search

Open-CMSIS-Pack / cpackget

Open-CMSIS-Pack Package Installer
Apache License 2.0
20 stars 13 forks source link

Fixed lint and vuln check issues #310

Closed soumeh01 closed 3 months ago

soumeh01 commented 3 months ago

Addressing : Linter issue: Error: Error return value offmt.Scanlnis not checked (errcheck)

Vulnerability detected:

Vulnerability #1: GO-2024-2888
    Mishandling of corrupt central directory record in archive/zip
  More info: https://pkg.go.dev/vuln/GO-2024-2888
  Standard library
    Found in: archive/zip@go1.22.3
    Fixed in: archive/zip@go1.22.4
    Example traces found:
Error:       #1: cmd/installer/pack.go:450:36: installer.PackType.checkEula calls cat.FromBytes, which eventually calls zip.NewReader
Error:       #2: cmd/cryptography/signature.go:520:28: cryptography.VerifyPackSignature calls zip.OpenReader

Vulnerability #2: GO-2024-2887
    Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in
    net/netip
  More info: https://pkg.go.dev/vuln/GO-2024-2887
  Standard library
    Found in: net/netip@go1.22.3
    Fixed in: net/netip@go1.22.4
    Example traces found:
Error:       #1: cmd/utils/utils.go:77:32: utils.RoundTrip calls http.Transport.RoundTrip, which eventually calls netip.Addr.IsLoopback
Error:       #2: cmd/utils/utils.go:77:32: utils.RoundTrip calls http.Transport.RoundTrip, which eventually calls netip.Addr.IsMulticast
codeclimate[bot] commented 3 months ago

Code Climate has analyzed commit 23bd0c71 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 0.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 62.2% (0.0% change).

View more on Code Climate.