Skip to content
This repository was archived by the owner on Jan 5, 2026. It is now read-only.

Fix CodeQL alert SM01507: Client-side URL redirect#6538

Merged
tracyboehrer merged 1 commit into
mainfrom
southworks/fix/SM01507-alert
Nov 3, 2022
Merged

Fix CodeQL alert SM01507: Client-side URL redirect#6538
tracyboehrer merged 1 commit into
mainfrom
southworks/fix/SM01507-alert

Conversation

@ceciliaavila
Copy link
Copy Markdown
Collaborator

@ceciliaavila ceciliaavila commented Nov 3, 2022

Fixes #6537 #6521 #6514 #6500 #6499 #6498 #6497 #6496 #6495 #6494 #6493 #6492 #6491 #6490 #6489 #6488 #6486

Description

This PR fixes de CodeQL SM01507 alert related to open redirects by implementing a fixed domain for the script's src param.

Specific Changes

  • Updated build/AnalyzeDeps/InterdependencyGraph.html to append the domain URL to the data param.

Testing

We tested the changes locally rendering the HTML with and without the data query parameter.
image

@ceciliaavila ceciliaavila added the Automation: No parity PR does not need to be applied to other languages. label Nov 3, 2022
@ceciliaavila ceciliaavila requested a review from a team as a code owner November 3, 2022 12:41
This was linked to issues Nov 3, 2022
CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet #6521
Closed
CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet #6514
Closed
CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet #6500
Closed
CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet #6498
Closed
CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet #6499
Closed
CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet #6493
Closed
CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet #6494
Closed
CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet #6495
Closed
CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet #6496
Closed
CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet #6497
Closed
@coveralls
Copy link
Copy Markdown
Collaborator

coveralls commented Nov 3, 2022

Pull Request Test Coverage Report for Build 327818

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • 3 unchanged lines in 3 files lost coverage.
  • Overall coverage decreased (-0.009%) to 79.015%
Files with Coverage Reduction New Missed Lines %
/libraries/AdaptiveExpressions/BuiltinFunctions/GetNextViableTime.cs 1 90.91%
/libraries/AdaptiveExpressions/BuiltinFunctions/GetPreviousViableTime.cs 1 90.91%
/libraries/Microsoft.Bot.Streaming/Payloads/StreamManager.cs 1 90.0%
Totals Coverage Status
Change from base Build 327679: -0.009%
Covered Lines: 25597
Relevant Lines: 32395
💛 - Coveralls

@tracyboehrer tracyboehrer merged commit 5909752 into main Nov 3, 2022
@tracyboehrer tracyboehrer deleted the southworks/fix/SM01507-alert branch November 3, 2022 14:02
@dependabot dependabot Bot mentioned this pull request Dec 21, 2025
Merged
This was referenced May 14, 2026
Closed
Closed
Closed
Open
Closed
Closed
Open
Closed
Closed
Open
Closed
Open
This was referenced May 14, 2026
Closed
Closed
Closed
Open
Open
Open
Open
Open
Open
Open
Closed
Open
Closed
Closed
Closed
Closed
Open
Open
Open
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@tracyboehrer tracyboehrer tracyboehrer approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Automation: No parity PR does not need to be applied to other languages.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet
CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet CodeQL alert SM01507: Client-side URL redirect in microsoft/microsoft/botbuilder-dotnet/botbuilder-dotnet

3 participants

@ceciliaavila @coveralls @tracyboehrer