Home / cloudflare / cloudflared
Repository Analysis

cloudflare/cloudflared

Cloudflare Tunnel client

2.2 Likely human-written View on GitHub
2.2
Adjusted Score
2.2
Raw Score
100%
Time Factor
2026-05-27
Last Push
14,351
Stars
Go
Language
67,029
Lines of Code
421
Files
85
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 2HIGH 1MEDIUM 14LOW 68

Pattern Findings

85 matches across 11 categories. Click a row to expand file-level details.

Decorative Section Separators7 hits · 32 pts
SeverityFileLineSnippet
MEDIUMcomponent-tests/test_prechecks.py301 # ── table structure ──────────────────────────────────────────────────
MEDIUMcomponent-tests/test_prechecks.py311 # ── row content ──────────────────────────────────────────────────────
MEDIUMcomponent-tests/test_prechecks.py346 # ── no action lines ──────────────────────────────────────────────────
MEDIUMcomponent-tests/test_prechecks.py350 # ── summary line ─────────────────────────────────────────────────────
MEDIUMcomponent-tests/test_prechecks.py354 # ── structured log ───────────────────────────────────────────────────
MEDIUMcomponent-tests/test_prechecks.py410 # ── table structure ──────────────────────────────────────────────────
MEDIUMcomponent-tests/test_prechecks.py420 # ── row content ──────────────────────────────────────────────────────
Hyper-Verbose Identifiers29 hits · 29 pts
SeverityFileLineSnippet
LOWrelease_pkgs.py172 def _setup_rpm_pkg_directories(self, artifacts_path, gpg_key_name, archs=["aarch64", "x86_64", "386"]):
LOWcomponent-tests/conftest.py54def wait_previous_cloudflared():
LOWcomponent-tests/test_termination.py57 def test_shutdown_once_no_connection(self, tmp_path, component_tests_config, signal, protocol):
LOWcomponent-tests/test_termination.py77 def test_no_connection_shutdown(self, tmp_path, component_tests_config, signal, protocol):
LOWcomponent-tests/test_tail.py16 async def test_start_stop_streaming(self, tmp_path, component_tests_config):
LOWcomponent-tests/test_tail.py62 async def test_streaming_logs_filters(self, tmp_path, component_tests_config):
LOWcomponent-tests/test_tail.py90 async def test_streaming_logs_sampling(self, tmp_path, component_tests_config):
LOWcomponent-tests/test_tail.py118 async def test_streaming_logs_actor_override(self, tmp_path, component_tests_config):
LOWcomponent-tests/test_tail.py136async def start_streaming_to_be_remotely_closed(url):
LOWcomponent-tests/test_tail.py156async def generate_and_validate_http_events(websocket: WebSocketClientProtocol, url: str, count_send: int):
LOWcomponent-tests/test_tail.py174async def generate_and_validate_no_log_event(websocket: WebSocketClientProtocol, url: str):
LOWcomponent-tests/test_service.py26 def test_launchd_service_log_to_file(self, tmp_path, component_tests_config):
LOWcomponent-tests/test_service.py43 def test_launchd_service_with_token(self, tmp_path, component_tests_config):
LOWcomponent-tests/test_service.py58 def test_launchd_service_rotating_log(self, tmp_path, component_tests_config):
LOWcomponent-tests/test_service.py89 def test_sysv_service_log_to_file(self, tmp_path, component_tests_config):
LOWcomponent-tests/test_service.py106 def test_sysv_service_rotating_log(self, tmp_path, component_tests_config):
LOWcomponent-tests/test_service.py125 def test_sysv_service_with_token(self, tmp_path, component_tests_config):
LOWcomponent-tests/util.py138def run_cloudflared_background(cmd, allow_input, capture_output):
LOWcomponent-tests/util.py198def check_tunnel_not_connected():
LOWcomponent-tests/test_prechecks.py123def _poll_log_file_for_precheck_complete(log_file: str, timeout: float) -> list[dict]:
LOWcomponent-tests/test_prechecks.py144def _read_precheck_log_lines_from_file(log_file: str) -> list[dict]:
LOWcomponent-tests/test_prechecks.py238def _assert_precheck_summary_log(
LOWcomponent-tests/test_prechecks.py271 def test_prechecks_pass_on_healthy_connection(self, tmp_path, component_tests_config):
LOWcomponent-tests/test_prechecks.py381 def test_prechecks_hard_fail_when_edge_unreachable(self, tmp_path, component_tests_config):
LOWcomponent-tests/test_prechecks.py476 def test_diag_contains_prechecks_json(self, tmp_path, component_tests_config):
LOWcomponent-tests/test_management.py93 def test_get_metrics_when_disabled(self, tmp_path, component_tests_config):
