From 447a1db616c00dd6ce072473195c7e5ae5bca9b8 Mon Sep 17 00:00:00 2001
From: Max Schaefer <max@semmle.com>
Date: Thu, 7 Feb 2019 09:48:05 +0000
Subject: [PATCH] JavaScript: Assign `FileAccessToHttp` and `HttpToFileAccess`
 a precision.

They will now be run on LGTM, but their results won't be displayed by default.
---
 javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql | 1 +
 javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql | 1 +
 2 files changed, 2 insertions(+)

diff --git a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql
index b116af31c4c1..0d8b39e4aca8 100644
--- a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql
+++ b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql
@@ -3,6 +3,7 @@
  * @description Directly sending file data in an outbound network request can indicate unauthorized information disclosure.
  * @kind path-problem
  * @problem.severity warning
+ * @precision medium
  * @id js/file-access-to-http
  * @tags security
  *       external/cwe/cwe-200
diff --git a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
index 8b374e5bea42..c592eaf3e304 100644
--- a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
+++ b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql
@@ -3,6 +3,7 @@
  * @description Writing user-controlled data directly to the file system allows arbitrary file upload and might indicate a backdoor.
  * @kind path-problem
  * @problem.severity warning
+ * @precision medium
  * @id js/http-to-file-access
  * @tags security
  *       external/cwe/cwe-912