Description of the false positive
C# When fixing CWE-117 with the expected fixes, if the String.Replace is done with the overload that contains the StringComparison clarifier, the fix is not recognized.
Code samples or links to source code
public async Task RequestAsync(string key)
...
_logger.log(key.Replace(Environment.NewLine, "", StringComparison.InvariantCultureIgnoreCase));
URL to the alert on GitHub code scanning (optional)
https://github.com/github/codeql/blob/d540fc0794dcb2a6c10648b8925403788612e976/csharp/ql/src/Security%20Features/CWE-117/LogForging.ql
Description of the false positive
C# When fixing CWE-117 with the expected fixes, if the String.Replace is done with the overload that contains the StringComparison clarifier, the fix is not recognized.
Code samples or links to source code
URL to the alert on GitHub code scanning (optional)
https://github.com/github/codeql/blob/d540fc0794dcb2a6c10648b8925403788612e976/csharp/ql/src/Security%20Features/CWE-117/LogForging.ql