New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LGTM.com - false positive: Type of authorization header should not be considered part of the credentials #4327
Comments
I hit this too, in a different variant:
Looks like |
I have also hit this. I have an object that happens to have a property Edit: actually I think the issue is slightly different, I'm getting "The hard-coded value "/authorize" is used as authorization header." |
Thanks for the report, and sorry for the long wait (it got buried in my list of things to do). @d-fischer and @trevyn: Both of your FP reports should be fixed by #6398. @stevehobbsdev: Your issue is indeed different, and it is not fixed by the above. |
When this will be released to github codeql action? We are also hit by this a lot from our tests at renovate 😕 |
The fix didn't end up in the recent 2.5.9 release of CodeQL. |
Description of the false positive
Bearer
andOAuth
are not part of the credentials, but rather describe the type of the credentials.URL to the alert on the project page on LGTM.com
https://lgtm.com/projects/g/d-fischer/twitch/snapshot/5249a6f49264f6678324dcf6e5ad37dd95b49935/files/packages/twitch-api-call/src/apiCall.ts#x2d89925154b9f725:1
The text was updated successfully, but these errors were encountered: