From 0f963216822d9fe502bfead9e6e502a12bc10628 Mon Sep 17 00:00:00 2001
From: Dave Wichers <dave.wichers@owasp.org>
Date: Tue, 26 Mar 2024 15:06:45 -0400
Subject: [PATCH] Minor tweak to CodeQL parser for scanning NodeJS.

---
 .../org/owasp/benchmarkutils/score/parsers/CodeQLReader.java   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/CodeQLReader.java b/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/CodeQLReader.java
index 75771546..e52bf925 100644
--- a/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/CodeQLReader.java
+++ b/plugin/src/main/java/org/owasp/benchmarkutils/score/parsers/CodeQLReader.java
@@ -236,6 +236,9 @@ private int mapCWE(String ruleName, Integer cweNumber) {
                 return cweNumber.intValue(); // Return CWE as is
 
                 // These rules we care about, but have to map to the CWE we expect
+            case 94: // js/unsafe-dynamic-method-access & others - This mapping improves the tool's
+                // score
+                return 78; // Command Injection
             case 335: // java/predictable-seed - This mapping improves the tool's score
                 return 330; // Weak Random