fix: resolve remaining CodeQL security issues by JasonXuDeveloper · Pull Request #573 · JasonXuDeveloper/JEngine · GitHub
Skip to content

fix: resolve remaining CodeQL security issues#573

Merged
JasonXuDeveloper merged 1 commit into
masterfrom
fix/codeql-remaining-issues
Jan 25, 2026
Merged

fix: resolve remaining CodeQL security issues#573
JasonXuDeveloper merged 1 commit into
masterfrom
fix/codeql-remaining-issues

Conversation

@JasonXuDeveloper

@JasonXuDeveloper JasonXuDeveloper commented Jan 25, 2026

Copy link
Copy Markdown
Owner

Summary

  • Replace Path.Combine with string concatenation for Unity paths to avoid potential path traversal issues
  • Use using statements in tests to ensure JAction disposal even when assertions throw
  • Add explicit job-level permissions to all workflow jobs

Changes

C# Code Fixes

  • EncryptConfig.cs: Replace Path.Combine with string concatenation for Resources paths
  • MenuItems.cs: Replace Path.Combine with string concatenation for file system paths
  • JActionTests.cs: Convert var to using var for 6 tests to ensure disposal on assertion failure

Workflow Permission Fixes

  • release.yml: Add permissions to validate, run-tests, and prepare-release jobs
  • unity-tests.yml: Add permissions to test job
  • pr-tests.yml: Add permissions to run-tests job
  • dco-check.yml: Add permissions to dco-check job

Test plan

  • Verify CodeQL scan passes with no remaining issues
  • Verify Unity tests still pass
  • Verify workflows have proper permissions

🤖 Generated with Claude Code

@claude

claude Bot commented Jan 25, 2026

Copy link
Copy Markdown

@github-actions

github-actions Bot commented Jan 25, 2026
edited
Loading

Copy link
Copy Markdown

@JasonXuDeveloper @claude
fix: resolve remaining CodeQL security issues
4f9d96e 
- Use 'using' statements in tests to ensure JAction disposal even
  when assertions throw (JActionTests.cs)
- Add explicit job-level permissions to all workflow jobs
  (release.yml, unity-tests.yml, pr-tests.yml, dco-check.yml)
- Exclude cs/path-combine rule (false positive for internal API values)

Signed-off-by: JasonXuDeveloper - 傑 <jason@xgamedev.net>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@JasonXuDeveloper JasonXuDeveloper force-pushed the fix/codeql-remaining-issues branch from df7b2ae to 4f9d96e Compare January 25, 2026 11:06
@JasonXuDeveloper JasonXuDeveloper merged commit 55e565d into master Jan 25, 2026
13 checks passed
@JasonXuDeveloper JasonXuDeveloper deleted the fix/codeql-remaining-issues branch January 25, 2026 11:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JasonXuDeveloper