Adds explanation for CodeQL warnings by sruke · Pull Request #3167 · AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet

sruke · 2025-03-11T23:04:57Z

No description provided.

Copilot

Pull Request Overview

This PR adds inline explanations for CodeQL warnings in order to clarify intentional design choices.

In SignedHttpRequestUtilities.cs, comments have been added next to settings that disable validation during pop key decryption.
In TokenValidationParameters.cs, comments have been added to note that certain values are copied regardless of their truth value, addressing CodeQL warnings.

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
src/Microsoft.IdentityModel.Protocols.SignedHttpRequest/SignedHttpRequestUtilities.cs	Added inline comments explaining the intentional disabling of validations during pop key decryption.
src/Microsoft.IdentityModel.Tokens/TokenValidationParameters.cs	Added inline comments clarifying that specific values are copied as-is to address CodeQL warnings.

github-actions · 2025-03-11T23:17:39Z

Summary


Generated on:	3/11/2025 - 11:17:37 PM
Coverage date:	3/11/2025 - 11:07:32 PM - 3/11/2025 - 11:17:09 PM
Parser:	MultiReport (60x Cobertura)
Assemblies:	1
Classes:	7
Files:	2
Line coverage:	80.3% (620 of 772)
Covered lines:	620
Uncovered lines:	152
Coverable lines:	772
Total lines:	483
Branch coverage:	67.8% (228 of 336)
Covered branches:	228
Total branches:	336
Method coverage:	Feature is only available for sponsors

Coverage

Microsoft.IdentityModel.JsonWebTokens - 80.3%

Name	Line	Branch
Microsoft.IdentityModel.JsonWebTokens	80.3%	67.8%
Microsoft.IdentityModel.JsonWebTokens.JwtTokenUtilities	100%
System.Text.RegularExpressions.Generated	80.3%	67.8%
System.Text.RegularExpressions.Generated	80.3%	67.8%
System.Text.RegularExpressions.Generated.<RegexGenerator_g>F12A1AEDDDFE32BA DF4DBFF323AF1BCB48B9F9721B7CD3E05F5E034CF225E3DF8__CreateJweRegex_1	79.2%	68%
System.Text.RegularExpressions.Generated.<RegexGenerator_g>F12A1AEDDDFE32BA DF4DBFF323AF1BCB48B9F9721B7CD3E05F5E034CF225E3DF8__CreateJwsRegex_0	81.4%	67.6%
System.Text.RegularExpressions.Generated.<RegexGenerator_g>F334844C618E00D3 CEC5D3FE0D00CF0141BBEE98635313BB2CB8D3921464CE05A__CreateJweRegex_1	79.2%	68%
System.Text.RegularExpressions.Generated.<RegexGenerator_g>F334844C618E00D3 CEC5D3FE0D00CF0141BBEE98635313BB2CB8D3921464CE05A__CreateJwsRegex_0	81.4%	67.6%

Adds explanation for CodeQL warnings

e6140c3

sruke self-assigned this Mar 11, 2025

sruke requested a review from a team as a code owner March 11, 2025 23:04

sruke requested a review from Copilot March 11, 2025 23:05

Copilot AI reviewed Mar 11, 2025

View reviewed changes

pmaytak approved these changes Mar 12, 2025

View reviewed changes

kllysng approved these changes Mar 12, 2025

View reviewed changes

JoshLozensky approved these changes Mar 12, 2025

View reviewed changes

sruke merged commit a1f94ac into dev Mar 12, 2025
6 checks passed

This was referenced Jan 13, 2026

Bump Microsoft.Identity.Web and 2 others DFE-Digital/teaching-record-system#2976

Closed

deps: Bump Microsoft.AspNetCore.Authentication.JwtBearer and 6 others honua-io/honua-server#248

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Adds explanation for CodeQL warnings#3167

Adds explanation for CodeQL warnings#3167
sruke merged 1 commit intodevfrom
sruthi/SM03926

sruke commented Mar 11, 2025

Uh oh!

Copilot AI left a comment

Uh oh!

github-actions bot commented Mar 11, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Comments

Conversation

sruke commented Mar 11, 2025

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull Request Overview

Reviewed Changes

Uh oh!

github-actions bot commented Mar 11, 2025

Summary

Coverage

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Comments