Skip to content

Instantly share code, notes, and snippets.

@flatcap

flatcap/README.md

Last active December 10, 2025 13:00
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save flatcap/fccc96ce693e06621a35d2dafa8ed2c5 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save flatcap/fccc96ce693e06621a35d2dafa8ed2c5 to your computer and use it in GitHub Desktop.
Download ZIP
code scanning
Raw
README.md

NeoMutt CodeQL Code Scanning

Last update: 2025-12-10

Download 2 pages of 100 issues

gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" "/repos/neomutt/neomutt/code-scanning/alerts?state=open&per_page=100&page=1" | json_reformat > s1.json
gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" "/repos/neomutt/neomutt/code-scanning/alerts?state=open&per_page=100&page=2" | json_reformat > s2.json

Export some fields

jq '.[] | .most_recent_instance.location.path,.most_recent_instance.location.start_line,.most_recent_instance.location.start_column,.number,.rule.description' s1.json > l1
jq '.[] | .most_recent_instance.location.path,.most_recent_instance.location.start_line,.most_recent_instance.location.start_column,.number,.rule.description' s2.json > l2

Tidy the results

In Vim, edit l1, l1, then :source tidy.vim

vim quickfix list

qf.txt

109 Issues

  • 27 For loop variable changed in body
  • 26 Poorly documented large function
  • 21 Local variable address stored in non-local memory
  • 9 Year field changed using an arithmetic operation without checking for leap year
  • 8 Long switch case
  • 5 Uncontrolled data used in path expression
  • 3 Nested loops with same variable
  • 3 Futile conditional
  • 2 Time-of-check time-of-use filesystem race condition
  • 2 File created without restricting permissions
  • 2 Cleartext transmission of sensitive information
  • 1 Uncontrolled process operation
Raw
qf.txt
ncrypt/smime.c:745:11: 2 Cleartext transmission of sensitive information
ncrypt/smime.c:780:13: 3 Cleartext transmission of sensitive information
maildir/message.c:567:10: 1103 File created without restricting permissions
mh/shared.c:86:10: 691 File created without restricting permissions
compose/functions.c:649:9: 187 For loop variable changed in body
compose/functions.c:661:9: 188 For loop variable changed in body
email/parse.c:226:17: 507 For loop variable changed in body
email/parse.c:639:5: 208 For loop variable changed in body
email/parse.c:644:5: 209 For loop variable changed in body
email/rfc2047.c:385:9: 1063 For loop variable changed in body
email/rfc2231.c:117:7: 571 For loop variable changed in body
email/url.c:204:9: 572 For loop variable changed in body
imap/utf7.c:119:7: 213 For loop variable changed in body
imap/utf7.c:129:27: 214 For loop variable changed in body
imap/util.c:725:11: 1183 For loop variable changed in body
mutt/buffer.c:446:20: 932 For loop variable changed in body
mutt/file.c:1381:28: 508 For loop variable changed in body
mutt/file.c:1386:11: 509 For loop variable changed in body
mutt/path.c:80:13: 217 For loop variable changed in body
mutt/slist.c:201:7: 218 For loop variable changed in body
mutt_header.c:331:13: 510 For loop variable changed in body
ncrypt/gnupgparse.c:280:13: 223 For loop variable changed in body
ncrypt/gnupgparse.c:286:13: 224 For loop variable changed in body
ncrypt/gnupgparse.c:292:13: 225 For loop variable changed in body
ncrypt/gnupgparse.c:359:20: 226 For loop variable changed in body
ncrypt/gpgme_functions.c:198:7: 1109 For loop variable changed in body
ncrypt/gpgme_functions.c:215:9: 228 For loop variable changed in body
ncrypt/gpgme_functions.c:223:11: 573 For loop variable changed in body
ncrypt/smime.c:301:20: 231 For loop variable changed in body
nntp/complete.c:66:9: 230 For loop variable changed in body
pattern/pattern.c:117:7: 483 For loop variable changed in body
mutt/signal.c:84:3: 1190 Futile conditional
mutt/signal.c:98:5: 1189 Futile conditional
mutt/signal.c:117:3: 1188 Futile conditional
alias/dlg_alias.c:240:3: 325 Local variable address stored in non-local memory
alias/dlg_query.c:317:3: 326 Local variable address stored in non-local memory
browser/dlg_browser.c:856:3: 1130 Local variable address stored in non-local memory
browser/dlg_browser.c:857:3: 1131 Local variable address stored in non-local memory
conn/dlg_verifycert.c:173:3: 331 Local variable address stored in non-local memory
editor/window.c:297:3: 1187 Local variable address stored in non-local memory
email/parse.c:257:9: 334 Local variable address stored in non-local memory
email/rfc2231.c:232:5: 336 Local variable address stored in non-local memory
email/thread.c:112:3: 527 Local variable address stored in non-local memory
