Merge pull request #3386 from semgrep/merge-develop-to-release

Merge Develop into Release
semgrep · May 20, 2024 · dab80bc · dab80bc
2 parents dd88a4b + e1eabc6
commit dab80bc
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/yaml/openapi/security/api-key-in-query-parameter.yaml b/yaml/openapi/security/api-key-in-query-parameter.yaml
@@ -6,7 +6,7 @@ rules:
       API keys should not be passed as query parameters in security schemes. 
       Pass the API key in the header or body.
       If using a query parameter is necessary, ensure that the API key is tightly scoped and short lived.
-    severity: ERROR
+    severity: WARNING
     patterns:
     - pattern-inside: |
         openapi: $VERSION
@@ -33,7 +33,7 @@ rules:
         - openapi
       likelihood: MEDIUM
       impact: HIGH
-      confidence: HIGH
+      confidence: LOW
       cwe: 'CWE-598: Use of GET Request Method With Sensitive Query Strings'
       owasp: 
         - 'A04:2021 Insecure Design'