Skip to content

init#202

Open
ttossavainen wants to merge 10 commits intomainfrom
issue199
Open

init#202
ttossavainen wants to merge 10 commits intomainfrom
issue199

Conversation

@ttossavainen
Copy link
Copy Markdown
Contributor

Copy link
Copy Markdown

@github-advanced-security github-advanced-security AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CodeQL found more than 20 potential problems in the proposed changes. Check the Files changed tab for more details.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 8, 2024

CodeQL found vulnerabilities from the code. Check the PR or the workflow summary for the details: https://github.com/FrendsPlatform/Frends.SFTP/actions/runs/8595850623?pr=202

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 8, 2024

CodeQL found vulnerabilities from the code. Check the PR or the workflow summary for the details: https://github.com/FrendsPlatform/Frends.SFTP/actions/runs/8596673398?pr=202

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 8, 2024

CodeQL found vulnerabilities from the code. Check the PR or the workflow summary for the details: https://github.com/FrendsPlatform/Frends.SFTP/actions/runs/8596784957?pr=202

Comment on lines +40 to +43
catch (Exception ex)
{
throw new ArgumentException($"Failure in Keyboard-Interactive authentication: {ex.Message}");
}

Check notice

Code scanning / CodeQL

Generic catch clause

Generic catch clause.
Comment on lines +40 to +41
catch
{ return false; }

Check notice

Code scanning / CodeQL

Generic catch clause

Generic catch clause.
Convert.FromBase64String(input);
return true;
}
catch { return false; }

Check notice

Code scanning / CodeQL

Generic catch clause

Generic catch clause.
Comment on lines +63 to +69
foreach (var f in client.ListDirectory("."))
{
if (f.Name != "." && f.Name != "..")
{
client.DeleteFile(f.Name);
}
}

Check notice

Code scanning / CodeQL

Missed opportunity to use Where

This foreach loop [implicitly filters its target sequence](1) - consider filtering the sequence explicitly using '.Where(...)'.
Comment on lines +95 to +118
foreach (var file in files)
{
if (file.Name != "." && file.Name != "..")
{
if (file.IsDirectory)
{
sftp.ChangeDirectory(file.FullName);
foreach (var f in sftp.ListDirectory("."))
{
if (f.Name != "." && f.Name != "..")
{
sftp.DeleteFile(f.Name);
}
}

sftp.ChangeDirectory("/upload");
sftp.DeleteDirectory(file.FullName);
}
else
{
sftp.DeleteFile(file.FullName);
}
}
}

Check notice

Code scanning / CodeQL

Missed opportunity to use Where

This foreach loop [implicitly filters its target sequence](1) - consider filtering the sequence explicitly using '.Where(...)'.
client.ConnectionInfo.HostKeyAlgorithms.Add("ecdsa-sha2-nistp256", (data) => { return new KeyHostAlgorithm("ecdsa-sha2-nistp256", new EcdsaKey(), data); });
break;
case HostKeyAlgorithms.Nistp384:
client.ConnectionInfo.HostKeyAlgorithms.Add("ecdsa-sha2-nistp384", (data) => { return new KeyHostAlgorithm("ecdsa-sha2-nistp384", new EcdsaKey(), data); });

Check warning

Code scanning / CodeQL

Missing Dispose call on local IDisposable

Disposable 'EcdsaKey' is created but not disposed.
client.ConnectionInfo.HostKeyAlgorithms.Add("ecdsa-sha2-nistp384", (data) => { return new KeyHostAlgorithm("ecdsa-sha2-nistp384", new EcdsaKey(), data); });
break;
case HostKeyAlgorithms.Nistp521:
client.ConnectionInfo.HostKeyAlgorithms.Add("ecdsa-sha2-nistp521", (data) => { return new KeyHostAlgorithm("ecdsa-sha2-nistp521", new EcdsaKey(), data); });

Check warning

Code scanning / CodeQL

Missing Dispose call on local IDisposable

Disposable 'EcdsaKey' is created but not disposed.
using (var client = new SftpClient(_dockerAddress, 2222, _dockerUsername, _dockerPassword))
{
client.ConnectionInfo.HostKeyAlgorithms.Clear();
client.ConnectionInfo.HostKeyAlgorithms.Add("ssh-rsa", (data) => { return new KeyHostAlgorithm("ssh-rsa", new RsaKey(), data); });

Check warning

Code scanning / CodeQL

Missing Dispose call on local IDisposable

Disposable 'RsaKey' is created but not disposed.
{
var connection = Helpers.GetSftpConnection();
connection.Authentication = AuthenticationType.UsernamePasswordPrivateKeyString;
connection.PrivateKeyPassphrase = "passphrase";

Check failure

Code scanning / CodeQL

Hard-coded credentials

The hard-coded value "passphrase" flows to the [passPhrase](1) parameter in [object creation of type PrivateKeyFile](2). The hard-coded value "passphrase" flows to the [passPhrase](3) parameter in [object creation of type PrivateKeyFile](4).
{
var connection = Helpers.GetSftpConnection();
connection.Authentication = AuthenticationType.UsernamePasswordPrivateKeyString;
connection.PrivateKeyPassphrase = "passphrase";

Check failure

Code scanning / CodeQL

Hard-coded credentials

The hard-coded value "passphrase" flows to the [passPhrase](1) parameter in [object creation of type PrivateKeyFile](2). The hard-coded value "passphrase" flows to the [passPhrase](3) parameter in [object creation of type PrivateKeyFile](4).
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 8, 2024

CodeQL found vulnerabilities from the code. Check the PR or the workflow summary for the details: https://github.com/FrendsPlatform/Frends.SFTP/actions/runs/8597510452?pr=202

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 8, 2024

CodeQL found vulnerabilities from the code. Check the PR or the workflow summary for the details: https://github.com/FrendsPlatform/Frends.SFTP/actions/runs/8597697966?pr=202

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 8, 2024

CodeQL found vulnerabilities from the code. Check the PR or the workflow summary for the details: https://github.com/FrendsPlatform/Frends.SFTP/actions/runs/8597756504?pr=202

@jefim jefim linked an issue Jun 9, 2024 that may be closed by this pull request
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

New Task: SFTP.DeleteDirectory

2 participants