test: validate inline-review anchoring (do not merge) #19
@@ -0,0 +1,15 @@
|
||||
package main
|
||||
|
||||
import "strconv"
|
||||
|
||||
// probeParsePort is a THROWAWAY used only to validate Gadfly's inline-review
|
||||
// anchoring end-to-end (this branch is never merged). It deliberately ignores
|
||||
// the error from Atoi and hardcodes a fallback, so the swarm has a concrete
|
||||
// finding to anchor an inline comment to on a changed line.
|
||||
func probeParsePort(s string) int {
|
||||
|
|
||||
n, _ := strconv.Atoi(s)
|
||||
if n == 0 {
|
||||
return 8080
|
||||
}
|
||||
return n
|
||||
}
|
||||
Reference in New Issue
Block a user
🔴 Parsed port value is unbounded: negative numbers and values > 65535 are returned unchecked
correctness, error-handling, maintainability, security · flagged by 5 models
cmd/gadfly/zz_inline_probe.go:10— The error returned bystrconv.Atoiis explicitly discarded (n, _ := ...). On any invalid input (empty string, non-numeric text, overflow),nis zero and the function silently falls back to8080, swallowing the failure and masking garbage input as a default port. -cmd/gadfly/zz_inline_probe.go:9-14— Even whenAtoisucceeds, the function performs no bounds checking. Negative values (e.g.,"-"1parses successfully) and values outside the valid…🪰 Gadfly · advisory