Skip to content

Avoid secret scan file race#9

Merged
Mandal-OS merged 1 commit into
mainfrom
codex/fix-codeql-secret-scan-race
Jun 27, 2026
Merged

Avoid secret scan file race#9
Mandal-OS merged 1 commit into
mainfrom
codex/fix-codeql-secret-scan-race

Conversation

@Mandal-OS

Copy link
Copy Markdown
Owner

Summary

  • Avoid the stat-then-read pattern in scripts/check-secrets.mjs that CodeQL flagged as a file-system race.
  • Read the file first, then skip large buffers before text/secret scanning.

Verification

  • npm run check
  • npm audit --audit-level=low
  • node --check scripts/check-secrets.mjs

Risk Review

  • Security: addresses a CodeQL warning in the secret scanner.
  • Performance: still skips buffers larger than 1 MB before regex scanning.
  • Operations: no workflow changes.

@Mandal-OS Mandal-OS merged commit 9d6563e into main Jun 27, 2026
3 checks passed
@Mandal-OS Mandal-OS deleted the codex/fix-codeql-secret-scan-race branch June 27, 2026 02:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants