Resolve CodeQL alert 52

[roslynwythe]

Prerequisite

1. Be a member of Hack for LA. (There are no fees to join.) If you have not joined yet, please follow the steps on our Getting Started page.
2. Before you claim or start working on an issue, please make sure you have read our How to Contribute to Hack for LA Guide.

Overview

As developers. we need to analyze CodeQL query alert 52 and to either recommend dismissal of the alert or update the code to resolve the alert.

Action Items

• DO NOT DISMISS ANY ALERTS. Dismissal of alerts should be done by dev leads only after review of the recommendation
• Browse to the link in the next Action Item and read the contents. Click "See More" to view Recommendations, Examples and References.
• https://github.com/hackforla/website/security/code-scanning/52
• Note these resources:
  • See the wiki page "How to manage CodeQL alerts" (see under Resources)
  • To look at the resolution of similar alerts, visit the code scanning page and query closed alerts for similar alert type. To see the resolution of a closed alert, view the alert details and open the tracking issue (outlined in red in the screenshot under Resources)
• In a comment in this issue, provide your recommendation. The recommendation can be one of the following: dismiss as test, dismiss as false positive, dismiss as won't fix, or update code. An example of a 'false positive' is a report of a JavaScript syntax error that is caused by markdown or liquid symbols such as --- or {%.
• If the recommendation is to update code:
  • create an issue branch and proceed with the code update
  • Use docker to test locally
    • If assets/js/utility/api-events.js is imported from assets/js/project-meetings.js, test by verifying that meeting data on /project-meetings is consistent with the live website.
    • If assets/js/utility/api-events.js is imported from assets/js/right-col-content.js, test by verifying that meeting data on `/events is consistent with the live website.
    • If assets/js/utility/api-events.js is imported from assets/js/right-col-content-check.js, test by verifying that meeting data on `/events-check is consistent with the live website.
    • For questions about testing, ask a merge team member or the dev lead
  • proceed with pull request in the usual manner
• If the recommendation is to dismiss, describe your reason for dismissal in the comment, then move the issue to Questions/In Review and apply the label ready for dev lead.

For merge team/dev lead

• If recommendation to dismiss is approved, dismiss the alert with a comment, then close the issue as completed.
• When this issue is closed please check off the dependency (under "Issues") in Create issues to resolve all open CodeQL alerts #5159. If all issues are closed, close Create issues to resolve all open CodeQL alerts #5159 as completed.

Resources/Instructions

• GitHub CodeQL documentation
• code scanning page
• Wiki page "How to resolve CodeQL alerts" (if this page has not been published yet, see the draft at Create wiki page to guide developers how to manage CodeQL alerts #6463 (comment))
• This issue is part of Create issues to resolve all open CodeQL alerts #5159

[github-actions]

Hi @aadilahmed, thank you for taking up this issue! Hfla appreciates you :)

Do let fellow developers know about your:-
i. Availability: (When are you available to work on the issue/answer questions other programmers might have about your issue?)
ii. ETA: (When do you expect this issue to be completed?)

You're awesome!

P.S. - You may not take up another issue until this issue gets merged (or closed). Thanks again :)

[aadilahmed]

i. Availability: M-F 9-5pm
ii. ETA: EOD 4/19

[aadilahmed]

Recommendation: update code