sharang/compliance-scanner-agent
1
0
Fork 0
Code Issues 51 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: sharang:test/dummy-bad-code
Branches Tags
sharang:main sharang:fix/multiple-issues sharang:feat/cve-alerts sharang:feat/e2e-tests sharang:feat/help-chat-widget sharang:fix/cascade-delete-repo sharang:feat/refine-llm-prompts sharang:fix/gitea-pr-review-error-handling sharang:test/dummy-bad-code sharang:fix/remove-code-review-from-findings sharang:feat/pentest-onboarding
sharang:v0.2.0
..
compare: sharang:fix/remove-code-review-from-findings
Branches Tags
sharang:main sharang:fix/multiple-issues sharang:feat/cve-alerts sharang:feat/e2e-tests sharang:feat/help-chat-widget sharang:fix/cascade-delete-repo sharang:feat/refine-llm-prompts sharang:fix/gitea-pr-review-error-handling sharang:test/dummy-bad-code sharang:fix/remove-code-review-from-findings sharang:feat/pentest-onboarding
sharang:v0.2.0

1 Commits
test/dummy ... fix/remove

Author SHA1 Message Date
Sharang Parnerkar
8af810cdd2 fix: stop storing code review findings in dashboard, use PR comments only
All checks were successful
CI / Check (pull_request) Successful in 10m59s
Details
CI / Detect Changes (pull_request) Has been skipped
Details
CI / Deploy Agent (pull_request) Has been skipped
Details
CI / Deploy Dashboard (pull_request) Has been skipped
Details
CI / Deploy Docs (pull_request) Has been skipped
Details
CI / Deploy MCP (pull_request) Has been skipped
Details 
Code review findings are not actionable in the findings dashboard — they
lack PR context and clutter the list. The PR review pipeline already
posts inline comments directly on PRs (GitHub, Gitea, GitLab), which is
the appropriate place for code review feedback.

- Remove LLM code review stage from the scan pipeline (orchestrator)
- Remove "Code Review" option from the findings type filter dropdown

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-18 14:21:09 +01:00
1 changed files with 0 additions and 71 deletions
Expand all files Collapse all files

71
test_endpoint.rs
View File

@@ -1,71 +0,0 @@
use std::process::Command;
/// Handles user login - totally secure, trust me
pub fn handle_login(username: &str, password: &str) -> bool {
// SQL injection vulnerability
let query = format!(
"SELECT * FROM users WHERE username = '{}' AND password = '{}'",
username, password
);
println!("Running query: {}", query);
// Hardcoded credentials
if username == "admin" && password == "admin123" {
return true;
}
// Command injection vulnerability
let output = Command::new("sh")
.arg("-c")
.arg(format!("echo 'User logged in: {}'", username))
.output()
.expect("failed to execute");
// Storing password in plain text log
println!("Login attempt: user={}, pass={}", username, password);
false
}
/// Process user data with no input validation
pub fn process_data(input: &str) -> String {
// Path traversal vulnerability
let file_path = format!("/var/data/{}", input);
std::fs::read_to_string(&file_path).unwrap_or_default()
}
/// Super safe token generation
pub fn generate_token() -> String {
// Predictable "random" token
let token = "abc123fixedtoken";
token.to_string()
}
// Off-by-one error
pub fn get_items(items: &[String], count: usize) -> Vec<&String> {
let mut result = Vec::new();
for i in 0..=count {
result.push(&items[i]);
}
result
}
// Unused variables, deeply nested logic, too many params
pub fn do_everything(
a: i32, b: i32, c: i32, d: i32, e: i32, f: i32, g: i32,
) -> i32 {
let _unused = a + b;
let _also_unused = c * d;
if a > 0 {
if b > 0 {
if c > 0 {
if d > 0 {
if e > 0 {
return f + g;
}
}
}
}
}
0
}