You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The YAML which defines the Webhooks check has a mismatch between the risk (high) and the description (critical). I'm not sure what the proper level is, but it affects what the users see in docs/checks.md and ultimately how the scores will be calculated once the Webhooks check is enabled.
Reproduction steps
N/A
Expected behavior
The risk and the description of the risk should match
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered:
I can take this one. Does the risk affect the weighting in the final score? If so, is there somewhere in the code I can check to see whether it's actually programmed as "high" or "critical"?
I can take this one. Does the risk affect the weighting in the final score? If so, is there somewhere in the code I can check to see whether it's actually programmed as "high" or "critical"?
The risk does affect weighting, but it's taken from the check yaml file. So I don't think that helps identify a source of truth.
That was added after the webhook PR landed, so I'm not sure if Laurent just glanced at the checks file and didn't notice the discrepancy. @laurentsimon do you know what the correct one is? My guess would be critical
That was added after the webhook PR landed, so I'm not sure if Laurent just glanced at the checks file and didn't notice the discrepancy. @laurentsimon do you know what the correct one is? My guess would be critical
+1, critical. It allows an external party to connect to the webhook and pretend to be from the repo.
Describe the bug
The YAML which defines the Webhooks check has a mismatch between the
risk
(high) and thedescription
(critical). I'm not sure what the proper level is, but it affects what the users see indocs/checks.md
and ultimately how the scores will be calculated once the Webhooks check is enabled.Reproduction steps
N/A
Expected behavior
The
risk
and thedescription
of the risk should matchAdditional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: