Commit 308c29b
fix: eliminate self-scan false positives, fix broken API calls after cargo update
- Add strip_string_literals_rs() to analyzer: strips regular strings and raw
strings before pattern matching, preventing detection-string literals (e.g.
content.matches("unsafe {")) from triggering their own rules on self-scan
- Handle character literals (especially '"') in the stripper to avoid
incorrectly treating adjacent double-quote char literals as string starts
- Add "runtime/" to walk_directory skip list — mutation artifacts from amuck
are not source code and should not be scanned
- Fix getrandom::getrandom → getrandom::fill (getrandom 0.3 API change)
- Fix eframe 0.34 App trait: add required ui() stub, fix run_native closure
to return Ok(Box::new(app)) as required by updated API
- Fix http:// → https:// in kin.rs algorithm reference comment
- Update panic-attacker.toml.example: rename [xray] → [assail] to match the
2026-02-08 binary rename (panic-attacker → panic-attack, xray → assail)
- Resolve Cargo.lock libc version conflict (0.2.180 → 0.2.183)
Self-scan result: 40 → 23 findings; Critical+High false positives eliminated.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>1 parent 7667f97 commit 308c29b
6 files changed
Lines changed: 110 additions & 82 deletions
File tree
- src
- assail
- attestation
- report
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
| 3 | + | |
4 | 4 | | |
5 | | - | |
6 | | - | |
| 5 | + | |
| 6 | + | |
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
| |||
0 commit comments