Review OpenScanHub results for libdnf

rpm-software-management / libdnf

Package management library.

GNU Lesser General Public License v2.1

183 stars 140 forks source link

Review OpenScanHub results for libdnf #1659

Open ppisar opened 4 months ago

ppisar commented 4 months ago

Fedora scanned F41 critical packages for insecure pieces of source code https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/ZNWA2K3H6OS3LFJOTA5H4FJJC64EBLRK/ Results are at https://svashisht.fedorapeople.org/f41-22-Apr-2024/. There are some findings for libdnf. It would be great to review and the address true positives.

siteshwar commented 1 month ago

A more recent report is available at https://svashisht.fedorapeople.org/f41-03-Jul-2024/

But it contains high number of false positives due to cppcheck warning about limiting analysis of branches. It should be fixed in the future mass scans.