From c58900e8e250ae371b039ecb8e9dbac1fda4ba5a Mon Sep 17 00:00:00 2001
From: Shyju Krishnankutty <connectshyju@gmail.com>
Date: Tue, 26 Nov 2024 13:52:42 -0800
Subject: [PATCH] Added CodeQL suppression justification comments for oop layer
 response handling code path.

---
 src/WebJobs.Script/Binding/Http/RawScriptResult.cs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/WebJobs.Script/Binding/Http/RawScriptResult.cs b/src/WebJobs.Script/Binding/Http/RawScriptResult.cs
index 4c618cbeca..713521df8a 100644
--- a/src/WebJobs.Script/Binding/Http/RawScriptResult.cs
+++ b/src/WebJobs.Script/Binding/Http/RawScriptResult.cs
@@ -79,10 +79,12 @@ public async Task ExecuteResultAsync(ActionContext context)
                 {
                     if (cookie.Item3 != null)
                     {
+                        // CodeQL [SM02373] This code path constructs the cookie collection based on what the out-of-process function app (where customers can set these cookies) sends to the host. Marking these cookies as "Secure" would introduce a breaking change for those customers.
                         response.Cookies.Append(cookie.Item1, cookie.Item2, cookie.Item3);
                     }
                     else
                     {
+                        // CodeQL [SM02373] This code path constructs the cookie collection based on what the out-of-process function app (where customers can set these cookies) sends to the host. Marking these cookies as "Secure" would introduce a breaking change for those customers.
                         response.Cookies.Append(cookie.Item1, cookie.Item2);
                     }
                 }