Skip to content

JS: don't report dummy authentication headers as hardcoded-crendentials#6398

Merged
codeql-ci merged 3 commits intogithub:mainfrom
erik-krogh:authHeader
Aug 3, 2021
Merged

JS: don't report dummy authentication headers as hardcoded-crendentials#6398
codeql-ci merged 3 commits intogithub:mainfrom
erik-krogh:authHeader

Conversation

@erik-krogh
Copy link
Copy Markdown
Contributor

@erik-krogh erik-krogh commented Aug 2, 2021
edited
Loading

Fixes #4327

Evaluation looks good.
There is a bunch of removed results.
All of the removed results appear to be FPs.

@erik-krogh erik-krogh added the Awaiting evaluation Do not merge yet, this PR is waiting for an evaluation to finish label Aug 2, 2021
@github-actions github-actions bot added the JS label Aug 2, 2021
@erik-krogh erik-krogh removed the Awaiting evaluation Do not merge yet, this PR is waiting for an evaluation to finish label Aug 2, 2021
@erik-krogh erik-krogh marked this pull request as ready for review August 2, 2021 20:50
@erik-krogh erik-krogh requested a review from a team as a code owner August 2, 2021 20:50
esbena
esbena reviewed Aug 3, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@esbena esbena left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. One potential improvement.

@codeql-ci codeql-ci merged commit 07f6ce7 into github:main Aug 3, 2021
@erik-krogh erik-krogh mentioned this pull request Aug 3, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@esbena esbena esbena approved these changes

Assignees

No one assigned

Labels

documentation JS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

LGTM.com - false positive: Type of authorization header should not be considered part of the credentials

3 participants

@erik-krogh @esbena @codeql-ci