HackerTrans
TopNewTrendsCommentsPastAskShowJobs

cpachmann

no profile record

Submissions

Show HN: Symdex-100 – Intent-based code search using 20-byte "Cypher" metadata

github.com
2 points·by cpachmann·5 months ago·0 comments

Analysis of Jq: Strengths, Critical Security Risks, and 2.9% Test Coverage

campac.medium.com
4 points·by cpachmann·last year·4 comments

Show HN: Codedd – automating software auditing for investment rounds

codedd.ai
1 points·by cpachmann·last year·0 comments

comments

cpachmann
·last year·discuss
That works 100% of the time, lol!
cpachmann
·last year·discuss
[dead]
cpachmann
·last year·discuss
Hi HN, we ran jq (github.com/jqlang/jq) through our static analysis tool.

It's a fantastic, mature project (13 yrs, 230+ authors, Grade A avg. complexity). However, we found some serious concerns: multiple potential buffer overflows (Red Flags in 9 core files), path traversal issues, and a very low test health score (2.9/100).

Given its widespread use, these findings are pretty significant for anyone relying on it, especially in production pipelines. Full breakdown and data in the post. Curious about your thoughts/experiences.
cpachmann
·last year·discuss
[dead]