Skip to content

Add DevSecOps-2649 demo page with intentional vulnerabilities for GHAS showcase #117

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Copilot wants to merge 3 commits into
base: main
Choose a base branch
from
+634 −1

Address code review feedback - add comments and fix inconsistencies

e02cdd9
Select commit
Loading
Failed to load commit list.
Draft

Add DevSecOps-2649 demo page with intentional vulnerabilities for GHAS showcase #117

Address code review feedback - add comments and fix inconsistencies
e02cdd9
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL failed Jan 29, 2026 in 2s

11 new alerts including 3 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 3 high

Other Alerts:

  • 1 warning
  • 7 notes

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 52 in src/webapp01/Pages/DevSecOps-2649.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a
user-provided value
Loading
.
This log entry depends on a
user-provided value
Loading
.

Check failure on line 147 in src/webapp01/Pages/DevSecOps-2649.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Insecure SQL connection High

Connection string
Loading
flows to this SQL connection and does not specify Encrypt=True.

Check failure on line 250 in src/webapp01/Pages/DevSecOps-2649.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Insecure SQL connection High

Connection string
Loading
flows to this SQL connection and does not specify Encrypt=True.

Check warning on line 119 in src/webapp01/Pages/DevSecOps-2649.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Useless assignment to local variable Warning

This assignment to
deserializedNews
Loading
is useless, since its value is never read.

Check notice on line 49 in src/webapp01/Pages/DevSecOps-2649.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Inefficient use of ContainsKey Note

Inefficient use of 'ContainsKey' and
indexer
Loading
.

Check notice on line 128 in src/webapp01/Pages/DevSecOps-2649.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 127 in src/webapp01/Pages/DevSecOps-2649.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Redundant ToString() call Note

Redundant call to 'ToString' on a String object.

Check notice on line 159 in src/webapp01/Pages/DevSecOps-2649.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 235 in src/webapp01/Pages/DevSecOps-2649.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 233 in src/webapp01/Pages/DevSecOps-2649.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Redundant ToString() call Note

Redundant call to 'ToString' on a String object.

Check notice on line 266 in src/webapp01/Pages/DevSecOps-2649.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.