Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

release: Prepare RC5 Release #266

Closed
wants to merge 2,902 commits into from

Merge pull request #265 from DigiByte-Core/feature/ci-enabled-codeql-…

21698e7
Select commit
Loading
Failed to load commit list.
Closed

release: Prepare RC5 Release #266

Merge pull request #265 from DigiByte-Core/feature/ci-enabled-codeql-…
21698e7
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL failed Dec 23, 2024 in 5s

448 new alerts including 5 critical severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 5 critical
  • 52 high
  • 2 medium

Other Alerts:

  • 42 errors
  • 114 warnings
  • 233 notes

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 97 in .github/workflows/ci.yml

See this annotation in the file changed.

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions Job or Workflow does not set permissions

Check failure on line 83 in qa/rpc-tests/test_framework/test_framework.py

See this annotation in the file changed.

Code scanning / CodeQL

Wrong number of arguments in a call Error test

Call to
method DigiByteTestFramework.setup_network
Loading
with too many arguments; should be no more than 0.

Check failure on line 101 in qa/rpc-tests/test_framework/test_framework.py

See this annotation in the file changed.

Code scanning / CodeQL

Wrong number of arguments in a call Error test

Call to
method DigiByteTestFramework.setup_network
Loading
with too many arguments; should be no more than 0.

Check warning on line 67 in share/qt/extract_strings_qt.py

See this annotation in the file changed.

Code scanning / CodeQL

File is not always closed Warning

File may not be closed if an exception is raised.

Check failure on line 42 in share/rpcauth/rpcauth.py

See this annotation in the file changed.

Code scanning / CodeQL

Clear-text logging of sensitive information High

This expression logs
sensitive data (password)
Loading
as clear text.

Check failure on line 43 in share/rpcauth/rpcauth.py

See this annotation in the file changed.

Code scanning / CodeQL

Clear-text logging of sensitive information High

This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.
This expression logs
sensitive data (password)
Loading
as clear text.

Check failure on line 107 in src/addrdb.cpp

See this annotation in the file changed.

Code scanning / CodeQL

File created without restricting permissions High

A file may be created here with mode 0666, which would make it world-writable.

Check notice on line 813 in src/chainparams.cpp

See this annotation in the file changed.

Code scanning / CodeQL

Commented-out code Note

This comment appears to contain commented-out code.

Check warning on line 121 in src/crc32c/.ycm_extra_conf.py

See this annotation in the file changed.

Code scanning / CodeQL

File is not always closed Warning

File is opened but is not closed.

Check notice on line 256 in src/crypto/KeccakP-800-reference.cpp

See this annotation in the file changed.

Code scanning / CodeQL

Unused static function Note

Static function fromBytesToWords is unreachable

Check notice on line 267 in src/crypto/KeccakP-800-reference.cpp

See this annotation in the file changed.

Code scanning / CodeQL

Unused static function Note

Static function fromWordsToBytes is unreachable

Check notice on line 10 in src/crypto/aes.cpp

See this annotation in the file changed.

Code scanning / CodeQL

Include header files only Note

The #include pre-processor directive should only be used to include header files.

Check notice on line 12 in src/crypto/aes.cpp

See this annotation in the file changed.

Code scanning / CodeQL

No raw arrays in interfaces Note

Raw arrays should not be used in interfaces. A container class should be used instead.

Check notice on line 22 in src/crypto/aes.cpp

See this annotation in the file changed.

Code scanning / CodeQL

No raw arrays in interfaces Note

Raw arrays should not be used in interfaces. A container class should be used instead.

Check notice on line 27 in src/crypto/aes.cpp

See this annotation in the file changed.

Code scanning / CodeQL

No raw arrays in interfaces Note

Raw arrays should not be used in interfaces. A container class should be used instead.

Check notice on line 37 in src/crypto/aes.cpp

See this annotation in the file changed.

Code scanning / CodeQL

No raw arrays in interfaces Note

Raw arrays should not be used in interfaces. A container class should be used instead.

Check failure on line 106 in src/crypto/aes.cpp

See this annotation in the file changed.

Code scanning / CodeQL

Incorrect 'not' operator usage High

Usage of a logical not (!) expression as a bitwise operator.

Check notice on line 120 in src/crypto/aes.cpp

See this annotation in the file changed.

Code scanning / CodeQL

No raw arrays in interfaces Note

Raw arrays should not be used in interfaces. A container class should be used instead.

Check notice on line 136 in src/crypto/aes.cpp

See this annotation in the file changed.

Code scanning / CodeQL

No raw arrays in interfaces Note

Raw arrays should not be used in interfaces. A container class should be used instead.

Check warning on line 75 in src/crypto/chacha20.cpp

See this annotation in the file changed.

Code scanning / CodeQL

Poorly documented large function Warning

Poorly documented function: fewer than 2% comments for a function of 107 lines.

Check warning on line 183 in src/crypto/chacha20.cpp

See this annotation in the file changed.

Code scanning / CodeQL

Poorly documented large function Warning

Poorly documented function: fewer than 2% comments for a function of 129 lines.

Check notice on line 74 in src/crypto/echo.cpp

See this annotation in the file changed.

Code scanning / CodeQL

Include header files only Note

The #include pre-processor directive should only be used to include header files.

Check notice on line 31 in src/crypto/hashqubit.h

See this annotation in the file changed.

Code scanning / CodeQL

Commented-out code Note

This comment appears to contain commented-out code.

Check notice on line 15 in src/crypto/hkdf_sha256_32.cpp

See this annotation in the file changed.

Code scanning / CodeQL

No raw arrays in interfaces Note

Raw arrays should not be used in interfaces. A container class should be used instead.

Check notice on line 35 in src/crypto/hmac_sha256.cpp

See this annotation in the file changed.

Code scanning / CodeQL

No raw arrays in interfaces Note

Raw arrays should not be used in interfaces. A container class should be used instead.