On Sun, 22 Dec 2024, 陈星杵 via curl-library wrote:
So do you want to not use CodeQL in the Git? I think the bugs that CodeQL
can find rely too much on expert knowledge, so this may be the reason why it
is not effective.
Not at all. We have plenty of experts around the project, that's not the
problem.
The problem is that CodeQL only finds silly things that we already know and
need, like warning for openening files. I suspect partly because we already
have found and fixed the easy problems that CodeQL could perhaps otherwise
detect in a younger C program having had less time to mature.
--
/ daniel.haxx.se || https://rock-solid.curl.dev
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
