baa07a302d8062fe9f0fcb00b9/javascript/ql/src/Security/CWE-078/CommandInjection.ql#L7
---
 .../Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql b/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql
index c185a4f67da9..88733773de12 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql
@@ -3,7 +3,7 @@
  * @description High sensitvity and precision version of java/command-line-injection, designed to find more cases of command injection in rare cases that the default query does not find
  * @kind path-problem
  * @problem.severity error
- * @security-severity 6.1
+ * @security-severity 9.8
  * @precision high
  * @id java/command-line-injection-extra
  * @tags security