Skip to content

feat: Add DevSecOps demo page with GHAS features and intentional vulnerabilities #74

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
CalinL merged 1 commit into from
May 29, 2025

feat: Add DevSecOps demo page with GHAS features and intentional vuln…

67536eb
Select commit
Loading
Failed to load commit list.
Merged

feat: Add DevSecOps demo page with GHAS features and intentional vulnerabilities #74

feat: Add DevSecOps demo page with GHAS features and intentional vuln…
67536eb
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL failed May 29, 2025 in 2s

10 new alerts including 4 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 4 high

Other Alerts:

  • 1 warning
  • 5 notes

See annotations below for details.

View all branch alerts.

Annotations

Check notice on line 28 in src/webapp01/Pages/DevSecOps.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Inefficient use of ContainsKey Note

Inefficient use of 'ContainsKey' and
indexer
Loading
.

Check failure on line 29 in src/webapp01/Pages/DevSecOps.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a
user-provided value
Loading
.

Check notice on line 35 in src/webapp01/Pages/DevSecOps.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Inefficient use of ContainsKey Note

Inefficient use of 'ContainsKey' and
indexer
Loading
.

Check failure on line 38 in src/webapp01/Pages/DevSecOps.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Denial of Service from comparison of user input against expensive regex High

This regex operation with dangerous complexity depends on a
user-provided value
Loading
.

Check failure on line 39 in src/webapp01/Pages/DevSecOps.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a
user-provided value
Loading
.

Check notice on line 45 in src/webapp01/Pages/DevSecOps.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check failure on line 44 in src/webapp01/Pages/DevSecOps.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a
user-provided value
Loading
.

Check notice on line 57 in src/webapp01/Pages/DevSecOps.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check warning on line 76 in src/webapp01/Pages/DevSecOps.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Useless assignment to local variable Warning

This assignment to
deserializedData
Loading
is useless, since its value is never read.

Check notice on line 100 in src/webapp01/Pages/DevSecOps.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.