diff --git a/test/functionalTests/testApp/main.js b/test/functionalTests/testApp/main.js
index 7dfbfefe3..2c60c608a 100644
--- a/test/functionalTests/testApp/main.js
+++ b/test/functionalTests/testApp/main.js
@@ -93,7 +93,7 @@ if (testconfig.AppInsightsEnabled) {
             });
         }
 
-        for (var i = 0; i < stepConfig.length; i++) {
+        for (var i = 0; i < stepConfig.length; i++) { // CodeQL [SM02387] This is a test app, so we don't need to worry about type confusion attacks here.
             generateStepRoute(stepConfig[i]);
         }
 
diff --git a/test/functionalTests/testApp/tasks/httpGet.js b/test/functionalTests/testApp/tasks/httpGet.js
index 8be1beb1e..582da27f6 100644
--- a/test/functionalTests/testApp/tasks/httpGet.js
+++ b/test/functionalTests/testApp/tasks/httpGet.js
@@ -2,7 +2,7 @@ var https = require("https");
 var Config = require("../config");
 
 process.removeAllListeners('warning');
-process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; // CodeQL [SM03616] This is a test, so we disable TLS verification
 
 /** Make a HTTP request */
 module.exports = (callback) => {