CodeQL Scan #279
ChrisMcKeeAnnotations
11 warnings
|
Analyze (csharp)
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683, actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9, github/codeql-action/analyze@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd, github/codeql-action/init@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd, step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
|
|
Analyze (csharp):
src/BCrypt.Net/BCryptExtendedV2.cs#L65
Prefer static 'System.Security.Cryptography.SHA384.HashData' method over 'ComputeHash' (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1850)
|
|
Analyze (csharp):
src/BCrypt.Net/BCryptBase.cs#L315
The behavior of 'int.ToString(string)' could vary based on the current user's locale settings. Replace this call in 'BCryptCore.HashBytes(byte[], string, char, int)' with a call to 'int.ToString(string, IFormatProvider)'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1305)
|
|
Analyze (csharp):
src/BCrypt.Net/BCryptBase.cs#L227
Use 'ArgumentNullException.ThrowIfNull' instead of explicitly throwing a new exception instance (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1510)
|
|
Analyze (csharp):
src/BCrypt.Net/BCryptBase.cs#L273
The behavior of 'Convert.ToInt16(string)' could vary based on the current user's locale settings. Replace this call in 'BCryptCore.CreatePasswordHash(string, string,
|
|
Analyze (csharp):
src/BCrypt.Net/HashParser.cs#L70
Use 'ArgumentNullException.ThrowIfNull' instead of explicitly throwing a new exception instance (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1510)
|
|
Analyze (csharp):
src/BCrypt.Net/HashParser.cs#L82
The behavior of 'string.StartsWith(string)' could vary based on the current user's locale settings. Replace this call in 'BCryptNet.HashParser.IsValidHash(string, out BCryptNet.HashParser.HashFormatDescriptor)' with a call to 'string.StartsWith(string, System.StringComparison)'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1310)
|
|
Analyze (csharp):
src/BCrypt.Net/BCrypt.cs#L89
Use 'ArgumentNullException.ThrowIfNull' instead of explicitly throwing a new exception instance (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1510)
|
|
Analyze (csharp):
src/BCrypt.Net/BCrypt.cs#L128
The behavior of 'Convert.ToInt16(string)' could vary based on the current user's locale settings. Replace this call in 'BCrypt.ValidateAndUpgradeHash(string, string, string,
|
|
Analyze (csharp):
src/BCrypt.Net/BCryptExtendedV3.cs#L36
XML comment has cref attribute 'HashPassword(string, string, workFactor, HashType)' that could not be resolved
|
|
Analyze (csharp):
src/BCrypt.Net/BCryptExtendedV3.cs#L36
Invalid type for parameter workFactor in XML comment cref attribute: 'HashPassword(string, string, workFactor, HashType)'
|