[Bug]: Fix code scanning alert about invalid syntax in web/autolinker.js
#19453
Comments
|
Tentatively labeling as a release blocker to make sure that we fix or silence this before the actual release. /cc @ryzokuken as the author of the original PR; could you please take a look at this? Thank you! |
|
It is a false positive, CodeQL doesn't know about the |
|
Thank you for checking; I'll remove the release blocker then. Do you know if there is already an upstream issue reported for this? If not, it'd probably be good to do that because currently CodeQL seems to skip checking the entire file:
|
|
Reported, github/codeql#18721 |
|
Looking at github/codeql#18727 (comment) the fix is merged, so we can hopefully close this soon once it get released. |
That's landed now, but unfortunately there's another bug in CodeQL; see github/codeql#18854 |
Attach (recommended) or Link to PDF file
N/A
Web browser and its version
Firefox 134.0.2
Operating system and its version
Arch Linux
PDF.js version
5.0.118 (current master branch; not yet in an official release)
Is the bug present in the latest PDF.js version?
No
Is a browser extension
No
Steps to reproduce the problem
CodeQL states that https://github.com/mozilla/pdf.js/blob/master/web/autolinker.js#L112 contains a syntax error at the beginning of the expression:
\b: Invalid regular expression flag. We should check if this is indeed a problem or if the alert is a false positive and can be silenced.It looks like this was detected in #19110 (review) before.
The full alert can be found at https://github.com/mozilla/pdf.js/security/code-scanning/876.
What is the expected behavior?
CodeQL doesn't report issues on the
masterbranch.What went wrong?
CodeQL reports this issue on the
masterbranch.Link to a viewer
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: