-
Tracking issue for:
- [ ] https://github.com/2lambda123/cisagov-Malcolm/security/code-scanning/142
-
I don't know what kind of false positive rate there is with the clang address sanitizer, but it finds issues. We should look into these and fix them.
```
diff --git a/GNUmakefile b/GNUmakefile
in…
-
I've been looking through the discussions in other issues about false positives, use of sanitize and so on, and am reading that sanitize doesn't completely protect against all circumstances, but so is…
-
This is found in the write() function:
https://w3c.github.io/clipboard-apis/#clipboard-write-data
Searching for this term in the spec yields nothing. :(
What it is probably is referring to is:
…
-
```
What steps will reproduce the problem?
1. Create PolicyFactory with all added sanitizers
(Formatting/Images/Links/Styles/Blocks)
2. Pass "text" to the PolicyFactory.sanitize(String html)
3. Resu…
-
```
I see multiple ld processes, each takes from 1 to 4 Gb RAM (RSS). Heavy
swapping (the machine has 24Gb RAM).
No idea where this comes from. We don't instrument ld, and on my machine
(non-bootst…
-
```
What steps will reproduce the problem?
1. Create PolicyFactory with all added sanitizers
(Formatting/Images/Links/Styles/Blocks)
2. Pass "text" to the PolicyFactory.sanitize(String html)
3. Resu…
-
```
Sanitizer tools need to handle assembly (inline and not). For ASan and TSan
that will improve tool coverage, for MSan - help avoid false positives.
ATM it seems like the best chance to do that i…
-
```
I see multiple ld processes, each takes from 1 to 4 Gb RAM (RSS). Heavy
swapping (the machine has 24Gb RAM).
No idea where this comes from. We don't instrument ld, and on my machine
(non-bootst…
-
```
Sanitizer tools need to handle assembly (inline and not). For ASan and TSan
that will improve tool coverage, for MSan - help avoid false positives.
ATM it seems like the best chance to do that i…