24839511143
85%
master: 85%

Ran 23 Apr 2026 02:06PM UTC

Jobs 1

Files 310

Run time 29s

Badge

Embed ▾

pending completion

Build # 24839511143

Build Type

Pull #2090

gh-ci

Committed by

vchaindz

Commit Message

security: silence CodeQL false positives in remoteapp + stmt

CodeQL reported three findings on this branch:

- remote_app.go:542 + :574 (go/incorrect-integer-conversion):
  the 'idInt := int(id)' narrowing of an int64 chunk id was flagged
  despite the surrounding id < 0 / id > math.MaxInt bounds check —
  CodeQL's taint tracker does not recognise that guard as a sanitizer.
  Switch both loops to index chunkInfos with the int64 id directly,
  matching the style already used in OpenAppendable (line 437, 443).
  The narrowing cast, and therefore the finding, disappears entirely.
  math import is no longer needed here and is removed.

- stmt.go:688 (go/allocation-size-overflow):
  make([]byte, 1+4+2+len(colNameBytes)+len(defaultSQL)) was flagged
  because defaultSQL flows from JSON.String()/json.Marshal on user-
  controlled column defaults. Add hard caps — 64KiB colName, 1MiB
  defaultSQL — before the allocation. Both limits are already orders
  of magnitude above any realistic column metadata size, and make the
  bound visible to CodeQL at the call site.

Pull Request Pull Request #2090: v1.11.0: PostgreSQL compatibility and SQL feature expansion

Coverage Stats

44593 of 52298 relevant lines covered (85.27%)

127340.4 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	24839511143.1	23 Apr 2026 02:06PM UTC	310	85.27

codenotary / immudb / 24839511143
85%
master: 85%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 24839511143

codenotary / immudb / 24839511143 85% master: 85%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 24839511143

codenotary / immudb / 24839511143
85%
master: 85%

README BADGES
x