-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LGTM (security) review tool flagged 5 issues in the code base #3942
Comments
Of the 5 issues highlighted, 4 are false positive. For example, PasswordSecret is not actually sensitive data. The XSS state would be hard to exploit (you'd need to enable SSO), but not impossible. Would you be interested in submitting a PR to fix this? |
@sarabala1979 it would be see if you agree with the assessment? |
@alexec: Sure, would love to help out but having no context regarding the code base. Not sure what the fix should be. |
Summary
Report: https://lgtm.com/projects/g/argoproj/argo?mode=list&severity=error
What happened/what you expected to happen?
Expectation is that there are no potential security holes.
Diagnostics
What version of Argo Workflows are you running?
Latest argo git hub repo was input to LGTM
Impacted by this bug? Give it a 👍. We prioritise the issues with the most 👍.
The text was updated successfully, but these errors were encountered: