From e49dd1b2a195d7836f19e24c186b8320fbae3165 Mon Sep 17 00:00:00 2001
From: JhontSouth <jhonatan.sandoval@southworks.com>
Date: Thu, 1 Aug 2024 14:46:36 -0500
Subject: [PATCH] add code ql comment about TypeNameHandling.None

---
 .../Microsoft.Bot.Builder.Azure.Queues/AzureQueueStorage.cs   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libraries/Microsoft.Bot.Builder.Azure.Queues/AzureQueueStorage.cs b/libraries/Microsoft.Bot.Builder.Azure.Queues/AzureQueueStorage.cs
index ccac347b9d..52eead16de 100644
--- a/libraries/Microsoft.Bot.Builder.Azure.Queues/AzureQueueStorage.cs
+++ b/libraries/Microsoft.Bot.Builder.Azure.Queues/AzureQueueStorage.cs
@@ -45,7 +45,7 @@ public AzureQueueStorage(string queuesStorageConnectionString, string queueName,
 
             _jsonSettings = jsonSerializerSettings ?? new JsonSerializerSettings
             {
-                TypeNameHandling = TypeNameHandling.None,
+                TypeNameHandling = TypeNameHandling.None, // CODEQL [cs/unsafe-type-name-handling] We use None to prevent any type information from being serialized, ensuring that no arbitrary types are deserialized, which mitigates security risks.
                 NullValueHandling = NullValueHandling.Ignore,
                 MaxDepth = null
             };
@@ -67,7 +67,7 @@ internal AzureQueueStorage(QueueClient queueClient, JsonSerializerSettings jsonS
             _queueClient = queueClient;
             _jsonSettings = jsonSerializerSettings ?? new JsonSerializerSettings
             {
-                TypeNameHandling = TypeNameHandling.None,
+                TypeNameHandling = TypeNameHandling.None, // CODEQL [cs/unsafe-type-name-handling] We use None to prevent any type information from being serialized, ensuring that no arbitrary types are deserialized, which mitigates security risks.
                 NullValueHandling = NullValueHandling.Ignore
             };
         }