Add CodeQL recommendation against Path.Combine#18865
Add CodeQL recommendation against Path.Combine#18865michaelnebel merged 7 commits intogithub:mainfrom
Conversation
There was a problem hiding this comment.
Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.
Comments suppressed due to low confidence (1)
csharp/ql/test/query-tests/Bad Practices/Path Combine/PathCombine.cs:3
- [nitpick] The class name 'EmptyCatchBlock' does not convey its purpose related to Path.Combine testing. Consider renaming it to 'PathCombineTest' for better clarity.
class EmptyCatchBlock
|
QHelp previews: csharp/ql/src/Bad Practices/PathCombine.qhelpCall to System.IO.Path.Combine
RecommendationUse References
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -0,0 +1 @@ | |||
| Bad Practices/PathCombine.ql No newline at end of file | |||
Check warning
Code scanning / CodeQL
Query test without inline test expectations Warning test
|
I will start a DCA run to see how this impacts the security and quality suite. |
|
DCA looks good. Around 16k results found in our |
michaelnebel
left a comment
michaelnebel
left a comment
There was a problem hiding this comment.
Thank you @carldybdahl-microsoft !
LGTM!
carldybdahl-microsoft
force-pushed
the
csharp/path-combine
branch
from
b8629d2 to
a3a5a03
Compare
carldybdahl-microsoft
force-pushed
the
csharp/path-combine
branch
from
a3a5a03 to
2f7cdf1
Compare
3 participants
The docs for Path.Combine warns:
Important
This method assumes that the first argument is an absolute path and that the following argument or arguments are relative paths. If this is not the case, and particularly if any subsequent arguments are strings input by the user, call the Join or TryJoin method instead.
This commit adds a corresponding CodeQL query to recommend against Path.Combine.