add qodana workflow #1
ImSingeeAnnotations
1 error, 11 warnings, and 5 notices
|
Vulnerable declared dependency:
go.mod#L11
Dependency go:github.com/go-git/go-git/v5:v5.9.0 is vulnerable
* [CVE-2023-49568](https://devhub.checkmarx.com/cve-details/CVE-2023-49568?utm_source=jetbrains&utm_medium=referral) 7.5 Uncontrolled Resource Consumption vulnerability with High severity found
* [CVE-2023-49569](https://devhub.checkmarx.com/cve-details/CVE-2023-49569?utm_source=jetbrains&utm_medium=referral) 9.8 Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") vulnerability with High severity found
Results powered by [Checkmarx](https://checkmarx.com)(c)
|
|
qodana
Node.js 16 actions are deprecated. Please update the following actions to use Node.js 20: actions/checkout@v3, JetBrains/[email protected]. For more information see: https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
|
|
Bool condition:
internal/hooks/add-set.go#L128
Condition `runtime.GOOS == "windows"` is always `false`
|
|
Bool condition:
internal/extension-registry/utils/tar.go#L77
Condition `runtime.GOOS == "darwin" && mode&0111 != 0` is always `false`
|
|
Bool condition:
internal/version/version.go#L39
Condition `version == "DEV"` is always `true`
|
|
Bool condition:
internal/extension-registry/installer/impl/goinstaller/installer.go#L103
Condition `runtime.GOOS == "windows"` is always `false`
|
|
Imported package name as a name identifier:
internal/extension-registry/installer/impl/bininstaller/indirect/installer.go#L52
Variable `url` collides with imported package name
|
|
Imported package name as a name identifier:
internal/ext/lint-staged/config.go#L93
Variable `config` collides with imported package name
|
|
Imported package name as a name identifier:
internal/ext/lint-staged/config.go#L119
Variable `config` collides with imported package name
|
|
Imported package name as a name identifier:
internal/ext/lint-staged/config.go#L151
Variable `config` collides with imported package name
|
|
Imported package name as a name identifier:
internal/extension-registry/installer/impl/bininstaller/indirect/installer.go#L31
Variable `url` collides with imported package name
|
|
Imported package name as a name identifier:
internal/ext/lint-staged/config.go#L378
Variable `config` collides with imported package name
|
|
Comment of exported element starts with the incorrect name:
internal/lib/tl/callback.go#L5
Comment should have the following format 'Hide ...' (with an optional leading article)
|
|
Direct comparison of errors:
internal/extension-registry/utils/move.go#L17
Comparison with errors using equality operators fails on wrapped errors
|
|
Name starts with a package name:
internal/config/config.go#L14
Name starts with the package name
|
|
Redundant type conversion:
internal/ext/lint-staged/file.go#L61
Redundant type conversion
|
|
Vulnerable declared dependency:
go.mod#L40
Dependency go:golang.org/x/net:v0.15.0 is vulnerable
* [CVE-2023-44487](https://devhub.checkmarx.com/cve-details/CVE-2023-44487?utm_source=jetbrains&utm_medium=referral) 5.3 Uncontrolled Resource Consumption vulnerability with Medium severity found
Results powered by [Checkmarx](https://checkmarx.com)(c)
|