Merge pull request #908 from xiemaisi/js/enable-ms-queries

Approved by esben-semmle

Author: semmle-qlci

javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql

@@ -3,6 +3,7 @@
  * @description Directly sending file data in an outbound network request can indicate unauthorized information disclosure.
  * @kind path-problem
  * @problem.severity warning
+ * @precision medium
  * @id js/file-access-to-http
  * @tags security
  *       external/cwe/cwe-200

javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql

@@ -3,6 +3,7 @@
  * @description Writing user-controlled data directly to the file system allows arbitrary file upload and might indicate a backdoor.
  * @kind path-problem
  * @problem.severity warning
+ * @precision medium
  * @id js/http-to-file-access
  * @tags security
  *       external/cwe/cwe-912