Suppress unapplicable CodeQL AAD issues (#10701)

Azure · Jan 22, 2025 · a3d1338 · a3d1338
1 parent 4dea997
commit a3d1338
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/src/WebJobs.Script.WebHost/Security/Authentication/Jwt/ScriptJwtBearerExtensions.cs b/src/WebJobs.Script.WebHost/Security/Authentication/Jwt/ScriptJwtBearerExtensions.cs
@@ -135,6 +135,9 @@ private static IEnumerable<string> GetValidAudiences()
         public static TokenValidationParameters CreateTokenValidationParameters()
         {
             var signingKeys = SecretsUtility.GetTokenIssuerSigningKeys();
+
+            // There are two separate CodeQL alerts for the same issue. The double comment on same line is intentional.
+            // CodeQL [SM04555] this handler does not verify AAD tokens. It verifies tokens issued by the platform. // CodeQL [SM04554] this handler does not verify AAD tokens. It verifies tokens issued by the platform.
             var result = new TokenValidationParameters();
             if (signingKeys.Length > 0)
             {