https://github.com/imakris/sintra.git ·
lang: cpp ·
LOC: ·
source: both
| Rule | Severity | Count |
|---|---|---|
MINED111 Bare except continues silently |
medium | 25 |
MINED115 GitHub Action pinned to mutable ref (not 40-char SHA) |
high | 25 |
MINED108 self.attribute used but never assigned in __init__ |
high | 25 |
AIC003 Duplicated implementation block across source files |
low | 18 |
MINED116 GHA pull_request workflow leaks secrets to forks |
critical | 7 |
MINED042 Cpp New Without Delete |
info | 3 |
MINED080 Cpp Using Namespace Std |
info | 3 |
SEC045 eval()/exec() on stored or user-supplied data |
medium | 2 |
COMP001 [COMP001] High cognitive complexity: Function `load_yfinanc… |
low | 2 |
SEC005 Command Injection Risk |
high | 1 |
MINED116
GHA pull_request workflow leaks secrets to forks
CWE-829
.github/workflows/build-linux.yml:170
· conf 0.90
Workflow uses `secrets.GIST_SECRET` on a `pull_request` triggerMINED116
GHA pull_request workflow leaks secrets to forks
CWE-829
.github/workflows/build-linux.yml:184
· conf 0.90
Workflow uses `secrets.GIST_SECRET` on a `pull_request` triggerMINED116
GHA pull_request workflow leaks secrets to forks
CWE-829
.github/workflows/build-macos.yml:122
· conf 0.90
Workflow uses `secrets.GIST_SECRET` on a `pull_request` triggerMINED116
GHA pull_request workflow leaks secrets to forks
CWE-829
.github/workflows/build-macos.yml:136
· conf 0.90
Workflow uses `secrets.GIST_SECRET` on a `pull_request` triggerMINED116
GHA pull_request workflow leaks secrets to forks
CWE-829
.github/workflows/build-windows.yml:182
· conf 0.90
Workflow uses `secrets.GIST_SECRET` on a `pull_request` triggerMINED116
GHA pull_request workflow leaks secrets to forks
CWE-829
.github/workflows/build-windows.yml:196
· conf 0.90
Workflow uses `secrets.GIST_SECRET` on a `pull_request` triggerMINED116
GHA pull_request workflow leaks secrets to forks
CWE-829
.github/workflows/coverage.yml:148
· conf 0.90
Workflow uses `secrets.CODECOV_TOKEN` on a `pull_request` triggerMINED034
Python Subprocess Shell True
CWE-78
trigger_ci.py:22
· conf 1.00
[MINED034] Python Subprocess Shell True: subprocess(..., shell=True) enables command injection.MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:537
· conf 1.00
`self._estimate_directory_size` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:549
· conf 1.00
`self._record_scratch_cleanup` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:589
· conf 1.00
`self._core_dump_search_directories` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:598
· conf 1.00
`self._is_core_dump_file` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:600
· conf 1.00
`self._normalize_core_path` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:613
· conf 1.00
`self._core_dump_search_directories` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:622
· conf 1.00
`self._is_core_dump_file` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:625
· conf 1.00
`self._normalize_core_path` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:658
· conf 1.00
`self._find_new_core_dumps` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:675
· conf 1.00
`self._record_core_cleanup` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:700
· conf 1.00
`self._record_core_cleanup` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:708
· conf 1.00
`self._record_core_cleanup` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:711
· conf 1.00
`self._record_core_cleanup` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:723
· conf 1.00
`self._cleanup_scratch_directory` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:834
· conf 1.00
`self._expand_test_invocations` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:870
· conf 1.00
`self._expand_ipc_rings_invocations` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:879
· conf 1.00
`self._list_ipc_rings_tests` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:949
· conf 1.00
`self._allocate_scratch_directory` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:952
· conf 1.00
`self._snapshot_core_dumps` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:955
· conf 1.00
`self.instrumentation_active` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:956
· conf 1.00
`self._instrument_step` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:967
· conf 1.00
`self._build_test_environment` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:1068
· conf 1.00
`self._describe_pids` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:1672
· conf 1.00
`self._decode_posix_signal` used but never assigned in __init__MINED108
self.attribute used but never assigned in __init__
CWE-476
tests/run_tests.py:2061
· conf 1.00
`self._cleanup_new_core_dumps` used but never assigned in __init__MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-linux.yml:38
· conf 0.90
Action `actions/checkout` pinned to mutable ref `@v4`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-linux.yml:44
· conf 0.90
Action `dorny/paths-filter` pinned to mutable ref `@v3`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-linux.yml:101
· conf 0.90
Action `actions/cache` pinned to mutable ref `@v4`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-linux.yml:160
· conf 0.90
Action `actions/upload-artifact` pinned to mutable ref `@v4`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-linux.yml:168
· conf 0.90
Action `schneegans/dynamic-badges-action` pinned to mutable ref `@v1.7.0`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-macos.yml:38
· conf 0.90
Action `actions/checkout` pinned to mutable ref `@v4`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-macos.yml:44
· conf 0.90
Action `dorny/paths-filter` pinned to mutable ref `@v3`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-macos.yml:112
· conf 0.90
Action `actions/upload-artifact` pinned to mutable ref `@v4`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-macos.yml:120
· conf 0.90
Action `schneegans/dynamic-badges-action` pinned to mutable ref `@v1.7.0`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-windows.yml:38
· conf 0.90
Action `actions/checkout` pinned to mutable ref `@v4`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-windows.yml:44
· conf 0.90
Action `dorny/paths-filter` pinned to mutable ref `@v3`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-windows.yml:172
· conf 0.90
Action `actions/upload-artifact` pinned to mutable ref `@v4`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/build-windows.yml:180
· conf 0.90
Action `schneegans/dynamic-badges-action` pinned to mutable ref `@v1.7.0`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/coverage.yml:25
· conf 0.90
Action `actions/checkout` pinned to mutable ref `@v4`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/coverage.yml:146
· conf 0.90
Action `codecov/codecov-action` pinned to mutable ref `@v5`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/coverage.yml:156
· conf 0.90
Action `actions/upload-artifact` pinned to mutable ref `@v4`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/stress-test-macos.yml:80
· conf 0.90
Action `actions/checkout` pinned to mutable ref `@v4`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/stress-test-macos.yml:112
· conf 0.90
Action `dorny/paths-filter` pinned to mutable ref `@v3`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/stress-test-macos.yml:150
· conf 0.90
Action `actions/download-artifact` pinned to mutable ref `@v4.1.7`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/stress-test-macos.yml:164
· conf 0.90
Action `actions/setup-python` pinned to mutable ref `@v5`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/stress-test-macos.yml:185
· conf 0.90
Action `actions/github-script` pinned to mutable ref `@v8`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/stress-test-macos.yml:203
· conf 0.90
Action `actions/github-script` pinned to mutable ref `@v8`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/stress-test-macos.yml:221
· conf 0.90
Action `schneegans/dynamic-badges-action` pinned to mutable ref `@v1.7.0`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/stress-test-windows.yml:80
· conf 0.90
Action `actions/checkout` pinned to mutable ref `@v4`MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/stress-test-windows.yml:112
· conf 0.90
Action `dorny/paths-filter` pinned to mutable ref `@v3`MINED111
Bare except continues silently
tests/debuggers/unix.py:61
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/runner/platform/posix.py:51
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/runner/platform/posix.py:122
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/runner/platform/posix.py:187
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/runner/platform/posix.py:296
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/runner/platform/posix.py:314
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/runner/platform/posix.py:322
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/runner/platform/posix.py:327
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/runner/platform/windows.py:40
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/runner/platform/windows.py:90
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/runner/platform/windows.py:198
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/runner/platform/windows.py:212
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/runner/platform/windows.py:220
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/runner/utils.py:51
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/runner/utils.py:94
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/run_tests.py:460
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/run_tests.py:543
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/run_tests.py:1044
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/run_tests.py:1345
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/run_tests.py:1734
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/run_tests.py:1740
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/run_tests.py:1795
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/run_tests.py:1806
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/run_tests.py:2011
· conf 1.00
Bare except continues silentlyMINED111
Bare except continues silently
tests/run_tests.py:2067
· conf 1.00
Bare except continues silentlySEC005
Command Injection Risk
trigger_ci.py:22
· conf 0.50
[SEC005] Command Injection Risk: Unsafe shell execution or eval of user input.SEC045
eval()/exec() on stored or user-supplied data
example/qt_basic/cursor_sync_receiver.cpp:148
· conf 1.00
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …SEC045
eval()/exec() on stored or user-supplied data
example/qt_basic/cursor_sync_sender.cpp:130
· conf 1.00
[SEC045] eval()/exec() on stored or user-supplied data: eval() and exec() on data — even admin-stored data — is a lateral-movement vector after any one credential compromise. Sandboxes (__builtins__ …AIC003
Duplicated implementation block across source files
tests/barrier_delivery_fence_repro_test.cpp:240
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tests/barrier_flush_test.cpp:184
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tests/barrier_flush_test.cpp:188
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tests/external_process_invitation_lifecycle_negative_test.cpp:17
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tests/external_process_invitation_rejection_cleanup_test.cpp:31
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tests/external_process_invitation_rejection_cleanup_test.cpp:108
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tests/external_process_invitation_test.cpp:23
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tests/external_process_invitation_test.cpp:44
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tests/external_process_invitation_test.cpp:100
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tests/leave_coordinator_guardrails_test.cpp:4
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tests/leave_lifecycle_test.cpp:8
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tests/manual/barrier_delivery_fence_repro_test.cpp:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tests/recovery_runner_thread_test.cpp:53
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tests/runner/platform/windows.py:187
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tests/shutdown_helper_test.cpp:14
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tests/spinlock_recovery_test.cpp:81
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tests/teardown_targeted_rpc_exception_test.cpp:28
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
tests/teardown_targeted_rpc_exception_test.cpp:199
· conf 0.86
Duplicated implementation block across source filesCOMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
scripts/collect_lldb_backtraces.py:66
· conf 0.95
[COMP001] High cognitive complexity: Function `collect_ctest_metadata` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understan…COMP001
[COMP001] High cognitive complexity: Function `load_yfinance_data` has cognitive complexity 9 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — nested branches, boolean chains, and recursion all weigh in. Breakdown: except=1, for=1, if=2, nested_bonus=3, or=2.
scripts/collect_lldb_backtraces.py:93
· conf 0.95
[COMP001] High cognitive complexity: Function `run_lldb_for_tests` has cognitive complexity 10 (SonarSource scale). Cognitive complexity measures how hard the function is for a human to understand — …MINED042
Cpp New Without Delete
CWE-401
example/qt_basic/cursor_sync_receiver.cpp:49
· conf 1.00
[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak risk.MINED042
Cpp New Without Delete
CWE-401
example/qt_basic/cursor_sync_sender.cpp:36
· conf 1.00
[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak risk.MINED042
Cpp New Without Delete
CWE-401
include/sintra/detail/messaging/process_message_reader.h:70
· conf 1.00
[MINED042] Cpp New Without Delete: C++ raw new without RAII / unique_ptr — memory leak risk.MINED064
Python Input Call
trigger_ci.py:15
· conf 1.00
[MINED064] Python Input Call: input() blocks for stdin. Inappropriate in services.MINED080
Cpp Using Namespace Std
example/sintra/sintra_example_0_basic_pubsub.cpp:20
· conf 1.00
[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace.MINED080
Cpp Using Namespace Std
example/sintra/sintra_example_1_ping_pong_multi.cpp:18
· conf 1.00
[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace.MINED080
Cpp Using Namespace Std
example/sintra/sintra_example_2_rpc_append.cpp:48
· conf 1.00
[MINED080] Cpp Using Namespace Std: using namespace std; pollutes the global namespace.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/1ae44061-342b-463b-80b3-ae74d563bd72/.