Skip to content

Sync Main (autogenerated) #302

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
dilanbhalla wants to merge 291 commits into from

Merge branch 'main' of https://github.com/microsoft/codeql into auto/…

df5467d
Select commit
Loading
Failed to load commit list.
Closed

Sync Main (autogenerated) #302

Merge branch 'main' of https://github.com/microsoft/codeql into auto/…
df5467d
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL failed Dec 10, 2025 in 4s

5 configurations not found

Warning: Code scanning may not have found all the alerts introduced by this pull request, because 5 configurations present on refs/heads/main were not found:

Actions workflow (rust-analysis.yml)

  • ❓  .github/workflows/rust-analysis.yml:analyze/language:rust

Actions workflow (csv-coverage-metrics.yml)

  • ❓  .github/workflows/csv-coverage-metrics.yml:publish-csharp
  • ❓  .github/workflows/csv-coverage-metrics.yml:publish-java

API upload

  • ❓  <default>

Actions workflow (cpp-swift-analysis.yml)

  • ❓  .github/workflows/cpp-swift-analysis.yml:CodeQL-Build

New alerts in code changed by this pull request

Security Alerts:

  • 2 high

Other Alerts:

  • 28 notes

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 4 in csharp/ql/test/query-tests/Security Features/CWE-614/InsecureCookie/SystemWeb/RequireSSLFalse/Web.config

See this annotation in the file changed.

Code scanning / CodeQL

'requireSSL' attribute is not set to true High test

The 'requireSSL' attribute is not set to 'true'.

Check failure on line 4 in csharp/ql/test/query-tests/Security Features/CWE-1004/HttpOnlyCookie/SystemWeb/HttpOnlyCookiesTrue/Web.config

See this annotation in the file changed.

Code scanning / CodeQL

'requireSSL' attribute is not set to true High test

The 'requireSSL' attribute is not set to 'true'.

Check failure on line 4 in csharp/ql/test/query-tests/Security Features/CWE-1004/HttpOnlyCookie/SystemWeb/HttpOnlyCookiesFalse/Web.config

See this annotation in the file changed.

Code scanning / CodeQL

'requireSSL' attribute is not set to true High test

The 'requireSSL' attribute is not set to 'true'.

Check failure on line 4 in csharp/ql/src/Security Features/CWE-1004/Web.config

See this annotation in the file changed.

Code scanning / CodeQL

'requireSSL' attribute is not set to true High

The 'requireSSL' attribute is not set to 'true'.

Check notice on line 220 in csharp/extractor/Semmle.Extraction.CSharp/Extractor/Analyser.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 251 in csharp/extractor/Semmle.Extraction.CSharp/Extractor/Analyser.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 189 in csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 459 in csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 507 in csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs

See this annotation in the file changed.

Code scanning / CodeQL

Missed opportunity to use Select Note

This foreach loop immediately
maps its iteration variable to another variable
Loading
- consider mapping the sequence explicitly using '.Select(...)'.

Check notice on line 669 in csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs

See this annotation in the file changed.

Code scanning / CodeQL

Call to System.IO.Path.Combine Note

Call to 'System.IO.Path.Combine'.

Check notice on line 677 in csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 124 in csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 213 in csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs

See this annotation in the file changed.

Code scanning / CodeQL

Call to System.IO.Path.Combine Note

Call to 'System.IO.Path.Combine'.

Check notice on line 380 in csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs

See this annotation in the file changed.

Code scanning / CodeQL

Call to System.IO.Path.Combine Note

Call to 'System.IO.Path.Combine'.

Check notice on line 562 in csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs

See this annotation in the file changed.

Code scanning / CodeQL

Call to System.IO.Path.Combine Note

Call to 'System.IO.Path.Combine'.

Check notice on line 568 in csharp/extractor/Semmle.Extraction.CSharp/Extractor/Extractor.cs

See this annotation in the file changed.

Code scanning / CodeQL

Call to System.IO.Path.Combine Note

Call to 'System.IO.Path.Combine'.

Check notice on line 117 in csharp/extractor/Semmle.Extraction.CSharp/Extractor/OverlayInfo.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 134 in csharp/extractor/Semmle.Extraction.CSharp/Extractor/TracingAnalyser.cs

See this annotation in the file changed.

Code scanning / CodeQL

Call to System.IO.Path.Combine Note

Call to 'System.IO.Path.Combine'.

Check notice on line 69 in csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 68 in csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs

See this annotation in the file changed.

Code scanning / CodeQL

Poor error handling: empty catch block Note

Poor error handling: empty catch block.

Check notice on line 68 in csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 155 in csharp/extractor/Semmle.Extraction.CSharp.Standalone/Extractor.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 37 in csharp/extractor/Semmle.Extraction.CSharp/Entities/ExtractionMessage.cs

See this annotation in the file changed.

Code scanning / CodeQL

Static field written by instance method Note

Write to static field from instance method, property, or constructor.

Check notice on line 112 in csharp/extractor/Semmle.Extraction.CSharp/Entities/Field.cs

See this annotation in the file changed.

Code scanning / CodeQL

Local scope variable shadows member Note

Local scope variable 'type' shadows
Field.type
Loading
.

Check notice on line 59 in csharp/extractor/Semmle.Extraction.CSharp/Entities/Parameter.cs

See this annotation in the file changed.

Code scanning / CodeQL

Nested 'if' statements can be combined Note

These 'if' statements can be combined.