Last active
November 19, 2025 22:18
-
-
Save flatcap/fccc96ce693e06621a35d2dafa8ed2c5 to your computer and use it in GitHub Desktop.
code scanning
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Last update: 2025-11-19 | |
| - Commit https://github.com/neomutt/neomutt/commit/b976587882add0f602f6ce280341056d412d5005 | |
| Issues: | |
| https://github.com/neomutt/neomutt/security/code-scanning | |
| How to use gh api: | |
| https://docs.github.com/en/rest/code-scanning/code-scanning?apiVersion=2022-11-28#list-code-scanning-alerts-for-a-repository | |
| # Download 2 pages of 100 issues | |
| gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" "/repos/neomutt/neomutt/code-scanning/alerts?state=open&per_page=100&page=1" | json_reformat > s1.json | |
| gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" "/repos/neomutt/neomutt/code-scanning/alerts?state=open&per_page=100&page=2" | json_reformat > s2.json | |
| # Export some fields | |
| jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.most_recent_instance.location.start_line,.most_recent_instance.location.start_column' s1.json > l1 | |
| jq '.[] | .number,.url,.rule.description,.most_recent_instance.location.path,.most_recent_instance.location.start_line,.most_recent_instance.location.start_column' s2.json > l2 | |
| # vim quickfix list | |
| v1 | |
| # 117 Issues | |
| 27 For loop variable changed in body | |
| 26 Poorly documented large function | |
| 21 Local variable address stored in non-local memory | |
| 9 Year field changed using an arithmetic operation without checking for leap year | |
| 8 Long switch case | |
| 8 Inconsistent nullness check | |
| 5 Uncontrolled data used in path expression | |
| 3 Nested loops with same variable | |
| 3 Futile conditional | |
| 2 Time-of-check time-of-use filesystem race condition | |
| 2 File created without restricting permissions | |
| 2 Cleartext transmission of sensitive information | |
| 1 Uncontrolled process operation | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ncrypt/smime.c:745:11 2 Cleartext transmission of sensitive information | |
| ncrypt/smime.c:780:13 3 Cleartext transmission of sensitive information | |
| maildir/message.c:567:10 1103 File created without restricting permissions | |
| mh/shared.c:86:10 691 File created without restricting permissions | |
| compose/functions.c:649:9 187 For loop variable changed in body | |
| compose/functions.c:661:9 188 For loop variable changed in body | |
| email/parse.c:226:17 507 For loop variable changed in body | |
| email/parse.c:639:5 208 For loop variable changed in body | |
| email/parse.c:644:5 209 For loop variable changed in body | |
| email/rfc2047.c:385:9 1063 For loop variable changed in body | |
| email/rfc2231.c:117:7 571 For loop variable changed in body | |
| email/url.c:204:9 572 For loop variable changed in body | |
| imap/utf7.c:119:7 213 For loop variable changed in body | |
| imap/utf7.c:129:27 214 For loop variable changed in body | |
| imap/util.c:725:11 1183 For loop variable changed in body | |
| mutt/buffer.c:446:20 932 For loop variable changed in body | |
| mutt/file.c:1381:28 508 For loop variable changed in body | |
| mutt/file.c:1386:11 509 For loop variable changed in body | |
| mutt/path.c:80:13 217 For loop variable changed in body | |
| mutt/slist.c:201:7 218 For loop variable changed in body | |
| mutt_header.c:331:13 510 For loop variable changed in body | |
| ncrypt/gnupgparse.c:280:13 223 For loop variable changed in body | |
| ncrypt/gnupgparse.c:286:13 224 For loop variable changed in body | |
| ncrypt/gnupgparse.c:292:13 225 For loop variable changed in body | |
| ncrypt/gnupgparse.c:359:20 226 For loop variable changed in body | |
| ncrypt/gpgme_functions.c:198:7 1109 For loop variable changed in body | |
| ncrypt/gpgme_functions.c:215:9 228 For loop variable changed in body | |
| ncrypt/gpgme_functions.c:223:11 573 For loop variable changed in body | |
| ncrypt/smime.c:301:20 231 For loop variable changed in body | |
| nntp/complete.c:66:9 230 For loop variable changed in body | |
| pattern/pattern.c:117:7 483 For loop variable changed in body | |
| mutt/signal.c:84:3 1190 Futile conditional | |
| mutt/signal.c:98:5 1189 Futile conditional | |
| mutt/signal.c:117:3 1188 Futile conditional | |
| imap/imap.c:513:35 1201 Inconsistent nullness check | |
| imap/imap.c:1041:35 1199 Inconsistent nullness check | |
| imap/imap.c:1367:35 1198 Inconsistent nullness check | |
| imap/imap.c:1882:35 1197 Inconsistent nullness check | |
| imap/imap.c:2287:35 1196 Inconsistent nullness check | |
| imap/message.c:425:35 1203 Inconsistent nullness check | |
| imap/message.c:1544:35 1202 Inconsistent nullness check | |
| imap/message.c:1703:35 1200 Inconsistent nullness check | |
| alias/dlg_alias.c:240:3 325 Local variable address stored in non-local memory | |
| alias/dlg_query.c:317:3 326 Local variable address stored in non-local memory | |
| browser/dlg_browser.c:856:3 1130 Local variable address stored in non-local memory | |
| browser/dlg_browser.c:857:3 1131 Local variable address stored in non-local memory | |
| conn/dlg_verifycert.c:175:3 331 Local variable address stored in non-local memory | |
