GitHub yakazivisa kuwedzera kweyeyedzero yemuchina yekudzidza sisitimu kune yayo Code scanning sevhisi kuona akajairika marudzi ekusagadzikana mukodhi. Padanho rekuyedza, mashandiro matsva aya anowanikwa chete kumarekodhi ane kodhi muJavaScript uye TypeScript. Zvinocherechedzwa kuti kushandiswa kwemichina yekudzidza sisitimu yakaita kuti zvikwanise kuwedzera zvakanyanya huwandu hwezvinetso zvakaonekwa, kana uchiongorora kuti iyo sisitimu haichagumiri pakutarisa matemplate akajairwa uye haina kusungirirwa kune anozivikanwa masisitimu. Pakati pezvinetso zvakaonekwa nehurongwa hutsva, zvikanganiso zvinotaurwa zvinotungamirira ku-cross-site scripting (XSS), kukanganisa kwenzira dzefaira (somuenzaniso, kuburikidza nechiratidzo che "/.."), kutsiva SQL uye NoSQL mibvunzo.
Iyo Code scanning sevhisi inobvumidza iwe kuona kusazvibata panguva yekutanga yebudiriro nekutarisa yega yega "git push" mashandiro kune zvinogona kuitika. Mhedzisiro inosungirirwa zvakananga kune chikumbiro chekudhonza. Pakutanga, cheki yacho yaiitwa pachishandiswa injini yeCodeQL, inoongorora matemplate neakajairwa kodhi kodhi (CodeQL inokutendera iwe kuti ugadzire isina njodzi kodhi template yekuona kuvepo kwekusagadzikana kwakafanana mukodhi yemamwe mapurojekiti). Injini nyowani, inoshandisa muchina kudzidza, inogona kuona kusazivikanwa kwaimbove kusaitika nekuti haina kusungirirwa kuverengera kodhi matemplate anotsanangura kwakati kusagadzikana. Mutengo wechinhu ichi kuwedzera kwenhamba yenhema dzenhema zvichienzaniswa neCodeQL-based cheki.
Source: opennet.ru