search

dotnet / java-interop

Java.Interop provides open-source bindings of Java's Java Native Interface (JNI) for use with .NET managed languages such as C#
Other
189 stars 48 forks source link

[java-source-utils] Ignore CodeQL SM00697 java/path-injection-local #1222

Closed jonpryor closed 1 month ago

jonpryor commented 1 month ago

Fixes: https://codeql.microsoft.com/issues/5011e9f8-1b9e-4735-b9c5-89d78d9c04b2 Fixes: https://codeql.microsoft.com/issues/a9013ebf-d97c-41d8-aa62-92da7f8ea1c7 Fixes: https://codeql.microsoft.com/issues/b42d4728-2ce4-4599-b5cb-4d2affb86985 Fixes: https://codeql.microsoft.com/issues/bafce9a0-95ae-4aac-95e0-5ba8af1f3944 Fixes: https://codeql.microsoft.com/issues/bcc73986-161f-40b4-96a4-1c7e52959941 Fixes: https://codeql.microsoft.com/issues/dd199e97-a989-4f18-9fc7-a23a497eba32 Fixes: https://codeql.microsoft.com/issues/e844028d-77d8-4e04-9bfd-24005727ea84

Context: 5fa7ac458ec225cf58396d015ebb9aa6a538062d Context: https://codeql.microsoft.com/issues/repository?Uri=https%3A%2F%2Fgithub.com%2Fxamarin%2Fjava.interop# Context: https://eng.ms/docs/cloud-ai-platform/devdiv/one-engineering-system-1es/1es-docs/codeql/codeql-semmle#guidance-on-suppressions

Commit 5fa7ac45 "addressed" numerous LGTM warnings around "path injection".

We're now using CodeQL, and even though CodeQL started as LGTM, it (apparently) no longer supports the previous // lgtm comments. It instead wants // CodeQL comments, updated to use an "Opaque Id".

Update the comments to silence the CodeQL warnings.