Open Nisden opened 4 months ago
This PR resolves an issue where CodeQL could interpert the user intent incorrectly and accidently add invalid parameters to the NSwag execution.
In the following example, CodeQL would assume the run is the dotnet subcommand, but that is incorrect, its the arguments sent to NSwag.
run
dotnet
<Target Name="NSwag" AfterTargets="Build"> <Exec Command="$(NSwagExe) run nswag.json /variables:Configuration=$(Configuration)" /> </Target>
This is because of how CodeQL detects the user intent, by ignoring parameters until it finds the first string that could be a subcommand, see: https://github.com/github/codeql/blob/606a8fed0c57d1c4cad02f2c48acc3fa331d92a2/csharp/tools/tracing-config.lua#L70
This PR resolves an issue where CodeQL could interpert the user intent incorrectly and accidently add invalid parameters to the NSwag execution.
In the following example, CodeQL would assume the
runis thedotnetsubcommand, but that is incorrect, its the arguments sent to NSwag.This is because of how CodeQL detects the user intent, by ignoring parameters until it finds the first string that could be a subcommand, see: https://github.com/github/codeql/blob/606a8fed0c57d1c4cad02f2c48acc3fa331d92a2/csharp/tools/tracing-config.lua#L70