.github/codeql/codeql-config.yml
name: "CodeQL Security Analysis"
paths-ignore:
- core/tests/data
# TODO(#16763): The use of SHA-1 in this file causes CodeQL to throw the error
# "Use of a broken or weak cryptographic hashing algorithm on sensitive data."
# The results of the function using SHA-1 are stored in some places, but the
# function is not used for enciphering and preimage attacks are not a big risk
# for SHA-1. We can migrate to a stronger cryptographic algorithm, replacing
# all SHA-1, but that would require changes to the existing data we have.
- core/utils.py
- scripts/release_scripts/update_configs.py
# TODO(#17117): These files cause an "Incomplete multi-character sanitization"
# error to be thrown by CodeQL (cases enumerated in the issue). If we define a
# central method for this stripping, we can remove these files.
- core/templates/pages/exploration-player-page/services/audio-translation-manager.service.ts
- core/templates/pages/exploration-editor-page/changes-in-human-readable-form/changes-in-human-readable-form.component.spec.ts
- core/templates/components/ck-editor-helpers/ck-editor-copy-content.service.ts
- core/templates/filters/format-rte-preview.pipe.ts
- core/templates/domain/objects/NumberWithUnitsObjectFactory.ts
- extensions/rich_text_components/rte-output-display.component.spec.ts
- core/tests/webdriverio_utils/forms.js