aio-libs / aiosmtpd

A reimplementation of the Python stdlib smtpd.py based on asyncio.

https://aiosmtpd.aio-libs.org

Apache License 2.0

313 stars 95 forks source link

Fix CodeQL Findings 2022-12-23 #348

Closed pepoluan closed 1 year ago

pepoluan commented 1 year ago

What do these changes do?

Fix some more significant CodeQL warnings, i.e., those that can't be dismissed outright.

Are there changes in behavior for the user?

None

Related issue number

Closes #343 , #344 , #345 , #346, #349, #350, #351

Checklist

[x] I think the code is well written
[x] Unit tests for the changes exist

codecov[bot] commented 1 year ago

Codecov Report

Merging #348 (6ca44e9) into master (fea5c0c) will not change coverage. The diff coverage is 100.00%.

@@            Coverage Diff            @@
##            master      #348   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            7         7           
  Lines         1696      1696           
  Branches       310       310           
=========================================
  Hits          1696      1696

Impacted Files	Coverage Δ
aiosmtpd/proxy_protocol.py	`100.00% <ø> (ø)`
aiosmtpd/controller.py	`100.00% <100.00%> (ø)`
aiosmtpd/smtp.py	`100.00% <100.00%> (ø)`

:mega: We’re building smart automated test selection to slash your CI/CD build times. Learn more

pepoluan commented 1 year ago

Don't you hate intermittent test failures... I'm barging on because the test failures are really intermittent. I mean, like one OS with one particular Python version fails, while ALL others succeeds. Then the next iteration a different combination fails... with no rhyme nor reason.

Luckily our GHCI workflows have been designed so it would be an easy -- and quite fast -- task to just rerun the failed tests. But I'm delaying that until this series of commits and pushes are done.

pepoluan commented 1 year ago

When merged, this PR fixes all outstanding CodeQL warnings (those that I haven't dismissed outright) except one. That one requires some deeper thought as it's a decorator and things get reeeeeallly hairy there...

No real urgency, as without the fixes aiosmtpd actually Just Works. But it's good to see no outstanding "security" item in the Security tab 😄

pepoluan commented 1 year ago

Adding @warsaw here because there are changes that applies to his code 😉

warsaw commented 1 year ago

Apologies for the delayed response. Thanks for merging this one!