Skip to content

fix(security): taint _detect_languages caused 3x redundant scan + duplicate findings#213

Merged
Wolfvin merged 1 commit into
mainfrom
fix/taint-language-detection-triple-scan
Jul 11, 2026
Merged

fix(security): taint _detect_languages caused 3x redundant scan + duplicate findings#213
Wolfvin merged 1 commit into
mainfrom
fix/taint-language-detection-triple-scan

Conversation

@Wolfvin

@Wolfvin Wolfvin commented Jul 11, 2026

Copy link
Copy Markdown
Owner

Found while auditing security --check taint against Smart Tax Assistance app (smart-tax-assistance/app/src).

languages_analyzed returned ["typescript","typescript","typescript"] and files_analyzed: 303 for a workspace with only 101 actual .ts files — the whole taint scan ran 3x redundantly.

Root cause: _detect_languages()'s inner break only exited the marker-matching loop, not the file loop, and the early-exit guard only checked after an entire directory's files were exhausted. Any workspace with 3+ matching files in the first walked directory got that language duplicated N times in the returned list — and since the caller re-runs the entire scan once per list entry, this wasn't cosmetic: it tripled scan time and (on a codebase with real findings) would have tripled duplicate findings in the output.

Verified: languages_analyzed: ["typescript"], files_analyzed: 101 after fix — matches ground truth.

@Wolfvin Wolfvin merged commit 56833c0 into main Jul 11, 2026
@Wolfvin Wolfvin deleted the fix/taint-language-detection-triple-scan branch July 11, 2026 18:55
@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

…licate findings

_detect_languages() appended lang to found[] once per matching FILE, not
once per language, because the inner 'break' only exited the marker loop,
not the file loop — and the early-exit guard only ran after an entire
directory's files were exhausted. Any workspace with 3+ matching files in
its first walked directory got that language duplicated N times in the
returned list.

Since the caller iterates 'languages' and re-runs the ENTIRE taint scan
once per entry, this wasn't cosmetic — it caused the whole analysis to run
redundantly 3x (or however many dupes existed), tripling scan time and
(on a codebase with real findings) would have tripled duplicate findings
in the output.

Found via real-codebase validation (Coretax-Auto-Downloader smart-tax-
assistance app): languages_analyzed returned
["typescript","typescript","typescript"], files_analyzed:303 for a
workspace with only 101 actual .ts files. After fix: languages_analyzed
["typescript"], files_analyzed:101 — matches ground truth.
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant