Fix error: use of undeclared identifier 'free'#58
Merged
Conversation
Owner
|
Looks positive |
etr
added a commit
that referenced
this pull request
Jan 7, 2015
Fix error: use of undeclared identifier 'free'
etr
added a commit
that referenced
this pull request
May 28, 2026
…files Sweeper agents verified each unchecked finding against the current code on feature/v2.0 and added a *Status:* line (Resolved / False positive / deferred) where one was missing. Coverage: - 22 review files swept (task-007/008/010/011/012/013/019/020/022/023/028/ 029/030/036/040/042/047/049 plus three already fully dispositioned) - ~330 items dispositioned this pass - 0 remaining unchecked items without a *Status:* / *Fixed:* / *Deferred:* marker across the whole specs/unworked_review_issues/ directory Notable verified-fixed clusters: TASK-011/012/013 closed most of TASK-010's http_response findings; TASK-046/048/049 closed most of TASK-047's hook-bus findings; TASK-027 cache + ban-system work closed most of TASK-019/020/030. Notable deferrals worth a follow-up pass (queued for Pass 2): - task-019 #22: A09 password plaintext in http_request operator<< - task-010 #23/#24: input-validation gaps in http_response file/pipe factories - task-036 #37: v2 3-tier route table (TASK-027) built but never wired into dispatch hot path - task-036 #38: auth_handler_ptr migration to optional<http_response> - task-040 #58–#61: hardcoded creds + reflected XSS + path traversal in example code (users will copy these) - task-047 #3/#4/#5: hook_handle::remove() switch refactor + fire_hooks unification + curl helper extraction No code changes in this commit — only review-file dispositions. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
etr
added a commit
that referenced
this pull request
May 28, 2026
Implements the highest-signal deferred findings surfaced by Pass 1: examples/ — security fixes copied by users (CWE-798, CWE-79, CWE-22): - basic_authentication.cpp: read BASIC_USER/BASIC_PASS from env; bail if unset; capture into the lambda. Removes hardcoded "myuser"/"mypass". - digest_authentication.cpp: read DIGEST_PASS from env; bail if unset. - file_upload.cpp: add html_escape() helper and escape every user-controlled field (key, filename, fs path, content-type, transfer encoding) before writing into the HTML table. - file_upload_with_callback.cpp: html_escape() the filename in the HTML body and add is_safe_filename() guard (rejects empty/./../slash/ backslash/NUL) before joining with permanent_dir. test/REGRESSION.md §4 — prose drift: - The pinned overlap test now asserts `*hp == first` (deterministic first-wins) but the prose still said "could be either one". Updated to match the actual assertion and remove the v1-era hedge. Closes task-040 #58 #59 #60 #61 and task-028 #9 #25 in the unworked review issues tracker. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.