Open CodingDepot opened 5 months ago
Attention: Patch coverage is 78.94737%
with 4 lines
in your changes missing coverage. Please review.
Project coverage is 77.22%. Comparing base (
6377273
) to head (a60f69b
). Report is 5 commits behind head on main.
Files | Patch % | Lines |
---|---|---|
.../codyze/backends/cpg/coko/dsl/ImplementationDsl.kt | 77.77% | 1 Missing and 3 partials :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
This PR is waiting for an update to the SizeEvaluator in the CPG to cover more cases
Moved everything regarding the new OPEN
result into #886.
This adds the new
Length()
Type to use in Coko queries. This enables rules to verify the length of an argument, e.g. how many bytes a salt parameter can assume. One issue with the implementation if that when the length can not be determined (length == -1), false positives may be produced. The current evaluator structure makes it hard to propagate anopen
result from the length check to the Finding. (Refer to #886)Additionally, this PR includes an optimization for Ranges given as arguments for Only and Never evaluators: By only verifying that every possible value lies within the upper and lower bounds of the range we do not have to iterate over every value in the range. This is especially noticeable when specifying a huge range of allowed parameter values.
Tasks:
Length
keywordrestructure Evaluator to enable propagation of false positive knowledge