Tech story/113650 codeql

[kwinto]

This PR adds codeql scanning script + improves a replacements in our source code.

This PR should include updated chat-components from this PR: Cognigy/chat-components#204

Our scan shows similar results to what a customer has reported. Yet, after closer investigation, we conclude most alerts as false positive.

Beside one minor special case treatment (fixed in chat-components, see related PR), all the other findings are located out of the sanitization pipeline, and represent an adequate approach in their code areas.

We have included a couple of a "safer" replacements which should lower the alert noise. Other findings should be put to "ignore" by the customer.

[Copilot]

Pull request overview

This PR enhances the codebase security and scanning capabilities by adding CodeQL integration and fixing a string escaping issue. The changes include:

• Added CodeQL scanning scripts for both source and compiled code
• Fixed incomplete string escaping in ChatIcon component to properly handle backslashes
• Introduced comprehensive CodeQL configuration with appropriate exclusions

Reviewed changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.

File	Description
src/webchat-ui/components/presentational/ChatIcon.tsx	Enhanced string escaping logic to handle backslashes before quotes
package.json	Added npm scripts for CodeQL scanning of source and dist directories
codeql-config.yml	New CodeQL configuration file defining scan scope and exclusions
.github/copilot-instructions.md	New AI assistant documentation describing project architecture and workflows

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.