forked from microsoft/chat-copilot
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix C# CodeQL alerts + add JS/TS to CodeQL (microsoft#139)
### Motivation and Context <!-- Thank you for your contribution to the copilot-chat repo! Please help reviewers and future users, providing the following information: 1. Why is this change required? 2. What problem does it solve? 3. What scenario does it contribute to? 4. If it fixes an open issue, please link to the issue here. --> - changes the fix for the C# CodeQL alerts to be closer to the recommended solution since the code is still being flagged: https://github.com/microsoft/chat-copilot/security/code-scanning/7 my guess is that the alerts are still firing because the tool sees the input variable (`memoryName`) used on the same line as `LogWarning()` with no explicit call to `.Replace()`: <img width="613" alt="image" src="https://github.com/microsoft/chat-copilot/assets/52973358/b9966d06-5516-40c1-83d0-531073ef7fb3"> - updates the CodeQL config to also run on JS/TS files as well, which finds 2 alerts in the tests: https://github.com/dehoward/chat-copilot/security/code-scanning/6 ### Description <!-- Describe your changes, the overall approach, the underlying design. These notes will help understanding how your code works. Thanks! --> ### Contribution Checklist <!-- Before submitting this PR, please make sure: --> - [x] The code builds clean without any errors or warnings - [x] The PR follows the [Contribution Guidelines](https://github.com/microsoft/copilot-chat/blob/main/CONTRIBUTING.md) and the [pre-submission formatting script](https://github.com/microsoft/copilot-chat/blob/main/CONTRIBUTING.md#development-scripts) raises no violations - [x] All unit tests pass, and I have added new tests where possible - [x] I didn't break anyone 😄
- Loading branch information
Showing
3 changed files
with
45 additions
and
54 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters