Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Github’s Dependabot and Code Scanning tools flagged security issues with xcpretty #392

Open
secretagencyit opened this issue Apr 19, 2024 · 1 comment
Open

Github’s Dependabot and Code Scanning tools flagged security issues with xcpretty #392

secretagencyit opened this issue Apr 19, 2024 · 1 comment

Comments

@secretagencyit
Copy link

I forked this repo on GitHub and setup the Dependabot and Code Scanning tools to their default and got the following warnings:

Dependabot issues:

Dependency Confusion in Bundler High Development
#1 opened 12 minutes ago • Detected in bundler (RubyGems) • xcpretty.gemspec

Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile. Moderate Development
#2 opened 12 minutes ago • Detected in bundler (RubyGems) • xcpretty.gemspec

RuboCop gem Insecure use of /tmp Low Development
#3 opened 12 minutes ago • Detected in rubocop (RubyGems) • xcpretty.gemspec

Code Scanning Issues:

Inefficient regular expression
High
#10 opened 12 minutes ago • Detected by CodeQL in lib/xcpretty/parser.rb:58
master

Inefficient regular expression
High
#9 opened 12 minutes ago • Detected by CodeQL in lib/xcpretty/parser.rb:58
master

Polynomial regular expression used on uncontrolled data
High
#8 opened 12 minutes ago • Detected by CodeQL in lib/xcpretty/parser.rb:481
master

Polynomial regular expression used on uncontrolled data
High
#7 opened 12 minutes ago • Detected by CodeQL in lib/xcpretty/parser.rb:462
master

Polynomial regular expression used on uncontrolled data
High
#6 opened 12 minutes ago • Detected by CodeQL in lib/xcpretty/parser.rb:459
master

Polynomial regular expression used on uncontrolled data
High
#5 opened 12 minutes ago • Detected by CodeQL in lib/xcpretty/parser.rb:433
master

Polynomial regular expression used on uncontrolled data
High
#4 opened 12 minutes ago • Detected by CodeQL in lib/xcpretty/parser.rb:316
master

Polynomial regular expression used on uncontrolled data
High
#3 opened 12 minutes ago • Detected by CodeQL in lib/.../reporters/json_compilation_databas...:37
master

Polynomial regular expression used on uncontrolled data
High
#2 opened 12 minutes ago • Detected by CodeQL in lib/xcpretty/ansi.rb:61
master

Polynomial regular expression used on uncontrolled data
High
#1 opened 12 minutes ago • Detected by CodeQL in lib/xcpretty/ansi.rb:51
@secretagencyit
Copy link
Author

Oh, just saw that the project is not really being maintained:
#360
Never mind.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@secretagencyit