Josh Soref
Josh Soref
### Welcome! - [X] Yes, I've searched similar issues on [GitHub](https://github.com/traefik/traefik/issues) and didn't find any. - [X] Yes, I've searched similar issues on the [Traefik community forum](https://community.traefik.io) and didn't find...
**Describe the bug** `"select"`, `"user"` appear to be flagged by a _comment scan rule_. **To Reproduce** Steps to reproduce the behavior: 1. Perform an attack on a test site that...
https://github.com/nektos/act/blob/f75a2d8b38cc3b929ab652c0994d6d33f6584ed9/cmd/root.go#L100 ```sh /opt/homebrew/bin/act --help|grep action-offline-mode --action-offline-mode If action contents exists, it will not be fetch and pull again. If turn on this,will turn off force pull ``` There's _something_ wrong...
### Bug report info ```plain text act version: 0.2.67 GOOS: linux GOARCH: amd64 NumCPU: 4 Docker host: DOCKER_HOST environment variable is not set Sockets found: /var/run/docker.sock $XDG_RUNTIME_DIR/podman/podman.sock Config files: Build...
This PR corrects misspellings identified by the [check-spelling action](https://github.com/marketplace/actions/check-spelling). The misspellings have been reported at https://github.com/jsoref/sprig/actions/runs/11329069427#summary-31503735333 The action reports that the changes in this PR would make it happy: https://github.com/jsoref/sprig/actions/runs/11329069577#summary-31503736429
https://github.com/github/codeql/blob/590e93d8edec4d7216935ed4425a7ab77b3b2f34/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql#L13 We've seen people trying to "fix" reports based on this tooling. I spent some time tracing the flow of one such incident: https://github.com/argoproj/argo-cd/pull/18436#issuecomment-2359634170 For my reference, I used https://github.com/check-spelling-sandbox/argo-cd/security/code-scanning/3...
https://github.com/github/codeql/blob/590e93d8edec4d7216935ed4425a7ab77b3b2f34/go/ql/src/Security/CWE-022/ZipSlip.ql#L22-L23 Here's my fork's report: https://github.com/check-spelling-sandbox/argo-cd/security/code-scanning/4 --- Arbitrary file access during archive extraction ("Zip Slip") Code snippet [util/io/files/tar.go:75](https://github.com/check-spelling-sandbox/argo-cd/blob/4014cc8b040f55dc698295d658cf0eb780ea7203/util/io/files/tar.go#L75-L75) ```go tr := tar.NewReader(lr) for { header, err := tr.Next() ``` >...
https://github.com/github/codeql/blob/590e93d8edec4d7216935ed4425a7ab77b3b2f34/go/ql/src/Security/CWE-312/CleartextLogging.qhelp#L8-L9 https://github.com/check-spelling-sandbox/argo-cd/security/code-scanning/7 [cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go:49](https://github.com/check-spelling-sandbox/argo-cd/blob/4014cc8b040f55dc698295d658cf0eb780ea7203/cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go#L49-L49) ```go case strings.HasPrefix(os.Args[1], "Username"): fmt.Println(creds.Username) case strings.HasPrefix(os.Args[1], "Password"): fmt.Println(creds.Password) flows to a logging call. CodeQL default: errors.CheckError(fmt.Errorf("unknown credential type '%s'", os.Args[1])) } ``` It's true, this code...
Thanks for contribution! Please go through following checklist before sending PR. ### PR Branch Destination - For Azurite V3, please send PR to `main` branch. ### Always Add Test Cases...
https://tekton-releases.appspot.com/build/tekton-prow/pr-logs/pull/tektoncd_chains/1148/pull-tekton-chains-integration-tests/1807738097719316480/ > {"level":"warn","ts":"2024-07-01T11:51:34.769Z","logger":"watcher","caller":"logging/warning_handler.go:32","msg":"API Warning: metadata.finalizers: \"chains.tekton.dev\": prefer a domain-qualified finalizer name to avoid accidental conflicts with other finalizer writers","commit":"2f98765-dirty"} https://github.com/tektoncd/chains/blob/cd9106b8d3af008f62ecb5b1a050fa19b079d1c8/pkg/reconciler/taskrun/controller.go#L89 The theoretical fix for this is: ```diff - FinalizerName: "chains.tekton.dev",...