KEMBAR78
Add CodeQL suppressions for PowerShell intended behavior by anamnavi · Pull Request #25359 · PowerShell/PowerShell · GitHub
Skip to content

Add CodeQL suppressions for PowerShell intended behavior #25359

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 15, 2025
Merged

Add CodeQL suppressions for PowerShell intended behavior #25359

merged 2 commits into from
Apr 15, 2025

Conversation

@anamnavi
Copy link
Member

@anamnavi anamnavi commented Apr 14, 2025
edited
Loading

PR Summary

This pull request includes several comments added to the code to address CodeQL warnings in the PowerShell codebase. The comments explain why the flagged issues are expected behavior and not security concerns.

Key changes include:

  • AddType.cs:

    • Added a comment to explain that allowing users to load any C# dependencies is integral to the purpose of the class and expected behavior.

  • WebRequestPSCmdlet.Common.cs:

    • Added a comment to clarify that PowerShell is an on-premise product, so information exposure through exceptions is not a security concern in the same way it would be for an ASP .NET service.

  • ExecutionContext.cs:

    • Added a comment to explain that loading DLLs during the initial state setup is expected behavior, allowing users to load additional C# types for specific scenarios.

PR Context

PR Checklist

@TravisEz13
Copy link
Member

/azp run PowerShell-CI-linux-packaging, PowerShell-Windows-Packaging-CI

@TravisEz13 TravisEz13 enabled auto-merge (squash) April 14, 2025 22:50
@azure-pipelines
Copy link

Azure Pipelines could not run because the pipeline triggers exclude this branch/path.

@TravisEz13 TravisEz13 added the CL-BuildPackaging Indicates that a PR should be marked as a build or packaging change in the Change Log label Apr 14, 2025
auto-merge was automatically disabled April 14, 2025 22:51

Head branch was pushed to by a user without write access

@TravisEz13
Copy link
Member

/azp run PowerShell-CI-linux-packaging, PowerShell-Windows-Packaging-CI

@TravisEz13 TravisEz13 enabled auto-merge (squash) April 14, 2025 23:23
@azure-pipelines
Copy link

Azure Pipelines could not run because the pipeline triggers exclude this branch/path.

@TravisEz13 TravisEz13 merged commit 4e3875c into PowerShell:master Apr 15, 2025
36 checks passed
@microsoft-github-policy-service
Copy link
Contributor

microsoft-github-policy-service bot commented Apr 15, 2025
edited by unfurl-links bot
Loading

📣 Hey @@anamnavi, how did we do? We would love to hear your feedback with the link below! 🗣️

🔗 https://aka.ms/PSRepoFeedback

pwshBot pushed a commit to pwshBot/PowerShell that referenced this pull request Apr 17, 2025
@anamnavi @pwshBot
Add CodeQL suppressions for PowerShell intended behavior (PowerShell#…
d579310 
…25359)
@pwshBot pwshBot mentioned this pull request Apr 17, 2025
Merged
9 tasks
pwshBot pushed a commit to pwshBot/PowerShell that referenced this pull request Apr 17, 2025
@anamnavi @pwshBot
Add CodeQL suppressions for PowerShell intended behavior (PowerShell#…
94bb447 
…25359)
@pwshBot pwshBot mentioned this pull request Apr 17, 2025
Merged
9 tasks
@TravisEz13
Copy link
Member

@PowerShell/powershell-maintainers triage decision - required infrastructure change

Sysoiev-Yurii pushed a commit to Sysoiev-Yurii/PowerShell that referenced this pull request May 12, 2025
@anamnavi @Sysoiev-Yurii
Add CodeQL suppressions for PowerShell intended behavior (PowerShell#…
dd5bc53 
…25359)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TravisEz13 TravisEz13 TravisEz13 approved these changes

@SydneyhSmith SydneyhSmith Awaiting requested review from SydneyhSmith

Assignees

No one assigned

Labels

Backport-7.4.x-Migrated BackPort-7.5.x-Done CL-BuildPackaging Indicates that a PR should be marked as a build or packaging change in the Change Log

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@anamnavi @TravisEz13