SonarQube report as Java class #299
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| (result -> hotspots.addAll(result.hotspots))); | ||
|
|
||
| writeStringToFile( | ||
| new File("results/" + resultFilename() + ".json"), |
Check failure
Code scanning / CodeQL
Uncontrolled data used in path expression High test
| (result -> hotspots.addAll(result.hotspots))); | ||
|
|
||
| writeStringToFile( | ||
| new File("results/" + resultFilename() + ".json"), |
Check failure
Code scanning / CodeQL
File Path Injection Error test Experimental
| connection.setRequestMethod("GET"); | ||
| connection.setDoOutput(true); | ||
| connection.setRequestProperty("Authorization", "Basic " + sonarAuth); | ||
|
|
Check failure
Code scanning / CodeQL
Insecure basic authentication High test
|
@darkspirit510 - Is this ready to merge/do you want me to merge it? |
|
@darkspirit510 no, CodeQL reports an issue. Will fix it this week! |
|
@davewichers I understand why CodeQL reports those as (technically) insecure, but I won't fix them. It's just a local parser accessing local SonarQube, so those three results can be marked as "won't fix". |
|
I'm OK with that. If we accept these 3 CodeQL issues, then are you OK with merging this in now? |
2 participants
No description provided.