scan-action icon indicating copy to clipboard operation
scan-action copied to clipboard

Published 20 hours ago verified publisher icon ShiftLeftSecurity

Incorrect Titles in Code Scanning Alerts Section

Open ncoop57 opened this issue 4 years ago • 2 comments

Github’s Code scanning alerts section shows incorrect filename and path to file in flagged security alerts when using your security scanning tool:

As shown, the title states the issue is at DESCipherExample.java at the path src/main/java/com/minimals/des. However, the problem is actually located in DESReplaceCipherExample.java at the path src/main/java/com/minimals/des_replace, which is correctly shown in the subtitle.

This issue was originally opened in https://github.com/github/codeql/issues/4800 and was told to move it here: https://github.com/github/codeql/issues/4800#issuecomment-741905714

ncoop57 avatar Dec 10 '20 01:12 ncoop57

Hi @ncoop57

Thank you for filing this ticket. Will you be able to share the .sarif files produced? Also is the repository publicly available for testing?

prabhu avatar Dec 10 '20 09:12 prabhu

Here is the repository I used for testing: https://github.com/ncoop57/codescanning. However, I'm not sure how the .sarif files are produced using code scanning and so I am not sure where to grab them from. If you have information on where I can download them, I'll be happy to upload them here.

ncoop57 avatar Dec 10 '20 15:12 ncoop57