Integrate CodeQL to the CI pipeline

Open iNDicat0r opened this issue 2 years ago • 2 comments

I believe codeQL is a great tool for this project as it can discover vulnerabilities and bugs that might not be so obvious to detect.

Is the team positive with integrating such tools?

Sep 18 '23 13:09 iNDicat0r

PRs are welcome :)

Sep 20 '23 11:09 istae

@istae Hi

I forked the project and run CodeQL which shows the following possible errors: Screenshot from 2023-09-22 13-14-53

I took a look at those errors and one of them could introduce a bug since a json struct is marshalled and the code creates a buffer based on the size of the marshalled data

Sep 22 '23 10:09 iNDicat0r