Skip to content

Commit

Permalink
[CodeQL] Suppress CSRF token validation warnings (#9278)
Browse files Browse the repository at this point in the history
* Added CSRF token checks to address CodeQL bugs

* Added CodeQL suppressions
  • Loading branch information
advay26 committed Oct 14, 2022
1 parent 48dde8e commit 0d1b015
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/NuGetGallery/Controllers/ApiController.cs
Original file line number Diff line number Diff line change
Expand Up @@ -331,6 +331,7 @@ public virtual ActionResult SimulateError(SimulatedErrorType type = SimulatedErr
[ApiScopeRequired(NuGetScopes.PackagePush, NuGetScopes.PackagePushVersion)]
[ActionName("CreatePackageVerificationKey")]
public virtual async Task<ActionResult> CreatePackageVerificationKeyAsync(string id, string version)
// CodeQL [SM00433] This endpoint uses API Key authentication
{
// For backwards compatibility, we must preserve existing behavior where the client always pushes
// symbols and the VerifyPackageKey callback returns the appropriate response. For this reason, we
Expand Down Expand Up @@ -427,6 +428,7 @@ public virtual Task<ActionResult> CreatePackagePut()
[ApiScopeRequired(NuGetScopes.PackagePush, NuGetScopes.PackagePushVersion)]
[ActionName("PushPackageApi")]
public virtual Task<ActionResult> CreatePackagePost()
// CodeQL [SM00433] This endpoint uses API Key authentication
{
return CreatePackageInternal();
}
Expand Down Expand Up @@ -948,6 +950,7 @@ public virtual async Task<ActionResult> DeletePackage(string id, string version,
[ApiScopeRequired(NuGetScopes.PackageUnlist)]
[ActionName("PublishPackageApi")]
public virtual async Task<ActionResult> PublishPackage(string id, string version)
// CodeQL [SM00433] This endpoint uses API Key authentication
{
var package = PackageService.FindPackageByIdAndVersionStrict(id, version);
if (package == null)
Expand Down

0 comments on commit 0d1b015

Please sign in to comment.