instance of suspicious comments #4009
Labels
lifecycle/stale
Denotes an issue or PR has remained open with no activity and has become stale.
Comments
|
Since the file that you mentioned does not exist anymore, can you point out what exactly you were looking for and what you found? |
|
/lifecycle stale |
openshift-ci-robot
added
the
lifecycle/stale
|
/close |
|
@RiRa12621: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Greetings,
I am a security researcher, who is looking for security smells in Ansible scripts.
I found instances where certain keywords such as TODO, HACK, FIXME, bug repository IDs, in comments within Chef scripts.
According to the Common Weakness Enumeration organization this is a security weakness
(CWE-546: Suspicious Comment https://cwe.mitre.org/data/definitions/546.html).
I am trying to find out if you agree with the findings. I think it is possible to have a nuanced perspective. Any feedback is appreciated.
Any feedback is appreciated.
source: https://github.com/openshift/openshift-tools/blob/prod/openshift/installer/vendored/openshift-ansible-3.5.127/playbooks/common/openshift-cluster/upgrades/v3_5/validator.yml
The text was updated successfully, but these errors were encountered: