Add demo files with intentional security vulnerabilities for GitHub A… #142

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open

CalinL wants to merge 1 commit into main from feature/devsecops-demo-code04

Open

Add demo files with intentional security vulnerabilities for GitHub A… #142

Add demo files with intentional security vulnerabilities for GitHub A…

GitHub Advanced Security / CodeQL failed Feb 12, 2026 in 2s

24 new alerts including 7 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

7 high

Other Alerts:

1 warning
16 notes

See annotations below for details.

View all branch alerts.

Annotations

Check notice on line 10 in devsecops-demo/insecure-01.py

Code scanning / CodeQL

Except block handles 'BaseException' Note

Except block directly handles BaseException.

Check notice on line 10 in devsecops-demo/insecure-01.py

Code scanning / CodeQL

Empty except Note

'except' clause does nothing but pass and there is no explanatory comment.

Check notice on line 16 in devsecops-demo/insecure-01.py

Code scanning / CodeQL

Except block handles 'BaseException' Note

Except block directly handles BaseException.

Check notice on line 19 in devsecops-demo/insecure-01.py

Code scanning / CodeQL

Unused import Note

Import of 'telnetlib' is not used.

Check notice on line 20 in devsecops-demo/insecure-01.py

Code scanning / CodeQL

Unused import Note

Import of 'ftplib' is not used.

Check notice on line 2 in devsecops-demo/routes-01.py

Code scanning / CodeQL

Unused import Note

Import of 'make_response' is not used.

Check notice on line 12 in devsecops-demo/routes-01.py

Code scanning / CodeQL

Unused local variable Note

Variable read is not used.

Check failure on line 22 in src/webapp01/Pages/Privacy.cshtml.cs

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a

Check failure on line 75 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

Code scanning / CodeQL

Insecure SQL connection High

flows to this SQL connection and does not specify Encrypt=True.

Check failure on line 68 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a

Check failure on line 63 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a

Check failure on line 61 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

Code scanning / CodeQL

Denial of Service from comparison of user input against expensive regex High

This regex operation with dangerous complexity depends on a

Check failure on line 46 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a

Check failure on line 45 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a

Check warning on line 111 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

Code scanning / CodeQL

Useless assignment to local variable Warning

This assignment to

is useless, since its value is never read.

Check notice on line 19 in src/webapp01/Pages/Privacy.cshtml.cs

Code scanning / CodeQL

Inefficient use of ContainsKey Note

Inefficient use of 'ContainsKey' and

Check notice on line 8 in src/webapp01/Pages/Privacy.cshtml.cs

Code scanning / CodeQL

Missed 'readonly' opportunity Note

Field 'adminUserName' can be 'readonly'.

Check notice on line 148 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

Code scanning / CodeQL

Redundant ToString() call Note

Redundant call to 'ToString' on a String object.

Check notice on line 150 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 83 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 68 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

Code scanning / CodeQL

Redundant ToString() call Note

Redundant call to 'ToString' on a String object.

Check notice on line 69 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 55 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

Code scanning / CodeQL

Inefficient use of ContainsKey Note

Inefficient use of 'ContainsKey' and

Check notice on line 42 in src/webapp01/Pages/DevSecOps-7492.cshtml.cs

Code scanning / CodeQL

Inefficient use of ContainsKey Note

Inefficient use of 'ContainsKey' and

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add demo files with intentional security vulnerabilities for GitHub A… #142

Uh oh!

Uh oh!

Add demo files with intentional security vulnerabilities for GitHub A… #142

Uh oh!

24 new alerts including 7 high severity security vulnerabilities

New alerts in code changed by this pull request

Annotations

Re-running checks...

Add demo files with intentional security vulnerabilities for GitHub A… #142

Are you sure you want to change the base?

Uh oh!