Skip to content

Commit

Permalink
add code ql comment about TypeNameHandling.None
Browse files Browse the repository at this point in the history
  • Loading branch information
JhontSouth committed Aug 1, 2024
1 parent 276bb33 commit e49dd1b
Showing 1 changed file with 2 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ public AzureQueueStorage(string queuesStorageConnectionString, string queueName,

_jsonSettings = jsonSerializerSettings ?? new JsonSerializerSettings
{
TypeNameHandling = TypeNameHandling.None,
TypeNameHandling = TypeNameHandling.None, // CODEQL [cs/unsafe-type-name-handling] We use None to prevent any type information from being serialized, ensuring that no arbitrary types are deserialized, which mitigates security risks.
NullValueHandling = NullValueHandling.Ignore,
MaxDepth = null
};
Expand All @@ -67,7 +67,7 @@ internal AzureQueueStorage(QueueClient queueClient, JsonSerializerSettings jsonS
_queueClient = queueClient;
_jsonSettings = jsonSerializerSettings ?? new JsonSerializerSettings
{
TypeNameHandling = TypeNameHandling.None,
TypeNameHandling = TypeNameHandling.None, // CODEQL [cs/unsafe-type-name-handling] We use None to prevent any type information from being serialized, ensuring that no arbitrary types are deserialized, which mitigates security risks.
NullValueHandling = NullValueHandling.Ignore
};
}
Expand Down

0 comments on commit e49dd1b

Please sign in to comment.