Closed munahaf closed 4 weeks ago
Hi there, thank you for your contribution!
This issue has been automatically marked as stale because it has not had recent activity. It will be closed automatically if no further activity occurs.
If you would like this issue to remain open please:
NOTE: If this issue was closed prematurely, please leave a comment.
Thanks!
Checklist
What happened?
In file: post.py inside the conda_build directory, method:
check_overlinking_impl
, in line 1356 a logical equality check operation was performed. The operands are such that the comparison operation always returns true. This is because one of the operands is a list and the other is a string ([package] != "non-library"
).Such logical short circuits in code lead to unintended behavior. I suggested that the logical operation should be reviewed for correctness. I could not create a fix because I am not familiar with the business logic.
Sponsorship and Support:
This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.
The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.
Conda Info
Conda Config
Conda list
Additional Context
No response