Home / rancher / rancher
Repository Analysis

rancher/rancher

Complete container management platform

0.8 Likely human-written View on GitHub
0.8
Adjusted Score
0.8
Raw Score
100%
Time Factor
2026-05-29
Last Push
25,621
Stars
Go
Language
381,041
Lines of Code
1708
Files
249
Pattern Hits
2026-05-31
Scan Date

Score History

Severity Breakdown

CRITICAL 6HIGH 1MEDIUM 11LOW 231

Pattern Findings

249 matches across 11 categories. Click a row to expand file-level details.

Over-Commented Block172 hits · 170 pts
SeverityFileLineSnippet
LOWgenerate.go1//go:generate go run pkg/codegen/buildconfig/writer.go pkg/codegen/buildconfig/main.go
LOWchart/values.yaml41 # Optional: Image-specific pullPolicy Override
LOWchart/values.yaml61# - name: CATTLE_TLS_MIN_VERSION
LOWchart/values.yaml81 # Defaults to true; options: true, false
LOWchart/values.yaml121 # protocol: HTTPS
LOWchart/values.yaml141 # When set true, you must also set `ingress.servicePort` to 443 and the appropriate ingress annotation to use HTTPS
LOWchart/values.yaml161noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
LOWchart/values.yaml181# options: Always, Never, IfNotPresent
LOWchart/values.yaml201# - external
LOWchart/values.yaml301# Required for EKS clusters using non-VPC CNIs (e.g. Calico).
LOWchart/values.yaml321# spec:
LOWchart/values.yaml341# policyTypes:
LOWtests/v2/integration/rbac/projects_test.go741 },
LOWtests/pkg/serviceaccounttoken/mitigation_test.go21)
LOWpkg/settings/setting.go161 // AuthUserInfoMaxAgeSeconds represents the maximum age of a users auth tokens before an auth provider group membership
LOWpkg/settings/setting.go181
LOWpkg/settings/setting.go401 // account. Setting it to false is only recommended for testing and development environments.
LOWpkg/rbac/common.go321//
LOWpkg/cluster/private_registry.go161//
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go21 // This field is only populated for provisioned and custom clusters.
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go41 // auth endpoint.
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go61 // AdmissionConfiguration resource as yaml, and create a
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go81 // Calico; other CNIs apply host network policies using pod CIDRs.
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go101type ClusterAPIConfig struct {
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go121 // +optional
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go141
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go161 // +optional
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go181 // in non-Secret API objects.
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go201
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go221 DrainBeforeDeleteTimeout *metav1.Duration `json:"drainBeforeDeleteTimeout,omitempty"`
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go241 // Deprecated: this field is currently unused and will be removed in a
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go261 // +nullable
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go281 AutoscalingMaxSize *int32 `json:"autoscalingMaxSize,omitempty"`
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go301 // unhealthy.
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go321 // +nullable
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go341 // machines in this pool.
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go361 // starts. Once new machines are ready, old MachineSet can be scaled
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go381 // at any time during the update is at most 130% of desired machines.
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go401}
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go421 OverrideResourceRequirements *corev1.ResourceRequirements `json:"overrideResourceRequirements,omitempty"`
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go461 // An eviction is allowed if at least "minAvailable" will still be
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go481}
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go501 // set to the value of the annotation.
LOWpkg/apis/provisioning.cattle.io/v1/cluster_types.go521 // provisioning cluster spec.
LOWpkg/apis/catalog.cattle.io/v1/plugin.go41 // +kubebuilder:default:=false
LOWpkg/apis/management.cattle.io/v3/oidc_provider_types.go61 // TokenExpirationSeconds specifies the duration (in seconds) before
LOWpkg/apis/management.cattle.io/v3/machine_types.go161// +genclient:nonNamespaced
LOWpkg/apis/management.cattle.io/v3/machine_types.go181}
LOWpkg/apis/management.cattle.io/v3/machine_types.go221 // +optional
LOWpkg/apis/management.cattle.io/v3/machine_types.go241 AddCloudCredential bool `json:"addCloudCredential,omitempty"`
LOWpkg/apis/management.cattle.io/v3/condition.go1package v3
LOWpkg/apis/management.cattle.io/v3/condition.go21 // +kubebuilder:validation:Required
LOWpkg/apis/management.cattle.io/v3/condition.go41 // +kubebuilder:validation:Type=string
LOWpkg/apis/management.cattle.io/v3/authz_types.go21
LOWpkg/apis/management.cattle.io/v3/authz_types.go101 // +kubebuilder:validation:Required
LOWpkg/apis/management.cattle.io/v3/authz_types.go121 // +optional
LOWpkg/apis/management.cattle.io/v3/authz_types.go161
LOWpkg/apis/management.cattle.io/v3/authz_types.go181
LOWpkg/apis/management.cattle.io/v3/authz_types.go201 // ResourceRules rules granted in all backing namespaces for all fleet workspaces besides the local one.
LOWpkg/apis/management.cattle.io/v3/authz_types.go221 Summary string `json:"summary,omitempty"`
112 more matches not shown…
Hallucination Indicators6 hits · 60 pts
SeverityFileLineSnippet
CRITICALpkg/capr/planner/etcdrestore.go746 if !deletingEtcdNode.Machine.Spec.Bootstrap.ConfigRef.IsDefined() {
CRITICALpkg/telemetry/telemetry.go107 cpuQ := n.n.Status.InternalNodeStatus.Capacity.Cpu()
CRITICALpkg/telemetry/telemetry.go115 memQ := n.n.Status.InternalNodeStatus.Capacity.Memory()
CRITICALpkg/controllers/managementuser/rbac/project_handler.go141 _, err := p.m.workload.Management.Management.Projects(p.m.workload.ClusterName).Update(project)
CRITICAL…/controllers/managementuser/rbac/legacy_crb_cleaner.go35 grCache: m.workload.Management.Wrangler.Mgmt.GlobalRole().Cache(),
CRITICAL…/controllers/managementuser/rbac/legacy_crb_cleaner.go36 grbCache: m.workload.Management.Wrangler.Mgmt.GlobalRoleBinding().Cache(),
Hyper-Verbose Identifiers41 hits · 41 pts
SeverityFileLineSnippet
LOWtests/integration/suite/test_cluster_defaults.py8def check_cluster_kubernetes_version(admin_mc):
LOWtests/integration/suite/test_cluster_defaults.py22def test_generic_initial_defaults(admin_mc):
LOWtests/integration/suite/test_cluster_defaults.py79def test_import_initial_conditions(admin_mc, remove_resource):
LOWtests/integration/suite/test_cluster_scan.py5def test_run_scan_not_available_on_not_ready_cluster(admin_mc,
LOWtests/integration/suite/conftest.py323def raw_remove_custom_resource(admin_mc, request):
LOWtests/integration/suite/test_namespaced_secrets.py69def test_namespaced_certificates(admin_pc, admin_cc_client):
LOWtests/integration/suite/test_namespaced_secrets.py114def test_namespaced_docker_credential(admin_pc, admin_cc_client):
LOWtests/integration/suite/test_namespaced_secrets.py167def test_namespaced_basic_auth(admin_pc, admin_cc_client):
LOWtests/integration/suite/test_etcdbackups.py27def test_standard_users_cannot_access_backups(admin_mc, user_factory):
LOWtests/integration/suite/test_pod_security_policies.py10 def remove_pspt_from_cluster_and_delete(cluster):
LOWtests/integration/suite/test_pod_security_policies.py23def check_cluster_kubernetes_version(admin_mc):
LOWtests/integration/suite/test_pod_security_policies.py77def service_account_has_role_binding(rbac, pspt):
LOWtests/integration/suite/test_pod_security_policies.py87def test_service_accounts_have_role_binding(admin_mc, request):
LOWtests/integration/suite/test_pod_security_policies.py112def test_pod_security_policy_template_del(admin_mc, admin_pc, remove_resource,
LOWtests/integration/suite/test_pod_security_policies.py243def test_project_action_set_pspt(admin_mc, admin_pc,
LOW…integration/suite/test_kontainer_engine_annotations.py36def assert_cluster_annotation(expected, admin_mc, remove_resource, config):
LOWtests/integration/suite/common.py112def wait_for_template_to_be_created(client, name, timeout=45):
LOWtests/integration/suite/common.py127def wait_for_template_versions_to_be_created(client, version, timeout=45):
LOWtests/integration/suite/common.py142def wait_for_template_to_be_deleted(client, name, timeout=60):
LOWtests/integration/suite/common.py167def wait_for_atleast_workload(pclient, nsid, timeout=60, count=0):
LOWtests/integration/suite/test_secrets.py272def test_secret_creation_kubectl(admin_mc, admin_cc, remove_resource):
LOWtests/integration/suite/test_secrets.py308def test_malformed_secret_parse(admin_mc, admin_cc, remove_resource):
LOWtests/integration/suite/test_persistent_volume_claim.py7def test_cannot_create_azure_no_accountstoragetype(admin_pc, admin_cc,
LOWtests/integration/suite/test_persistent_volume_claim.py50def test_can_create_azure_any_accountstoragetype(admin_pc, admin_cc,
LOWtests/integration/suite/test_persistent_volume_claim.py109def test_can_create_pvc_no_storage_no_vol(admin_pc, remove_resource):
LOWtests/integration/suite/test_deployment.py7def test_dep_creation_kubectl(admin_mc, admin_cc, remove_resource):
LOWtests/integration/suite/test_tokens.py55def test_kubeconfig_token_ttl(admin_mc, user_mc):
LOWtests/integration/suite/test_kontainer_drivers.py29def test_kontainer_driver_lifecycle(admin_mc, list_remove_resource):
LOWtests/integration/suite/test_kontainer_drivers.py108def test_enabling_driver_exposes_schema(admin_mc, wait_remove_resource):
LOWtests/integration/suite/test_kontainer_drivers.py153def test_upgrade_changes_schema(admin_mc, wait_remove_resource):
LOWtests/integration/suite/test_kontainer_drivers.py191def test_create_duplicate_driver_conflict(admin_mc, wait_remove_resource):
LOWtests/integration/suite/test_kontainer_drivers.py220def test_update_duplicate_driver_conflict(admin_mc, wait_remove_resource):
LOWtests/integration/suite/test_kontainer_drivers.py283def verify_driver_not_in_types(client, kd):
LOWtests/integration/suite/test_workloads.py9def test_workload_image_change_private_registry(admin_pc):
LOWtests/integration/suite/test_workloads.py66def test_workload_ports_change(admin_pc):
LOWtests/integration/suite/test_workloads.py201def test_statefulset_workload_volumemount_subpath(admin_pc):
LOWtests/integration/suite/test_workloads.py344def test_perform_workload_action_read_only(admin_mc, admin_pc, remove_resource,
LOWtests/integration/suite/test_workloads.py439def wait_for_service_cluserip_set(client, name, timeout=30):
LOWtests/integration/suite/test_workloads.py450def wait_for_service_cluserip_reset(client, name, timeout=30):
LOWtests/integration/suite/test_persistent_volume.py4def test_persistent_volume_update(admin_cc, remove_resource):
LOWtests/integration/suite/test_node.py62def test_amazon_node_driver_schema(admin_mc):
Excessive Try-Catch Wrapping10 hits · 20 pts
SeverityFileLineSnippet
LOWtests/integration/suite/alert_common.py14 except Exception:
MEDIUM.github/scripts/list-ci-failures-for-pr.py13 print("Error: GH_TOKEN environment variable not set")
LOW.github/scripts/list-ci-failures-for-pr.py212 except Exception as exc:
MEDIUM.github/scripts/list-ci-failures-for-pr.py214 print(f"Error processing job {job['name']}: {exc}")
MEDIUM.github/scripts/list-ci-failures-for-pr.py223 print(f"Error fetching Pull Request details: {pr_response.status_code}")
MEDIUM.github/scripts/list-ci-failures-for-pr.py234 print(f"Error fetching workflow runs: {runs_response.status_code}")
LOW.github/scripts/list-ci-failures-for-pr.py267 except Exception as exc:
MEDIUM.github/scripts/list-ci-failures-for-pr.py269 print(f"Error processing workflow {workflow_name} attempt {attempt_num}: {exc}")
MEDIUM.github/scripts/list-ci-failures-for-pr.py299 print("Error: Repository not specified. Use --repo option or set the REPOSITORY environment variable")
MEDIUM.github/scripts/list-ci-failures-for-pr.py305 print("Error: Repository must be in the format 'owner/name'")
Fake / Example Data7 hits · 7 pts
SeverityFileLineSnippet
LOWpkg/auth/providers/scim/filter_test.go155 filter: `userName eq "user@example.com"`,
LOWpkg/auth/providers/scim/filter_test.go159 Value: "user@example.com",
LOWpkg/auth/providers/scim/user_test.go739 userMGR.EXPECT().EnsureUser("okta_user://john.doe", "John Doe").Return(&v3.User{
LOWpkg/auth/providers/scim/user_test.go765 "displayName": "John Doe",
LOWpkg/auth/providers/scim/user_test.go2679 assert.Equal(t, "John Doe", u.DisplayName)
LOWpkg/auth/providers/scim/user_test.go2692 "Operations": [{"op": "add", "path": "displayName", "value": "John Doe"}]
LOWpkg/auth/providers/keycloakoidc/keycloak_server_test.go127 "email": "user@example.com",
Self-Referential Comments2 hits · 6 pts
SeverityFileLineSnippet
MEDIUMchart/values.yaml312# Create a dynamic manifests via values:
MEDIUMtests/integration/suite/test_workloads.py360 # Create a read-only user binding.
AI Slop Vocabulary2 hits · 5 pts
SeverityFileLineSnippet
MEDIUMpkg/settings/setting.go115 SystemAgentInstallScript = NewSetting("system-agent-install-script", "https://github.com/rancher/system-agen
MEDIUMpkg/auth/providers/keycloakoidc/keycloak_client.go154 // you must have a group's id to utilize the keycloak by id search endpoint.
Synthetic Comment Markers1 hit · 5 pts
SeverityFileLineSnippet
HIGHpkg/catalogv2/content/content.go6 - Auto-generated code by Wrangler, encapsulated in high-level functions.
Redundant / Tautological Comments3 hits · 4 pts
SeverityFileLineSnippet
LOWchart/values.yaml191# Set priorityClassName to avoid eviction
LOWscripts/only-ui-bumps.sh6 # Check if there is only one changed file and if its 'package/Dockerfile'
LOWscripts/only-ui-bumps.sh9 # Check if only CATTLE_UI_VERSION and CATTLE_DASHBOARD_UI_VERSION are changed in 'package/Dockerfile'
Deep Nesting4 hits · 4 pts
SeverityFileLineSnippet
LOWtests/integration/suite/common.py157
LOWtests/integration/suite/test_kontainer_drivers.py251
LOW.github/scripts/list-ci-failures-for-pr.py187
LOW.github/scripts/list-ci-failures-for-pr.py218
Verbosity Indicators1 hit · 2 pts
SeverityFileLineSnippet
LOW…ontrollers/capr/managesystemagent/managesystemagent.go539 // Step 1: uninstall the system-agent bundle