-
I have a sample c# application which has password in plain text. I have configured a codeql workflow. The workflow only identifies few javascript issues but its not identifying the plain password security issue present in c# application |
Beta Was this translation helpful? Give feedback.
Replies: 9 comments
-
Hi, |
Beta Was this translation helpful? Give feedback.
-
Hi Please find below the repo details
GitHub - umaranit/corewebappContribute to umaranit/corewebapp development by creating an account on GitHub. Refer the codeql-analysis.yml in it |
Beta Was this translation helpful? Give feedback.
-
Based on: updated con string · umaranit/corewebapp@88b06d6 · GitHub
I only noticed the hard coded connect string item part way through my search, but anyway “pathproblem” might give you a hint about what’s going on, or something to search 🤷♂️ Having the q1 and bqrs references might give you a lead to lookup the actual queries and see why your item isn’t being picked up. |
Beta Was this translation helpful? Give feedback.
-
Hi I am not clear. Have I done any wrong configuration in the workflow? Which area do I need to investigate? |
Beta Was this translation helpful? Give feedback.
-
Hi, In CodeQL, we have a concept of dataflow, which describes where data comes from (a source, in your case a string literal), and where it flows to (a sink). |
Beta Was this translation helpful? Give feedback.
-
@criemen whats with the “pathproblem “ string in the logs? Is that just an unfortunate set of words for people unfamiliar with CodeQL? |
Beta Was this translation helpful? Give feedback.
-
ok. Got it. Thanks for the details |
Beta Was this translation helpful? Give feedback.
-
@kingthorin Ah, I think you got side-tracked here. I hope that helps! |
Beta Was this translation helpful? Give feedback.
-
Thank you, that does help. |
Beta Was this translation helpful? Give feedback.
@kingthorin Ah, I think you got side-tracked here.
This
pathproblem
string does not refer to a problem during query evaluation at all, it rather refers to the query@kind
attribute. See the documentation here if you’re interested to learn more about query kinds.pathproblem means that the query looks for problems in your code that are associated with one or more dataflow paths.
I hope that helps!