LOWcomponent-tests/test_edge_discovery.py64 def expect_address_connections(self, tmp_path, component_tests_config, protocol, edge_ip_version, assert_address_typ
LOWcomponent-tests/test_token.py18 def test_get_credentials_file(self, tmp_path, component_tests_config):
LOWcomponent-tests/test_config.py7 def test_validate_ingress_rules(self, tmp_path, component_tests_config):
Over-Commented Block20 hits · 20 pts
SeverityFileLineSnippet
LOW.golangci.yaml61 max-issues-per-linter: 50
LOW.golangci.yaml81 # Can use regexp here: `generated.*`, regexp is applied on full path,
LOW.gitlab-ci.yml41 #####################################################
LOW.gitlab-ci.yml61 #####################################################
LOWtoken/encrypt.go1// Package encrypter is suitable for encrypting messages you would like to securely share between two points.
LOWcmd/cloudflared/linux_service.go101 // nolint: dupword
LOWcrypto/curves.go21// Canonical curve lists returned by GetCurvePreferences. They are kept
LOWcrypto/doc.go1// Package crypto centralizes the cryptographic primitives and TLS
LOWcrypto/doc.go21// CLI flag. No classical fallback is offered, so a peer that does not
LOWingress/config.go301 // HTTP proxy timeout for closing an idle connection
LOWconfig/configuration.go181 OriginRequest OriginRequestConfig `yaml:"originRequest" json:"originRequest"`
LOWconfig/configuration.go201 KeepAliveConnections *int `yaml:"keepAliveConnections" json:"keepAliveConnections,omitempty"`
LOWedgediscovery/allregions/discovery.go81 TCP *net.TCPAddr
LOWprechecks/types.go81 // Addrs holds the resolved edge addresses for this target. May be empty
LOWprechecks/checker.go41
LOWquic/v3/datagram.go61
LOWquic/v3/datagram.go201// The datagram structure for UDPSessionPayloadDatagram is:
LOWquic/v3/datagram.go281 // Session was received and is ready to proxy.
LOWquic/v3/datagram.go301// 8| (16 Bytes) |
LOWquic/v3/datagram.go381
Hallucination Indicators2 hits · 20 pts
SeverityFileLineSnippet
CRITICALconnection/control.go112 c.observer.metrics.localConfigMetrics.pushesErrors.Inc()
CRITICALconnection/control.go115 c.observer.metrics.localConfigMetrics.pushes.Inc()
AI Slop Vocabulary5 hits · 16 pts
SeverityFileLineSnippet
LOW.ci/release.gitlab-ci.yml21 # we simply set both to the same value.
MEDIUMingress/origin_icmp_proxy.go40 // response to utilize.
MEDIUMingress/origins/dns.go206// NewDNSDialer creates a custom dialer for the DNS resolver service to utilize.
MEDIUMcomponent-tests/test_prechecks.py302 # zerolog writes to stderr which is merged into stdout by the harness.
MEDIUMcomponent-tests/test_prechecks.py411 # zerolog writes to stderr which is merged into stdout by the harness.
Unused Imports8 hits · 8 pts
SeverityFileLineSnippet
LOWgithub_release.py15
LOWcomponent-tests/test_management.py5
LOWcomponent-tests/test_management.py8
LOWcomponent-tests/test_reconnect.py2
LOWcomponent-tests/test_reconnect.py9
LOWcomponent-tests/test_tunnel.py6
LOWcomponent-tests/test_tunnel.py7
LOWcomponent-tests/test_tunnel.py8
Excessive Try-Catch Wrapping5 hits · 6 pts
SeverityFileLineSnippet
LOWgithub_release.py311 except Exception as e:
LOWrelease_pkgs.py410 except Exception as e:
LOWgithub_message.py166 except Exception as e:
LOWcomponent-tests/util.py162 except Exception as e:
MEDIUMcomponent-tests/util.py159def wait_tunnel_ready(tunnel_url=None, require_min_connections=1, cfd_logs=None)
Self-Referential Comments2 hits · 6 pts
SeverityFileLineSnippet
MEDIUM.ci/scripts/vuln-check.sh4# Define the file to store the list of vulnerabilities to ignore.
MEDIUM.ci/scripts/component-tests.sh16# Define the cleanup function
Docstring Block Structure1 hit · 5 pts
SeverityFileLineSnippet
HIGHcomponent-tests/util.py245 Decode the payload section of a JWT token without signature verification. JWT Structure: =============
Redundant / Tautological Comments3 hits · 4 pts
SeverityFileLineSnippet
LOW.ci/scripts/vuln-check.sh8# Check if the ignored vulnerabilities file exists. If not, create an empty one.
LOW.ci/scripts/release-target.sh4# Check if a make target is provided as an argument
LOW.ci/scripts/linux/build-packages.sh4# Check if architecture argument is provided
Deep Nesting3 hits · 3 pts
SeverityFileLineSnippet
LOWgithub_release.py276
LOWrelease_pkgs.py172
LOWcomponent-tests/test_prechecks.py144