-
-
Notifications
You must be signed in to change notification settings - Fork 777
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create wiki page to guide developers how to manage CodeQL alerts #6463
Comments
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Draft Wiki page: How to manage CodeQL alertsOverview of CodeQL scanning
Issues for resolving CodeQL alerts
How to resolve specific alert typesPotentially unsafe external link - sample https://github.com/hackforla/website/security/code-scanning/3Details
For this alert type we modify the code, adding the attribute Unused variable, import, function or class - sample https://github.com/hackforla/website/security/code-scanning/94Details
We remove declarations for unused variables, functions or classes to improve readability of the code Inclusion of functionality from an untrusted source - sample https://github.com/hackforla/website/security/code-scanning/37Malformed id attribute (see sample https://github.com/hackforla/website/security/code-scanning/25)Details
The sample is an example of a Syntax error - sample https://github.com/hackforla/website/security/code-scanning/97 not resolvedDetails
The sample is an example of a Superfluous trailing arguments - sample resolution see https://github.com/hackforla/website/security/code-scanning/35Details
A code quality and readability issue that may indicate a bug Use of returnless function - https://github.com/hackforla/website/security/code-scanning/57Details
This usually indicates a bug or a misunderstanding of the syntax Missing variable declaration - https://github.com/hackforla/website/security/code-scanning/44Details
A variable is used like a local variable but is missing a declaration, and so it becomes a global variable by default, subject to risk of global variable corruption. Resolved by adding the appropriate variable declaration, followed by testing to confirm that behavior of the code is unchanged. |
This comment was marked as outdated.
This comment was marked as outdated.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Please add update using the below template (even if you have a pull request). Afterwards, remove the '2 weeks inactive' label and add the 'Status: Updated' label.
If you need help, be sure to either: 1) place your issue in the You are receiving this comment because your last comment was before Monday, November 18, 2024 at 11:04 PM PST. |
Please add update using the below template (even if you have a pull request). Afterwards, remove the '2 weeks inactive' label and add the 'Status: Updated' label.
If you need help, be sure to either: 1) place your issue in the You are receiving this comment because your last comment was before Monday, November 25, 2024 at 11:04 PM PST. |
Overview
We require a wiki page to guide developers how to manage and resolve CodeQL alerts
Action Items
After this issue is completed
Resources/Instructions
The text was updated successfully, but these errors were encountered: