Skip to content

feat: add security foot-gun finder#93

Open
gbasin wants to merge 3 commits intomasterfrom
feat/security-footgun-finder-iter2
Open

feat: add security foot-gun finder#93
gbasin wants to merge 3 commits intomasterfrom
feat/security-footgun-finder-iter2

Conversation

@gbasin
Copy link
Owner

@gbasin gbasin commented Feb 22, 2026

Summary

  • add a repo-local static security foot-gun scanner with high-signal heuristics for shell interpolation, eval/new Function, unsafe HTML injection, TLS verification bypass, and insecure temp-file construction
  • add robust inline suppression parsing from real comments only, with rule-scoped line/next-line directives
  • add scanner unit tests covering detection, severity/threshold behavior, and regressions for suppression/comment false positives/negatives
  • add CLI entrypoint and package scripts, wire CI to run a conservative critical-threshold scan, and document usage/limitations in README

Verification

  • bun run security:footgun -- --json
  • bun run security:footgun:ci
  • bun run lint && bun run typecheck && bun run test

gbasin and others added 3 commits February 21, 2026 16:14
@gbasin @claude
fix: harden Safari PWA reconnect loop with settle delay and leak trac…
cbb5e21 
…king

Safari PWA on iOS over Tailscale could enter a connect/reconnect loop
after short backgrounds (<30s) that never self-resolved within 10-15s.
Root cause: visibilitychange fires before iOS restores networking, and
zombie WebSocket connections may exhaust the browser's per-origin limit.

- Always force-reconnect on resume (remove verification ping on zombie)
- Add 750ms settle delay before first connect to let iOS restore network
- Use 8s connect timeout on resume (vs 3s) for VPN tunnel recovery
- Track all created sockets; purge leaked zombies on force-reconnect
- Stall detection: after 4 consecutive failures, purge + 5s cooldown
- Enhanced clientLog instrumentation (LOG_LEVEL=debug) for diagnostics

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gbasin
feat: add security foot-gun scanner
d755ccb 
Nightshift-Task: security-footgun
Nightshift-Ref: https://github.com/marcus/nightshift
@gbasin
chore: wire security foot-gun scan into ci
44aa5cc 
Nightshift-Task: security-footgun
Nightshift-Ref: https://github.com/marcus/nightshift
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gbasin