ER: CodeQL did not raise alerts on each instance of "Potentially unsafe external link" #6485
Description
Dependencies
The issue could be resolved with:
Emergent Requirement - Problem
- The file
_includes/current_guides.htmlcontained two instances of "Potentially unsafe external links" but only one CodeQL alert was raised. - The file
_includes/about-page/about-card-sponsorscontained four instance of ""Potentially unsafe external links" but only one CodeQL alert was raised
Details
Regarding _includes/current_guides.html:
- The first instance is on line 77 as detailed in https://github.com/hackforla/website/security/code-scanning/3
- The second instance is on line 80. No CodeQL alert was found addressing this instance and so Resolve "Potentially unsafe external link" in
_includes/current-guides.html#6484 was created
Issue you discovered this emergent requirement in
Date discovered
3/4/2024
Did you have to do something temporarily
- YES Resolve "Potentially unsafe external link" in
_includes/current-guides.html#6484 was created - NO
Who was involved
What happens if this is not addressed
code security/quality issues may be missed
Resources
Recommended Action Items
- Make a new issue
- Discuss with team
- Let a Team Lead know
Potential solutions [draft]
- We are aware that CodeQL runs into errors scanning Javascript code files with liquid statements. In both files in which CodeQL failed to report errors, liquid code was found. Therefore I suggest putting this ER on hold, with a dependency on update project profile food oasis reorder leadership member #6387
- Search/audit the codebase for any other instances of "Potentially unsafe external link" that are not detected by CodeQL
- resarch to determine possible reasons why CodeQL did not create an alert for this instance of "Potentially unsafe external link"