| editor/window.c:297:3 1187 Local variable address stored in non-local memory | |
| email/parse.c:257:9 334 Local variable address stored in non-local memory | |
| email/rfc2231.c:232:5 336 Local variable address stored in non-local memory | |
| email/thread.c:112:3 527 Local variable address stored in non-local memory | |
| history/dlg_history.c:132:3 1132 Local variable address stored in non-local memory | |
| imap/browse.c:165:3 341 Local variable address stored in non-local memory | |
| imap/browse.c:277:5 1100 Local variable address stored in non-local memory | |
| imap/command.c:685:3 343 Local variable address stored in non-local memory | |
| imap/imap.c:1308:3 344 Local variable address stored in non-local memory | |
| mutt/notify.c:210:3 1110 Local variable address stored in non-local memory | |
| mutt_thread.c:1063:5 349 Local variable address stored in non-local memory | |
| ncrypt/dlg_gpgme.c:233:3 1135 Local variable address stored in non-local memory | |
| ncrypt/dlg_pgp.c:233:3 1133 Local variable address stored in non-local memory | |
| ncrypt/dlg_smime.c:210:3 1134 Local variable address stored in non-local memory | |
| pager/dlg_pager.c:353:3 353 Local variable address stored in non-local memory | |
| postpone/dlg_postpone.c:223:3 1136 Local variable address stored in non-local memory | |
| email/parse.c:686:3 521 Long switch case | |
| flags.c:71:3 575 Long switch case | |
| muttlib.c:137:5 1193 Long switch case | |
| ncrypt/gnupgparse.c:172:5 19 Long switch case | |
| ncrypt/smime.c:2050:5 20 Long switch case | |
| notmuch/notmuch.c:1389:3 21 Long switch case | |
| pattern/compile.c:369:5 23 Long switch case | |
| pattern/compile.c:931:5 692 Long switch case | |
| postpone/postpone.c:225:24 356 Nested loops with same variable | |
| postpone/postpone.c:260:22 357 Nested loops with same variable | |
| postpone/postpone.c:297:16 358 Nested loops with same variable | |
| address/address.c:480:5 577 Poorly documented large function | |
| attach/recvattach.c:431:6 693 Poorly documented large function | |
| convert/content_info.c:49:6 285 Poorly documented large function | |
| enriched.c:120:13 478 Poorly documented large function | |
| envelope/window.c:502:12 427 Poorly documented large function | |
| handler.c:1130:12 697 Poorly documented large function | |
| history/history.c:203:13 1115 Poorly documented large function | |
| index/functions.c:1349:12 292 Poorly documented large function | |
| index/functions.c:1467:12 291 Poorly documented large function | |
| mbox/mbox.c:183:27 293 Poorly documented large function | |
| mutt/filter.c:62:7 659 Poorly documented large function | |
| mutt_thread.c:233:13 294 Poorly documented large function | |
| ncrypt/crypt.c:1117:5 1104 Poorly documented large function | |
| ncrypt/crypt.c:1241:5 695 Poorly documented large function | |
| ncrypt/crypt_gpgme.c:3532:14 296 Poorly documented large function | |
| ncrypt/pgp.c:1463:7 295 Poorly documented large function | |
| notmuch/notmuch.c:2253:22 298 Poorly documented large function | |
| pager/pager.c:132:12 526 Poorly documented large function | |
| pattern/exec.c:845:13 299 Poorly documented large function | |
| pattern/pattern.c:188:5 1128 Poorly documented large function | |
| pop/auth.c:523:5 300 Poorly documented large function | |
| recvcmd.c:949:6 694 Poorly documented large function | |
| send/send.c:235:12 301 Poorly documented large function | |
| send/send.c:1155:12 574 Poorly documented large function | |
| send/sendlib.c:453:14 284 Poorly documented large function | |
| send/smtp.c:622:12 303 Poorly documented large function | |
| mutt/file.c:171:18 1207 Time-of-check time-of-use filesystem race condition | |
| mutt/file.c:183:3 6 Time-of-check time-of-use filesystem race condition | |
| help.c:196:30 1191 Uncontrolled data used in path expression | |
| key/dump.c:199:24 1192 Uncontrolled data used in path expression | |
| mutt/logging.c:131:31 1205 Uncontrolled data used in path expression | |
| ncrypt/smime.c:1448:20 1206 Uncontrolled data used in path expression | |
| send/sendlib.c:113:26 913 Uncontrolled data used in path expression | |
| send/sendmail.c:172:14 384 Uncontrolled process operation | |
| expando/node_conddate.c:87:10 1099 Year field changed using an arithmetic operation without checking for leap year | |
| mutt/date.c:353:9 319 Year field changed using an arithmetic operation without checking for leap year | |
| mutt/date.c:358:9 486 Year field changed using an arithmetic operation without checking for leap year | |
| mutt/date.c:369:11 321 Year field changed using an arithmetic operation without checking for leap year | |
| mutt/date.c:383:11 322 Year field changed using an arithmetic operation without checking for leap year | |
| mutt/date.c:591:8 522 Year field changed using an arithmetic operation without checking for leap year | |
| mutt/date.c:756:8 1114 Year field changed using an arithmetic operation without checking for leap year | |
| pattern/compile.c:230:11 324 Year field changed using an arithmetic operation without checking for leap year | |
| pattern/compile.c:344:8 323 Year field changed using an arithmetic operation without checking for leap year |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment