Skip to content

DevSecOps Demo 7492: GHAS Features Showcase #133

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
CalinL wants to merge 1 commit into
base: main
Choose a base branch
from

feat: Add DevSecOps-7492 demo page with intentional vulnerabilities

ff33c96
Select commit
Loading
Failed to load commit list.
Open

DevSecOps Demo 7492: GHAS Features Showcase #133

feat: Add DevSecOps-7492 demo page with intentional vulnerabilities
ff33c96
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL failed Feb 7, 2026 in 2s

14 new alerts including 6 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 6 high

Other Alerts:

  • 1 warning
  • 7 notes

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 45 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a
user-provided value
Loading
.

Check failure on line 46 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a
user-provided value
Loading
.

Check failure on line 61 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Denial of Service from comparison of user input against expensive regex High

This regex operation with dangerous complexity depends on a
user-provided value
Loading
.

Check failure on line 63 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a
user-provided value
Loading
.

Check failure on line 68 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a
user-provided value
Loading
.

Check failure on line 75 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Insecure SQL connection High

Connection string
Loading
flows to this SQL connection and does not specify Encrypt=True.

Check warning on line 111 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Useless assignment to local variable Warning

This assignment to
deserializedNews
Loading
is useless, since its value is never read.

Check notice on line 42 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Inefficient use of ContainsKey Note

Inefficient use of 'ContainsKey' and
indexer
Loading
.

Check notice on line 55 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Inefficient use of ContainsKey Note

Inefficient use of 'ContainsKey' and
indexer
Loading
.

Check notice on line 69 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 68 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Redundant ToString() call Note

Redundant call to 'ToString' on a String object.

Check notice on line 83 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 150 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 148 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Redundant ToString() call Note

Redundant call to 'ToString' on a String object.