Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[C#/.NET] Copilot recommends insecure code #6468

Open
ManickaP opened this issue Mar 13, 2025 · 0 comments
Open

[C#/.NET] Copilot recommends insecure code #6468

ManickaP opened this issue Mar 13, 2025 · 0 comments
Assignees
@minsa110
Labels
bug Issue identified by VS Code Team member as probable bug completions

Comments

@ManickaP
Copy link
Member

The following code snippet:

var client = new HttpClient(new SocketsHttpHandler() {
    SslOptions = new SslClientAuthenticationOptions() {
        RemoteCertificateValidationCallback = 
    }
});

get the following suggestion for RemoteCertificateValidationCallback implementation:
Image

This is very insecure code as it allows any and all server certificates to be considered as valid, completely bypassing any certificate validation.

  • GitHub Copilot Extension Version:
    1.270.0
  • VS Code Version:
    Version: 1.96.4
    Commit: cd4ee3b1c348a13bafd8f9ad8060705f6d4b9cba
    Date: 2025-01-16T00:16:19.038Z
    Electron: 32.2.6
    ElectronBuildId: 10629634
    Chromium: 128.0.6613.186
    Node.js: 20.18.1
    V8: 12.8.374.38-electron.0
    OS: Linux x64 6.13.1-arch1-1
@ManickaP ManickaP added bug Issue identified by VS Code Team member as probable bug completions triage-needed Issues needing to be assigned to the prospective feature owner labels Mar 13, 2025
@vs-code-engineering vs-code-engineering bot removed the triage-needed Issues needing to be assigned to the prospective feature owner label Mar 13, 2025
@ManickaP ManickaP changed the title [C#/.NET] Copilot recommend inherently insecure code [C#/.NET] Copilot recommends inherently insecure code Mar 13, 2025
@ManickaP ManickaP changed the title [C#/.NET] Copilot recommends inherently insecure code [C#/.NET] Copilot recommends insecure code Mar 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@minsa110 minsa110

Labels
bug Issue identified by VS Code Team member as probable bug completions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@minsa110 @ManickaP