Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

GHAS/CodeQL reporting missing input sanitization #1447

Closed
automartin5000 opened this issue Nov 7, 2024 · 3 comments
Closed

GHAS/CodeQL reporting missing input sanitization #1447

automartin5000 opened this issue Nov 7, 2024 · 3 comments
Assignees
@kuhe

Comments

@automartin5000
Copy link

I posted this in the AWS SDK repo, but thought I should repost here since this seems to be the source.

This code has started triggering a CodeQL finding for us.

Specifically, it's this line of code:

part = `"${part.replace(/"/g, '\\"')}"`;

The full security notification is:

Incomplete string escaping or encoding - This does not escape backslash characters in the input.
@phuhung273
Copy link

@automartin5000 +1 with you. Currently blocked because of this

This was referenced Nov 22, 2024
Merged
Closed
@kuhe
Copy link
Contributor

kuhe commented Dec 23, 2024

responded in aws/aws-sdk-js-v3#6623

@kuhe kuhe self-assigned this Dec 23, 2024
@kuhe
Copy link
Contributor

kuhe commented Jan 2, 2025

See for aws/aws-sdk-js-v3#6623 answer. The CodeQL maintainer recommended dismissing the false positive.

@kuhe kuhe closed this as completed Jan 2, 2025
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@kuhe kuhe

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kuhe @automartin5000 @phuhung273