Skip to content

Commit 997fcfb

Browse files
felickzfelickz
authored
MVC build views workaround: felickz/codeql-tracer-netframework
1 parent a164f10 commit 997fcfb

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

troubleshooting/codeql-builds/compiled-languages-csharp.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -173,7 +173,10 @@ For `Error ASPCONFIG: It is an error to use a section registered as allowDefinit
173173

174174
For `Error ASPCONFIG: Could not load type 'X.Y.Z'`, ensure that you do not have excluded `.cshtml`, `.ashx`, `.ashx.cs`, `.aspx` or `.aspx.cs` files on disk in existing `Views` folders or the Root folder of your project! You can show hidden files in your solution view to hunt these down and remove from these folders. MvcBuildViews does not observe the file include from the csproj when compiling the application. You may have to hunt these down one by one, so adding `<MvcBuildViews>true</MvcBuildViews>` to your local .csproj may help you get this done on your local machine with Visual Studio. The `Error List` view in Visual Studio will have a column that shows you the actual File name you need to delete.
175175

176-
To avoid building and scanning any view code in your project (potential false negatives in the scan as view engine code may not be evaluated for vulnerabilities) and to workaround the requirement that MvcBuildViews is automatically injected. Consider this [community contributed suggestion](https://github.com/github/codeql/issues/11890#issuecomment-1496970164):
176+
To avoid building and scanning any view code in your project (potential false negatives in the scan as view engine code may not be evaluated for vulnerabilities) and to workaround the requirement that MvcBuildViews is automatically injected.
177+
178+
- If using GitHub Actions, plug in this step before `CodeQL-Init`: https://github.com/felickz/codeql-tracer-netframework?tab=readme-ov-file#codeql-tracer-netframework
179+
- Consider this [community contributed suggestion](https://github.com/github/codeql/issues/11890#issuecomment-1496970164) to modify the csproj to exclude building views:
177180

178181
```powershell
179182
# tweaking the csproj file with powershell during the build so that the hard-coded target condition "gets fooled", basically. Something like this:

0 commit comments

Comments
 (0)