Skip to content

Implement DevSecOps GHAS Demo Features with Intentional Vulnerabilities #83

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Copilot wants to merge 3 commits into
base: main
Choose a base branch
from

Add DevSecOps2 page with extended security vulnerability demonstrations

9c23ae1
Select commit
Loading
Failed to load commit list.
Draft

Implement DevSecOps GHAS Demo Features with Intentional Vulnerabilities #83

Add DevSecOps2 page with extended security vulnerability demonstrations
9c23ae1
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL failed Jun 26, 2025 in 2s

9 new alerts including 3 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 3 high

Other Alerts:

  • 6 notes

See annotations below for details.

View all branch alerts.

Annotations

Check notice on line 107 in src/webapp01/Pages/DevSecOps2.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 115 in src/webapp01/Pages/DevSecOps2.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Inefficient use of ContainsKey Note

Inefficient use of 'ContainsKey' and
indexer
Loading
.

Check notice on line 116 in src/webapp01/Pages/DevSecOps2.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Call to System.IO.Path.Combine Note

Call to 'System.IO.Path.Combine'.

Check failure on line 118 in src/webapp01/Pages/DevSecOps2.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a
user-provided value
Loading
.

Check failure on line 122 in src/webapp01/Pages/DevSecOps2.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a
user-provided value
Loading
.

Check notice on line 128 in src/webapp01/Pages/DevSecOps2.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 159 in src/webapp01/Pages/DevSecOps2.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check failure on line 189 in src/webapp01/Pages/DevSecOps2.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Clear text storage of sensitive information High

This stores sensitive data returned by
access to constant DATABASE_PASSWORD : String
Loading
as clear text.

Check notice on line 210 in src/webapp01/Pages/DevSecOps2.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.