codeql icon indicating copy to clipboard operation
codeql copied to clipboard

Published 20 hours ago verified publisher icon github

Token validation

Open raulgarciamsft opened this issue 2 years ago • 1 comments

New queries to address some of the major security issues discussed at azure-activedirectory-identitymodel-extensions-for-dotnet ValidatingTokens wiki

raulgarciamsft avatar Jun 23 '22 16:06 raulgarciamsft

I'm trying to identify some candidate test projects in this LGTM run. Then we can run the check against those projects and see if there are any findings/false positives.

tamasvajk avatar Jul 08 '22 11:07 tamasvajk

Please let me know if there is any additional change I may be missing

raulgarciamsft avatar Aug 26 '22 16:08 raulgarciamsft

@tamasvajk : Can you please approve as well?

hvitved avatar Sep 03 '22 07:09 hvitved

QQ. After sync-ing last week, even without any change to my files all attempts to compile a C# query result in the following error:

Oops! A fatal internal error occurred.
com.semmle.util.exception.CatastrophicError: Duplicate type for binding: SsaRead
        at com.semmle.frontend.compiler.TypeHierarchyBuilder.registerType(TypeHierarchyBuilder.java:107)
...

Any idea of what could be the root cause? Thanks

raulgarciamsft avatar Sep 13 '22 01:09 raulgarciamsft

Any idea of what could be the root cause? Thanks

Yeah, you need the latest codeql CLI, where this bug has been fixed.

hvitved avatar Sep 13 '22 07:09 hvitved

Please let me know if there is anything I can do to get this PR completed. Thanks a lot for all your help.

raulgarciamsft avatar Sep 14 '22 18:09 raulgarciamsft