add a practice of secure coding about code view #536
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Code view is a best practice for security coding. A common security problem is due to the improper validation of array index that are caused by external input.
Current coverage is 98.26% (diff: 100%)@@ master #536 diff @@
==========================================
Files 40 40
Lines 1038 1038
Methods 0 0
Messages 0 0
Branches 0 0
==========================================
Hits 1020 1020
Misses 18 18
Partials 0 0
|
Code review is the best practice for security coding. A common security problem is due to the improper validation of buffer length that are caused by external input.
…rflow, etc. add a code review rules about infinite loop, string copy, integer overflow, malloc size.
|
Thanks! Adding a new criterion is a big deal - it affects every project (and removes their badge until they meet it). Even if we eventually add it, we need to give projects time to implement it. So I intend to first discuss this in the process of discussing a higher-level badge, then bring this (and other) topics back to perhaps adding it to the existing badge criteria. |
|
We'll add this to the doc/other.md as potential ideas for higher-level badges. Eventually some of this may bleed back down to the "passing" level, but that's a separate step. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Code review is the best practice for security coding. A common security
problem is due to the improper validation of array index that are caused
by external input.