fix(matchers): ignore auth prose for missing-auth guards#618
Merged
Conversation
CodeDecay PR CheckLead catch: Test appears to copy implementation logic — packages/cli/test/benchmark-corpus.test.ts includes logic copied from packages/cli/src/benchmark/corpus.ts; this can make tests pass without protecting real behavior. Risk: High · Merge 100/100 · Decay 10/100 · Security 100/100 Full CodeDecay reportCodeDecay ReportOverall risk: High
Changed Files
Likely Impacted Areas
Language And Parser Coverage
Merge Risk Breakdown
Top contributors:
Decay Risk Breakdown
Top contributors:
Dampeners:
Notes:
Security Risk Breakdown
Top contributors:
Security Matcher Coverage
Security Candidates
Test Evidence
High Risk Findings
Medium Risk Findings
Low Risk Findings
Recommended Checks
NotesCodeDecay is deterministic and local-first. This report was generated without telemetry, API keys, LLMs, or model calls. Found by CodeDecay - deterministic, local-first, no telemetry. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #616
Problem
security-missing-auth-entrypointtreated any rawauthsubstring in an entire file as evidence of an auth guard. A comment likeNO authentication/authorization checkcould suppress a real missing-auth finding for an exported destructive function.Fix
Red to green evidence
Before the matcher fix, the new targeted test failed:
After the fix, the built benchmark reports:
Validation
pnpm installpnpm run lintpnpm typecheckpnpm vitest run packages/matchers/test/matchers.test.ts packages/cli/test/benchmark.test.ts packages/cli/test/benchmark-corpus.test.tspnpm testpnpm buildpnpm --filter @submuxhq/codedecay pack --dry-runpnpm eval:benchmarknode packages/cli/dist/index.js benchmark --format json