Esben Sparre Andreasen
Esben Sparre Andreasen
### Description The hardcoded set of supported languages in `languages.ts` makes it hard to experiment with new languages as custom branch with a modified `languages.ts` is required for every new...
To avoid the confusion in #138 where an incompatible node version was used, the cli should check the node version at startup. The driver implementations could benefit from similar checks,...
@agigleux raised the concern: > dependencies are not longer reachable and so it's no longer possible to compile this Java project that was having a vuln in 2015. (https://github.com/ossf-cve-benchmark/ossf-cve-benchmark/issues/67#issuecomment-806461263) I...
For an analysis tool that needs to build a project before it can be analyzed, it may be a problem if the project does not specify the build environment. This...
For an analysis tool that needs to build a project before it can be analyzed, it may be a problem if the project has non-standard build commands that can not...
As suggested in https://github.com/ossf-cve-benchmark/ossf-cve-benchmark/issues/67#issuecomment-770846153. (Remember to check licensing for the data set)
As seen in #12, it is not clear from `stdout` why a tool crashed during a run. While this is intended behaviour that greatly limits the output when doing hundreds...
Both ESLint and CodeQL have predictable URLs for the descriptions of their rules. Examples: - ESLint: `security-node/non-literal-reg-expr` is hosted at https://github.com/gkouziik/eslint-plugin-security-node/blob/master/docs/rules/non-literal-reg-expr.md - ESLint: `security/regular-expression-dos-and-node` is hosted at https://github.com/gkouziik/eslint-plugin-security/blob/master/docs/regular-expression-dos-and-node.md - CodeQL:...
The simple data format for benchmark CVEs supports arbitrary revision control systems and hosts, but the only data in there is currently for git repositories that are hosted on github.com....
Source: ``` javascript var x = new Boolean(true) var y = eval(new Boolean(true)) console.log(x); console.log(y); ``` Uninstrumented/instrumented difference: ``` $ node test.js [Boolean: true] [Boolean: true] $ node src/js/commands/jalangi.js test.js...