add codeql suppression and explanation (#670)

This commit is contained in:
Tess Gauthier 2023-03-20 13:59:39 -04:00 committed by GitHub
parent 51d658e8da
commit cdee73645a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -133,7 +133,7 @@ sshsk_open(const char *path)
goto fail; goto fail;
#endif #endif
} }
if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL) { if ((ret->dlhandle = dlopen(path, RTLD_NOW)) == NULL) { // CodeQL [SM01925]: upstream code that permits user input to specify external provider is by design, but only accessible via CLI parameter
error("Provider \"%s\" dlopen failed: %s", path, dlerror()); error("Provider \"%s\" dlopen failed: %s", path, dlerror());
goto fail; goto fail;
} }