Skip to content

CodeQL

CodeQL #180

Triggered via schedule March 13, 2024 19:14
Status Success
Total duration 4m 17s
Artifacts

codeql-analysis.yml

on: schedule
Matrix: Analyze
Fit to window
Zoom out
Zoom in

Annotations

2 errors and 9 warnings
Analyze (csharp)
This version of the CodeQL Action was deprecated on January 18th, 2023, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/
Analyze (csharp)
This version of the CodeQL Action was deprecated on January 18th, 2023, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/
Analyze (csharp)
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/setup-dotnet@v1, actions/checkout@v2, github/codeql-action/init@v1, github/codeql-action/analyze@v1. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
Analyze (csharp)
The following actions uses node12 which is deprecated and will be forced to run on node16: actions/setup-dotnet@v1, actions/checkout@v2, github/codeql-action/init@v1, github/codeql-action/analyze@v1. For more info: https://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/
Analyze (csharp)
1 issue was detected with this workflow: git checkout HEAD^2 is no longer necessary. Please remove this step as Code Scanning recommends analyzing the merge commit for best results.
Analyze (csharp): CompatBot/Database/DbImporter.cs#L78
Method 'ExecuteSqlRawAsync' inserts interpolated strings directly into the SQL, without any protection against SQL injection. Consider using 'ExecuteSqlAsync' instead, which protects against SQL injection, or make sure that the value is sanitized and suppress the warning.
Analyze (csharp): CompatBot/Database/DbImporter.cs#L79
Method 'ExecuteSqlRawAsync' inserts interpolated strings directly into the SQL, without any protection against SQL injection. Consider using 'ExecuteSqlAsync' instead, which protects against SQL injection, or make sure that the value is sanitized and suppress the warning.
Analyze (csharp): CompatBot/Utils/ColorGetter.cs#L58
This call site is reachable on: 'Windows' all versions. 'Bitmap' is only supported on: 'windows' 6.1 and later. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1416)
Analyze (csharp): CompatBot/Database/DbImporter.cs#L78
Method 'ExecuteSqlRawAsync' inserts interpolated strings directly into the SQL, without any protection against SQL injection. Consider using 'ExecuteSqlAsync' instead, which protects against SQL injection, or make sure that the value is sanitized and suppress the warning.
Analyze (csharp): CompatBot/Database/DbImporter.cs#L79
Method 'ExecuteSqlRawAsync' inserts interpolated strings directly into the SQL, without any protection against SQL injection. Consider using 'ExecuteSqlAsync' instead, which protects against SQL injection, or make sure that the value is sanitized and suppress the warning.
Analyze (csharp): CompatBot/Utils/ColorGetter.cs#L58
This call site is reachable on: 'Windows' all versions. 'Bitmap' is only supported on: 'windows' 6.1 and later. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1416)