You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2021/06/08 18:00:56 UTC
[GitHub] [trafficcontrol] rob05c opened a new pull request #5923: Fix codeql t3c false positives
rob05c opened a new pull request #5923:
URL: https://github.com/apache/trafficcontrol/pull/5923
"Fixes" codeql false positives.
None of these are actual issues. Checking for overflows is deceptive and not useful. For example, the Parent Rank being `2147483649` is no more invalid than `2147483645`, but we don't have a hard limit on Parent Rank, so there's no sane max we can impose.
But this is the path of least resistance. Much as it frustrates me to make code worse for bad tools, this will make people and tools stop bothering us every few months to fix things they don't have the context to understand aren't issues.
No new tests, code already has tests, and any specific tests around the overflow would be deceptive, misleading, and fallacious.
No docs, no interface change.
No changelog, no interface change, and these aren't real bugs.
- [x] This PR is not related to any other Issue
## Which Traffic Control components are affected by this PR?
- Traffic Ops ORT
## What is the best way to verify this PR?
Run tests. Observe code is obviously identical in behavior, except for overflows astronomically larger than valid values.
## If this is a bug fix, what versions of Traffic Control are affected?
Not a bug fix.
## The following criteria are ALL met by this PR
- [x] This PR includes tests OR I have explained why tests are unnecessary
- [x] This PR includes documentation OR I have explained why documentation is unnecessary
- [x] This PR includes an update to CHANGELOG.md OR such an update is not necessary
- [x] This PR includes any and all required license headers
- [x] This PR **DOES NOT FIX A SERIOUS SECURITY VULNERABILITY** (see [the Apache Software Foundation's security guidelines](https://www.apache.org/security/) for details)
## Additional Information
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] mitchell852 merged pull request #5923: Fix codeql t3c false positives
Posted by GitBox <gi...@apache.org>.
mitchell852 merged pull request #5923:
URL: https://github.com/apache/trafficcontrol/pull/5923
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] rob05c commented on pull request #5923: Fix codeql t3c false positives
Posted by GitBox <gi...@apache.org>.
rob05c commented on pull request #5923:
URL: https://github.com/apache/trafficcontrol/pull/5923#issuecomment-857025349
I almost did that. But I figured it'd just pop up again with some other "vet" tool or person in a few months
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [trafficcontrol] ocket8888 commented on pull request #5923: Fix codeql t3c false positives
Posted by GitBox <gi...@apache.org>.
ocket8888 commented on pull request #5923:
URL: https://github.com/apache/trafficcontrol/pull/5923#issuecomment-857023735
Alternatively, CodeQL scanning messages can just be dismissed as false positives by any committer
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org