Skip to content

Add DevSecOps7 demo page with intentionally vulnerable code for GHAS detection #113

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Copilot wants to merge 2 commits into
base: main
Choose a base branch
from

Add DevSecOps7 page with GHAS demo features

04f01e7
Select commit
Loading
Failed to load commit list.
Draft

Add DevSecOps7 demo page with intentionally vulnerable code for GHAS detection #113

Add DevSecOps7 page with GHAS demo features
04f01e7
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL failed Dec 3, 2025 in 4s

11 new alerts including 5 high severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 5 high

Other Alerts:

  • 1 warning
  • 5 notes

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 31 in src/webapp01/Pages/DevSecOps7.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a
user-provided value
Loading
.

Check failure on line 40 in src/webapp01/Pages/DevSecOps7.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Denial of Service from comparison of user input against expensive regex High

This regex operation with dangerous complexity depends on a
user-provided value
Loading
.

Check failure on line 41 in src/webapp01/Pages/DevSecOps7.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a
user-provided value
Loading
.

Check failure on line 46 in src/webapp01/Pages/DevSecOps7.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Log entries created from user input High

This log entry depends on a
user-provided value
Loading
.

Check failure on line 52 in src/webapp01/Pages/DevSecOps7.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Insecure SQL connection High

Connection string
Loading
flows to this SQL connection and does not specify Encrypt=True.

Check warning on line 78 in src/webapp01/Pages/DevSecOps7.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Useless assignment to local variable Warning

This assignment to
deserializedData
Loading
is useless, since its value is never read.

Check notice on line 30 in src/webapp01/Pages/DevSecOps7.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Inefficient use of ContainsKey Note

Inefficient use of 'ContainsKey' and
indexer
Loading
.

Check notice on line 37 in src/webapp01/Pages/DevSecOps7.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Inefficient use of ContainsKey Note

Inefficient use of 'ContainsKey' and
indexer
Loading
.

Check notice on line 47 in src/webapp01/Pages/DevSecOps7.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 59 in src/webapp01/Pages/DevSecOps7.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 102 in src/webapp01/Pages/DevSecOps7.cshtml.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.