[ { "number": 1, "created_at": "2020-06-19T11:21:34Z", "url": "https://api.github.com/repos/octocat/hello-world/code-scanning/alerts/1", "html_url": "https://github.com/octocat/hello-world/code-scanning/1", "state": "dismissed", "fixed_at": null, "dismissed_by": { "login": "octocat", "id": 54933897, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://github.com/images/error/octocat_happy.gif", "gravatar_id": "", "url": "https://api.github.com/users/octocat", "html_url": "https://github.com/octocat", "followers_url": "https://api.github.com/users/octocat/followers", "following_url": "https://api.github.com/users/octocat/following{/other_user}", "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", "organizations_url": "https://api.github.com/users/octocat/orgs", "repos_url": "https://api.github.com/users/octocat/repos", "events_url": "https://api.github.com/users/octocat/events{/privacy}", "received_events_url": "https://api.github.com/users/octocat/received_events", "type": "User", "site_admin": false }, "dismissed_at": "2020-02-14T12:29:18Z", "dismissed_reason": "false positive", "dismissed_comment": "This alert is not actually correct, because there's a sanitizer included in the library.", "rule": { "id": "js/zipslip", "severity": "error", "security_severity_level": "high", "description": "Arbitrary file write during zip extraction (\"Zip Slip\")", "name": "js/zipslip", "full_description": "Extracting files from a malicious zip archive without validating that the destination file path is within the destination directory can cause files outside the destination directory to be overwritten.", "tags": [ "security", "external/cwe/cwe-022" ], "help": "# Arbitrary file write during zip extraction (\"Zip Slip\")\\nExtracting files from a malicious zip archive without validating that the destination file path is within the destination directory can cause files outside the destination directory to be overwritten ...", "help_uri": "https://codeql.github.com/" }, "tool": { "name": "CodeQL", "guid": null, "version": "2.4.0" }, "most_recent_instance": { "ref": "refs/heads/main", "analysis_key": ".github/workflows/codeql-analysis.yml:CodeQL-Build", "category": ".github/workflows/codeql-analysis.yml:CodeQL-Build", "environment": "{}", "state": "dismissed", "commit_sha": "39406e42cb832f683daa691dd652a8dc36ee8930", "message": { "text": "This path depends on a user-provided value." }, "location": { "path": "spec-main/api-session-spec.ts", "start_line": 917, "end_line": 917, "start_column": 7, "end_column": 18 }, "classifications": [ "test" ] }, "instances_url": "https://api.github.com/repos/octocat/hello-world/code-scanning/alerts/1/instances" }, { "number": 42, "created_at": "2020-06-19T11:21:34Z", "url": "https://api.github.com/repos/octocat/hello-world/code-scanning/alerts/42", "html_url": "https://github.com/octocat/hello-world/code-scanning/42", "state": "dismissed", "fixed_at": null, "dismissed_by": { "login": "octocat", "id": 54933897, "node_id": "MDQ6VXNlcjE=", "avatar_url": "https://github.com/images/error/octocat_happy.gif", "gravatar_id": "", "url": "https://api.github.com/users/octocat", "html_url": "https://github.com/octocat", "followers_url": "https://api.github.com/users/octocat/followers", "following_url": "https://api.github.com/users/octocat/following{/other_user}", "gists_url": "https://api.github.com/users/octocat/gists{/gist_id}", "starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}", "subscriptions_url": "https://api.github.com/users/octocat/subscriptions", "organizations_url": "https://api.github.com/users/octocat/orgs", "repos_url": "https://api.github.com/users/octocat/repos", "events_url": "https://api.github.com/users/octocat/events{/privacy}", "received_events_url": "https://api.github.com/users/octocat/received_events", "type": "User", "site_admin": false }, "dismissed_at": "2020-02-14T12:29:18Z", "dismissed_reason": "false positive", "dismissed_comment": "This alert is not actually correct, because there's a sanitizer included in the library.", "rule": { "id": "js/zipslip", "severity": "error", "security_severity_level": "high", "description": "Arbitrary file write during zip extraction (\"Zip Slip\")", "name": "js/zipslip", "full_description": "Extracting files from a malicious zip archive without validating that the destination file path is within the destination directory can cause files outside the destination directory to be overwritten.", "tags": [ "security", "external/cwe/cwe-022" ], "help": "# Arbitrary file write during zip extraction (\"Zip Slip\")\\nExtracting files from a malicious zip archive without validating that the destination file path is within the destination directory can cause files outside the destination directory to be overwritten ...", "help_uri": "https://codeql.github.com/" }, "tool": { "name": "CodeQL", "guid": null, "version": "2.4.0" }, "most_recent_instance": { "ref": "refs/heads/main", "analysis_key": ".github/workflows/codeql-analysis.yml:CodeQL-Build", "category": ".github/workflows/codeql-analysis.yml:CodeQL-Build", "environment": "{}", "state": "dismissed", "commit_sha": "39406e42cb832f683daa691dd652a8dc36ee8930", "message": { "text": "This path depends on a user-provided value." }, "location": { "path": "spec-main/api-session-spec.ts", "start_line": 917, "end_line": 917, "start_column": 7, "end_column": 18 }, "classifications": [ "test" ] }, "instances_url": "https://api.github.com/repos/octocat/hello-world/code-scanning/alerts/42/instances" } ]