history/dlg_history.c:132:3: 1132 Local variable address stored in non-local memory
imap/browse.c:165:3: 341 Local variable address stored in non-local memory
imap/browse.c:277:5: 1100 Local variable address stored in non-local memory
imap/command.c:701:3: 343 Local variable address stored in non-local memory
imap/imap.c:1319:3: 344 Local variable address stored in non-local memory
mutt/notify.c:210:3: 1110 Local variable address stored in non-local memory
mutt_thread.c:1063:5: 349 Local variable address stored in non-local memory
ncrypt/dlg_gpgme.c:233:3: 1135 Local variable address stored in non-local memory
ncrypt/dlg_pgp.c:233:3: 1133 Local variable address stored in non-local memory
ncrypt/dlg_smime.c:210:3: 1134 Local variable address stored in non-local memory
pager/dlg_pager.c:353:3: 353 Local variable address stored in non-local memory
postpone/dlg_postpone.c:223:3: 1136 Local variable address stored in non-local memory
email/parse.c:686:3: 521 Long switch case
flags.c:71:3: 575 Long switch case
muttlib.c:137:5: 1193 Long switch case
ncrypt/gnupgparse.c:172:5: 19 Long switch case
ncrypt/smime.c:2050:5: 20 Long switch case
notmuch/notmuch.c:1389:3: 21 Long switch case
pattern/compile.c:369:5: 23 Long switch case
pattern/compile.c:931:5: 692 Long switch case
postpone/postpone.c:225:24: 356 Nested loops with same variable
postpone/postpone.c:260:22: 357 Nested loops with same variable
postpone/postpone.c:297:16: 358 Nested loops with same variable
address/address.c:480:5: 577 Poorly documented large function
attach/recvattach.c:431:6: 693 Poorly documented large function
convert/content_info.c:49:6: 285 Poorly documented large function
enriched.c:120:13: 478 Poorly documented large function
envelope/window.c:502:12: 427 Poorly documented large function
handler.c:1130:12: 697 Poorly documented large function
history/history.c:203:13: 1115 Poorly documented large function
index/functions.c:1349:12: 292 Poorly documented large function
index/functions.c:1467:12: 291 Poorly documented large function
mbox/mbox.c:183:27: 293 Poorly documented large function
mutt/filter.c:62:7: 659 Poorly documented large function
mutt_thread.c:233:13: 294 Poorly documented large function
ncrypt/crypt.c:1117:5: 1104 Poorly documented large function
ncrypt/crypt.c:1241:5: 695 Poorly documented large function
ncrypt/crypt_gpgme.c:3532:14: 296 Poorly documented large function
ncrypt/pgp.c:1463:7: 295 Poorly documented large function
notmuch/notmuch.c:2253:22: 298 Poorly documented large function
pager/pager.c:132:12: 526 Poorly documented large function
pattern/exec.c:845:13: 299 Poorly documented large function
pattern/pattern.c:188:5: 1128 Poorly documented large function
pop/auth.c:523:5: 300 Poorly documented large function
recvcmd.c:949:6: 694 Poorly documented large function
send/send.c:236:12: 301 Poorly documented large function
send/send.c:1156:12: 574 Poorly documented large function
send/sendlib.c:454:14: 284 Poorly documented large function
send/smtp.c:622:12: 303 Poorly documented large function
mutt/file.c:171:18: 1207 Time-of-check time-of-use filesystem race condition
mutt/file.c:183:3: 6 Time-of-check time-of-use filesystem race condition
help.c:196:30: 1191 Uncontrolled data used in path expression
key/dump.c:199:24: 1192 Uncontrolled data used in path expression
mutt/logging.c:131:31: 1205 Uncontrolled data used in path expression
ncrypt/smime.c:1448:20: 1206 Uncontrolled data used in path expression
send/sendlib.c:114:26: 913 Uncontrolled data used in path expression
send/sendmail.c:172:14: 384 Uncontrolled process operation
expando/node_conddate.c:87:10: 1099 Year field changed using an arithmetic operation without checking for leap year
mutt/date.c:353:9: 319 Year field changed using an arithmetic operation without checking for leap year
mutt/date.c:358:9: 486 Year field changed using an arithmetic operation without checking for leap year
mutt/date.c:369:11: 321 Year field changed using an arithmetic operation without checking for leap year
mutt/date.c:383:11: 322 Year field changed using an arithmetic operation without checking for leap year
mutt/date.c:591:8: 522 Year field changed using an arithmetic operation without checking for leap year
mutt/date.c:756:8: 1114 Year field changed using an arithmetic operation without checking for leap year
pattern/compile.c:230:11: 324 Year field changed using an arithmetic operation without checking for leap year
pattern/compile.c:344:8: 323 Year field changed using an arithmetic operation without checking for leap year
Raw
tidy.vim
%s/"//e
0
g/\.c$/norm Jr:Jr:A:Jr Jr
%!sort -t' ' -k3,3 -k1,1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment