|
|
|
|
|
|
by tom-jh
2470 days ago
|
|
|
I've just tested their lgtm.com on our codebase: 1) identified str.replace('[ABC]+', '') correctly as a bug (looks like a regex but is string literal) 2) identified various unnecessary code that TypeScript overlooked 3) identified double-unescaping of html (this one would have probably gone unnoticed for years) And a bunch of other stuff. No actual vulnerability in our case, but still very useful. I'm enabling their checks on every future PR. This was TypeScript but they support the rest of our stack too (Python, Java). I wonder if this includes Kotlin - will try. |
|
|