From 5717a102b7c979f4218c578e83eed78cc176c4e3 Mon Sep 17 00:00:00 2001
From: Jhonatan Sandoval Velasco
 <122501764+JhontSouth@users.noreply.github.com>
Date: Tue, 20 Aug 2024 08:55:00 -0500
Subject: [PATCH] add code ql comment about TypeNameHandling.None (#6843)

---
 .../Microsoft.Bot.Builder.Azure.Queues/AzureQueueStorage.cs   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libraries/Microsoft.Bot.Builder.Azure.Queues/AzureQueueStorage.cs b/libraries/Microsoft.Bot.Builder.Azure.Queues/AzureQueueStorage.cs
index ccac347b9d..52eead16de 100644
--- a/libraries/Microsoft.Bot.Builder.Azure.Queues/AzureQueueStorage.cs
+++ b/libraries/Microsoft.Bot.Builder.Azure.Queues/AzureQueueStorage.cs
@@ -45,7 +45,7 @@ public AzureQueueStorage(string queuesStorageConnectionString, string queueName,
 
             _jsonSettings = jsonSerializerSettings ?? new JsonSerializerSettings
             {
-                TypeNameHandling = TypeNameHandling.None,
+                TypeNameHandling = TypeNameHandling.None, // CODEQL [cs/unsafe-type-name-handling] We use None to prevent any type information from being serialized, ensuring that no arbitrary types are deserialized, which mitigates security risks.
                 NullValueHandling = NullValueHandling.Ignore,
                 MaxDepth = null
             };
@@ -67,7 +67,7 @@ internal AzureQueueStorage(QueueClient queueClient, JsonSerializerSettings jsonS
             _queueClient = queueClient;
             _jsonSettings = jsonSerializerSettings ?? new JsonSerializerSettings
             {
-                TypeNameHandling = TypeNameHandling.None,
+                TypeNameHandling = TypeNameHandling.None, // CODEQL [cs/unsafe-type-name-handling] We use None to prevent any type information from being serialized, ensuring that no arbitrary types are deserialized, which mitigates security risks.
                 NullValueHandling = NullValueHandling.Ignore
             };
         }