Add the CodeQL suppression in the right place for wstrustrequest parameter. (#5269)

ashok672 · web-flow · commit eec89424b966 · 2025-05-09T15:23:37.000-07:00
Update WsTrustWebRequestManager.cs
diff --git a/src/client/Microsoft.Identity.Client/WsTrust/WsTrustWebRequestManager.cs b/src/client/Microsoft.Identity.Client/WsTrust/WsTrustWebRequestManager.cs
@@ -100,8 +100,8 @@ public async Task<WsTrustResponse> GetWsTrustResponseAsync(
                 { "SOAPAction", (wsTrustEndpoint.Version == WsTrustVersion.WsTrust2005) ? XmlNamespace.Issue2005.ToString() : XmlNamespace.Issue.ToString() }
             };
 
-            // CodeQL [SM00417] False Positive: wsTrustRequest is a body parameter for HttpRequest that follows WsTrust protocol
             var body = new StringContent(
+                // CodeQL [SM00417] False Positive: wsTrustRequest is a body parameter for HttpRequest that follows WsTrust protocol
                 wsTrustRequest,
                 Encoding.UTF8, "application/soap+xml");
 
