Fix CodeQL issues: LINQ patterns, resource disposal, and false positives

[Copilot]

Pull Request

Description

Resolves 22 CodeQL warnings across three categories: inefficient LINQ usage, improper resource disposal, and false positive exception handling alerts.

LINQ Refactoring

Replaced immediate variable mapping in foreach loops with .Select():

// Before
foreach (var condition in conditionsElement.EnumerateArray())
{
    var parsedCondition = ParseQualityGateCondition(condition);
    conditions.Add(parsedCondition);
}

// After
return conditionsElement.EnumerateArray()
    .Select(ParseQualityGateCondition)
    .ToList();

Resource Disposal

Fixed StringWriter leaks in test files using using var declarations.

CodeQL Configuration

Suppressed false positives with documentation:

• Generic exceptions: Top-level handlers that wrap IO errors with context or log without crashing
• HttpResponseMessage disposal: Standard HttpMessageHandler pattern where HttpClient owns response lifetime

Type of Change

• Code quality improvement

Related Issues

Related to repository code quality maintenance.

Pre-Submission Checklist

Build and Test

• Code builds successfully: dotnet build --configuration Release
• All tests pass: dotnet test --configuration Release
• Code produces zero warnings

Code Quality

• Code formatting is correct: dotnet format --verify-no-changes
• New code has appropriate XML documentation comments
• Static analyzer warnings have been addressed

Quality Checks

• Spell checker passes: cspell "**/*.{md,cs}"
• Markdown linter passes: markdownlint "**/*.md"
• YAML linter passes: yamllint '**/*.{yml,yaml}'

Testing

• Updated existing tests if behavior changed
• All tests follow the AAA (Arrange, Act, Assert) pattern
• Test coverage is maintained or improved

Documentation

• Updated requirements.yaml (if applicable)

Additional Notes

CodeQL analysis confirms zero alerts after changes. All 76 tests pass.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Feature]: Resolve SonarMark CodeQL issues</issue_title>
<issue_description>### Problem Statement

SonarMark has numerous CodeQL issues reported.

Proposed Solution

CodeQL is reporting the following issues:

src/DemaConsulting.SonarMark/SonarQubeClient.cs(214): warning [cs/linq/missed-select] This foreach loop immediately [maps its iteration variable to another variable](1) - consider mapping the sequence explicitly using '.Select(...)'.  
src/DemaConsulting.SonarMark/SonarQubeClient.cs(294): warning [cs/linq/missed-select] This foreach loop immediately [maps its iteration variable to another variable](1) - consider mapping the sequence explicitly using '.Select(...)'.  
src/DemaConsulting.SonarMark/SonarQubeClient.cs(375): warning [cs/linq/missed-select] This foreach loop immediately [maps its iteration variable to another variable](1) - consider mapping the sequence explicitly using '.Select(...)'.  
src/DemaConsulting.SonarMark/Validation.cs(453): warning [cs/local-not-disposed] Disposable 'HttpResponseMessage' is created but not disposed.  
src/DemaConsulting.SonarMark/Validation.cs(485): warning [cs/local-not-disposed] Disposable 'HttpResponseMessage' is created but not disposed.  
src/DemaConsulting.SonarMark/Validation.cs(518): warning [cs/local-not-disposed] Disposable 'HttpResponseMessage' is created but not disposed.  
src/DemaConsulting.SonarMark/Validation.cs(541): warning [cs/local-not-disposed] Disposable 'HttpResponseMessage' is created but not disposed.  
src/DemaConsulting.SonarMark/Validation.cs(564): warning [cs/local-not-disposed] Disposable 'HttpResponseMessage' is created but not disposed.  
src/DemaConsulting.SonarMark/Validation.cs(571): warning [cs/local-not-disposed] Disposable 'HttpResponseMessage' is created but not disposed.  
test/DemaConsulting.SonarMark.Tests/ContextTests.cs(397): warning [cs/local-not-disposed] Disposable 'StringWriter' is created but not disposed.  
test/DemaConsulting.SonarMark.Tests/ContextTests.cs(420): warning [cs/local-not-disposed] Disposable 'StringWriter' is created but not disposed.  
test/DemaConsulting.SonarMark.Tests/ContextTests.cs(443): warning [cs/local-not-disposed] Disposable 'StringWriter' is created but not disposed.  
test/DemaConsulting.SonarMark.Tests/ContextTests.cs(467): warning [cs/local-not-disposed] Disposable 'StringWriter' is created but not disposed.  
test/DemaConsulting.SonarMark.Tests/ProgramTests.cs(26): warning [cs/local-not-disposed] Disposable 'StringWriter' is created but not disposed.  
test/DemaConsulting.SonarMark.Tests/ProgramTests.cs(49): warning [cs/local-not-disposed] Disposable 'StringWriter' is created but not disposed.  
test/DemaConsulting.SonarMark.Tests/ProgramTests.cs(89): warning [cs/local-not-disposed] Disposable 'StringWriter' is created but not disposed.  
test/DemaConsulting.SonarMark.Tests/ProgramTests.cs(115): warning [cs/local-not-disposed] Disposable 'StringWriter' is created but not disposed.  
test/DemaConsulting.SonarMark.Tests/ProgramTests.cs(140): warning [cs/local-not-disposed] Disposable 'StringWriter' is created but not disposed.  
src/DemaConsulting.SonarMark/Context.cs(174): warning [cs/catch-of-all-exceptions] Generic catch clause.  
src/DemaConsulting.SonarMark/Program.cs(214): warning [cs/catch-of-all-exceptions] Generic catch clause.  
src/DemaConsulting.SonarMark/Validation.cs(320): warning [cs/catch-of-all-exceptions] Generic catch clause.  
src/DemaConsulting.SonarMark/Validation.cs(373): warning [cs/catch-of-all-exceptions] Generic catch clause.  

The 'catch-of-all-exceptions' is probably justifiable, and if so the code should be commented and the exception added to the codeql-config.yml file.

Alternatives Considered

No response

Usage Examples

Benefits

Improved Code Quality

Priority

Medium - Would improve my workflow

Willingness to Contribute

Yes, I can submit a pull request

Additional Context

No response

Checklist

• I have searched existing issues to ensure this is not a duplicate
• I have provided a clear description of the feature
• I have explained why this feature would be useful</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [Feature]: Resolve SonarMark CodeQL issues #68

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.