codeql icon indicating copy to clipboard operation
codeql copied to clipboard

Published 20 hours ago verified publisher icon github

False positive

Open silent-sour opened this issue 1 year ago • 7 comments
trafficstars

Description of the false positive

C# CWE-117 is incorrectly applied to user input sanitized with {string}.ReplaceLineEndings() instead of {string}.Replace(Environment.NewLine, string.Empty)

**Code sample

var username = authInfo.Username.ReplaceLineEndings();
_logger.LogError("Invalid login attempt: {username}", username);

silent-sour avatar Feb 24 '24 02:02 silent-sour