fix(assail): UnboundedAllocation is Medium, not Critical#128
Closed
hyperpolymath wants to merge 9 commits into
Closed
fix(assail): UnboundedAllocation is Medium, not Critical#128hyperpolymath wants to merge 9 commits into
hyperpolymath wants to merge 9 commits into
Conversation
…rse failure) panic-attack rust-ci.yml + 42 other estate repos that pin rust-ci-reusable.yml@cc5a372a have been failing with 0s-duration "workflow file issue" parse errors since 2026-05-26 (when PR #45 introduced the thin-wrapper). cc5a372a IS reachable from standards/main (verified via git merge-base --is-ancestor), so this is NOT the orphan-SHA failure mode panic-attack#84 thought it was fixing. Empirical: every recent rust-ci run failed at parse time. The reusable's content at cc5a372a is structurally fine. The simplest hypothesis is that GH Actions has cached a bad resolution of this specific SHA — repinning to a fresher merge-commit forces re-fetch. 822fa14e is the current HEAD of standards/main on the file (standards#299, "pass --locked to cargo check/clippy/test"). Bumping forward to that brings the --locked safety along with the unblock. If 822fa14e also fails parse: the issue is not the SHA, and the caller-side workflow file needs investigation (the workflow's API-reported name field has been ".github/workflows/rust-ci.yml" not "Rust CI", suggesting GH never parsed it successfully). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- C001: CodeQL language fixes - C002: License identifier standardization - C003: Outdated actions audit - C004: Pin standards refs to SHA 861b5e9 - C005: Add workflow-level permissions
Heuristic keyword match at ~70% of all estate Criticals (2026-06-11 estate-loop audit), drowning confirmed findings. Medium reflects actual confirmation strength. Hypatia's ingest already applies the same cap for scans from older binaries; this aligns the source. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Owner
Author
|
Superseded by #129 (claude/unbounded-severity-v2) — rebased onto current main. |
auto-merge was automatically disabled
June 13, 2026 21:12
Pull request was closed
4 tasks
hyperpolymath
added a commit
that referenced
this pull request
Jun 13, 2026
## Summary
Changes `Severity::Critical` → `Severity::Medium` for the
`UnboundedAllocation` weak point emitted by `fn analyze_rust` in
`src/assail/analyzer.rs`. This is the only `WeakPoint` construction for
this category; the other occurrences in `analyzer.rs` are `.filter()`
calls on existing findings and are unaffected.
**Motivation:** The heuristic keyword match ("potential pattern") was
calibrated at `Critical` but was ~70% of all estate Criticals in the
2026-06-11 estate-loop audit, drowning confirmed findings. Hypatia's
ingest already caps it to `Medium` for scans produced by older binaries;
this aligns the source so the raw store and PR-scan-comments also
reflect the corrected severity estate-wide.
Rebased onto current main (6a814fa). Supersedes #128.
## Test plan
- [x] `cargo build --release` — clean
- [x] `cargo test --release assail` — pass
- [x] `cargo test --release unbounded` — 6 detection tests green (assert
presence, not severity)
- [x] Change adds no new clippy warnings
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Severity::Critical→Severity::Mediumfor theUnboundedAllocationweak point emitted byfn analyze_rustinsrc/assail/analyzer.rs.WeakPointconstruction for this category; the other occurrences inanalyzer.rsare.filter()calls on existing findings and are unaffected.Motivation: The heuristic keyword match ("potential pattern") was calibrated at
Criticalbut was ~70% of all estate Criticals in the 2026-06-11 estate-loop audit, drowning confirmed findings. Hypatia's ingest already applies a cap toMediumfor scans produced by older binaries; this aligns the source so the raw store and PR-scan-comments also reflect the corrected severity estate-wide.Test plan
cargo build --release— cleancargo test --release assail— pass (no test assertsUnboundedAllocation == Critical)cargo test --release unbounded— 6 detection tests green (assert presence, not severity)analyzer.rsconfirmed pre-existing; change adds zero new warnings🤖 Generated with Claude Code