tailscale/tailscale

Pattern Findings

1293 matches across 11 categories. Click a row to expand file-level details.

Over-Commented Block1237 hits · 1176 pts

Severity	File	Line	Snippet
LOW	build_docker.sh	1	#!/usr/bin/env sh
LOW	header.txt	1	// Copyright (c) Tailscale Inc & contributors
LOW	misc/git_hook/git-hook.go	1	// Copyright (c) Tailscale Inc & contributors
LOW	misc/git_hook/githook/launcher.sh	1	#!/usr/bin/env bash
LOW	prober/dns.go	21	// Networks is the list of networks to resolve; if non-empty, it should
LOW	prober/derp.go	881	return runDerpProbeNodePair(ctx, from, to, fromc, toc, size)
LOW	cmd/cloner/cloner.go	1	// Copyright (c) Tailscale Inc & contributors
LOW	cmd/natc/natc.go	261	// dnsAddr is the IPv4 address to listen on for DNS requests. It is used to
LOW	cmd/vet/subtestnames/analyzer.go	1	// Copyright (c) Tailscale Inc & contributors
LOW	cmd/vet/jsontags/analyzer.go	41	var seenName, hasFormat bool
LOW	cmd/vet/jsontags/analyzer.go	81	// other than when the map or slice are empty.
LOW	cmd/vet/jsontags/report.go	41	}
LOW	cmd/gitops-pusher/cache.go	1	// Copyright (c) Tailscale Inc & contributors
LOW	cmd/k8s-nameserver/main.go	41	defaultDNSConfigDir = "/config"
LOW	cmd/k8s-nameserver/main.go	361	if err != nil {
LOW	cmd/derper/ace.go	41	// to the bidirectional ts2021 Noise protocol.
LOW	cmd/sync-containers/main.go	1	// Copyright (c) Tailscale Inc & contributors
LOW	cmd/containerboot/test_tailscale.sh	1	#!/usr/bin/env bash
LOW	cmd/containerboot/main.go	1	// Copyright (c) Tailscale Inc & contributors
LOW	cmd/containerboot/main.go	21	// Must be used together with TS_CLIENT_ID. If the value begins with "file:", it is
LOW	cmd/containerboot/main.go	41	// destination defined by an IP.
LOW	cmd/containerboot/main.go	61	// logged in. If false (the default, for backwards
LOW	cmd/containerboot/main.go	81	// - TS_EXPERIMENTAL_VERSIONED_CONFIG_DIR: if specified, a path to a
LOW	cmd/containerboot/main.go	101	// cluster using the same hostname (in this case, the MagicDNS name of the ingress proxy)
LOW	cmd/containerboot/main.go	861
LOW	cmd/jsonimports/format.go	21	// mustFormatFile formats a Go source file and adjust "json" imports.
LOW	cmd/jsonimports/jsonimports.go	1	// Copyright (c) Tailscale Inc & contributors
LOW	cmd/jsonimports/jsonimports.go	21	// and "encoding/json/jsontext" into the standard library
LOW	cmd/tsnet-proxy/tsnet-proxy.go	1	// Copyright (c) Tailscale Inc & contributors
LOW	cmd/tl-longchain/tl-longchain.go	1	// Copyright (c) Tailscale Inc & contributors
LOW	cmd/proxy-to-grafana/proxy-to-grafana.go	1	// Copyright (c) Tailscale Inc & contributors
LOW	cmd/proxy-to-grafana/proxy-to-grafana.go	21	// whitelist = 127.0.0.1
LOW	cmd/tsconnect/wasmbuild/wasmbuild.go	41	// excluded via its ts_omit_ build tag (computed by [Tags]).
LOW	cmd/tta/wgserver_linux.go	41	// - listen-port: WG listen port
LOW	cmd/tailscale/generate.go	1	// Copyright (c) Tailscale Inc & contributors
LOW	cmd/tailscale/cli/up.go	261	// Fields output when `tailscale up --json` is used. Two JSON blocks will be output.
LOW	cmd/tailscale/cli/up.go	401	warning = "netfilter=nodivert; add iptables calls to ts-* chains manually."
LOW	cmd/tailscale/cli/up.go	981	backendState string
LOW	cmd/tailscale/cli/serve_legacy.go	221	// serve config types like proxy, path, and text.
LOW	cmd/tailscale/cli/file.go	321
LOW	cmd/tailscale/cli/exitnode.go	201
LOW	cmd/tailscale/cli/jsonoutput/tailnet-lock-log.go	181	LastAUMHash string `json:"LastAUMHash,omitzero"`
LOW	cmd/tailscale/cli/jsonoutput/jsonoutput.go	1	// Copyright (c) Tailscale Inc & contributors
LOW	cmd/testwrapper/testwrapper.go	461	// `go test FILE` rather than `go test PKG`. It's more
LOW	cmd/testwrapper/flakytest/flakytest.go	41	//
LOW	cmd/netlogfmt/main.go	1	// Copyright (c) Tailscale Inc & contributors
LOW	cmd/tsshd/tsshd.go	1	// Copyright (c) Tailscale Inc & contributors
LOW	cmd/k8s-operator/proxygroup_specs.go	261	// This mechanism currently (2025-01-26) rely on the local health check being accessible on the Pod's
LOW	cmd/k8s-operator/operator.go	781	tailscaleNamespace string // namespace in which operator resources will be deployed
LOW	cmd/k8s-operator/operator.go	801	// We should fix that and preferably integrate with that mechanism as
LOW	cmd/k8s-operator/egress-pod-readiness.go	41	// https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-readiness-gate
LOW	cmd/k8s-operator/egress-pod-readiness.go	61	//
LOW	cmd/k8s-operator/proxygroup.go	221	// Our custom logic for ensuring minimum downtime ProxyGroup update rollouts relies on the local health check
LOW	cmd/k8s-operator/egress-services.go	81	}
LOW	cmd/k8s-operator/dnsrecords.go	41	// records.
LOW	cmd/k8s-operator/dnsrecords.go	121	//
LOW	cmd/k8s-operator/ingress-for-pg.go	81	// mode (on a ProxyGroup). It looks at all Ingresses with
LOW	cmd/k8s-operator/ingress-for-pg.go	221	// that in edge cases (a single update changed both hostname and removed
LOW	cmd/k8s-operator/deploy/chart/values.yaml	1	# Copyright (c) Tailscale Inc & contributors
LOW	cmd/k8s-operator/deploy/chart/values.yaml	21
1177 more matches not shown…

Hallucination Indicators10 hits · 100 pts

Severity	File	Line	Snippet
CRITICAL	cmd/k8s-operator/proxyclass.go	184	if errs := metavalidation.ValidateLabels(pc.Spec.Metrics.ServiceMonitor.Labels.Parse(), field.NewPath(".spec.metrics.s
CRITICAL	cmd/k8s-operator/sts_test.go	192	wantSS.Spec.Template.Labels = proxyClassAllOpts.Spec.StatefulSet.Pod.Labels.Parse()
CRITICAL	cmd/k8s-operator/sts_test.go	226	wantSS.Spec.Template.Labels = proxyClassJustLabels.Spec.StatefulSet.Pod.Labels.Parse()
CRITICAL	cmd/k8s-operator/sts_test.go	238	wantSS.Spec.Template.Labels = proxyClassAllOpts.Spec.StatefulSet.Pod.Labels.Parse()
CRITICAL	cmd/k8s-operator/sts_test.go	265	wantSS.Spec.Template.Labels = proxyClassJustLabels.Spec.StatefulSet.Pod.Labels.Parse()
CRITICAL	ipn/ipnlocal/peerapi.go	445	if hasCGNATInterface, err := h.ps.b.sys.NetMon.Get().HasCGNATInterface(); hasCGNATInterface {
CRITICAL	ipn/ipnlocal/peerapi_drive.go	56	fs, ok := h.ps.b.sys.DriveForRemote.GetOK()
CRITICAL	wgengine/magicsock/relaymanager.go	111	if !r.wlb.ep.c.debugLogging.Load() {
CRITICAL	wgengine/magicsock/relaymanager.go	351	if !r.wlb.ep.c.debugLogging.Load() {
CRITICAL	wgengine/magicsock/relaymanager.go	415	sharedKey: work.wlb.ep.c.discoAtomic.Private().Shared(work.se.ServerDisco),

AI Slop Vocabulary10 hits · 30 pts

Severity	File	Line	Snippet
MEDIUM	tailcfg/tailcfg.go	175	// - 126: 2025-09-17: Client uses seamless key renewal unless disabled by control (tailscale/corp#31479)
MEDIUM	util/eventbus/debug.go	33	// deliberately withheld from bus clients to encourage more robust and
MEDIUM	util/winutil/restartmgr_windows.go	149	// processes that utilize the binaries previously specified by calls to
MEDIUM	util/winutil/authenticode/authenticode_windows.go	403	// 1. Subsequent API calls directly utilize the file's Win32 HANDLE;
MEDIUM	tstest/largetailnet/delta_test.go	106	// are robust against interleaving (assuming no other test runs in
MEDIUM	wgengine/magicsock/magicsock.go	1221	// should provide a mechanism for seamless rotation by supporting short term use
MEDIUM	wgengine/magicsock/endpoint.go	1913	// Prefer IPv6 for being a bit more robust, as long as
MEDIUM	…ature/buildfeatures/feature_listenrawdisco_disabled.go	10	// HasListenRawDisco is whether the binary was built with support for modular feature "Use raw sockets for more robust d
MEDIUM	feature/buildfeatures/feature_listenrawdisco_enabled.go	10	// HasListenRawDisco is whether the binary was built with support for modular feature "Use raw sockets for more robust d
MEDIUM	control/tsp/map_test.go	90	// the test robust if a server-side keepalive arrives mid-test.

Synthetic Comment Markers2 hits · 15 pts

Severity	File	Line	Snippet
HIGH	util/winutil/winutil.go	106	// the calling executable as requested via opts. This should be called by any
HIGH	feature/conn25/conn25.go	538	// OK indicates that the mapping was created as requested.

Fake / Example Data14 hits · 14 pts

Severity	File	Line	Snippet
LOW	cmd/tailscale/cli/netcheck_test.go	82	cliAddress: "lorem ipsum",
LOW	cmd/tailscale/cli/netcheck_test.go	84	wantError: `invalid bind address: "lorem ipsum"`,
LOW	cmd/hello/helloserver/helloserver.go	86	LoginName string // "foo@bar.com"
LOW	ipn/ipnlocal/diskcache_test.go	30	LoginName: "user@example.com",
LOW	ipn/ipnlocal/profiles_test.go	1205	LoginName: "user@example.com",
LOW	util/deephash/tailscale_types_test.go	168	{ID: 1, LoginName: "foo@bar.com"},
LOW	util/dnsname/dnsname_test.go	165	{"email", "admin@example.com", "admin-example-com"},
LOW	ssh/tailssh/tailssh_test.go	207	Principals: []*tailcfg.SSHPrincipal{{UserLogin: "foo@bar.com"}},
LOW	ssh/tailssh/tailssh_test.go	210	ci: &sshConnInfo{uprof: tailcfg.UserProfile{LoginName: "foo@bar.com"}},
LOW	ssh/tailssh/auditd_linux_test.go	47	message: `op=login hostname="test-host" exe="/usr/bin/tailscaled" ts_user="user@example.com" ts_node="node.tail-scal
LOW	k8s-operator/api-proxy/proxy_events_test.go	73	LoginName: "user@example.com",
LOW	k8s-operator/api-proxy/proxy_events_test.go	86	NodeUser: "user@example.com",
LOW	client/web/web_test.go	532	user := &tailcfg.UserProfile{LoginName: "user@example.com", ID: tailcfg.UserID(1)}
LOW	client/web/web_test.go	853	user := &tailcfg.UserProfile{LoginName: "user@example.com", ID: tailcfg.UserID(1)}

Verbosity Indicators7 hits · 10 pts

Severity	File	Line	Snippet
LOW	cmd/containerboot/settings.go	410	// Step 1: run 'tailscaled'
LOW	cmd/containerboot/settings.go	420	// Step 1: run 'tailscaled'
LOW	ipn/ipnlocal/peerapi.go	698	// we need to check if they're allowed access to the internet.
LOW	scripts/installer.sh	23	# Step 1: detect the current linux distro, version, and packaging system.
LOW	scripts/installer.sh	422	# Step 2: having detected an OS we support, is it one of the
LOW	scripts/installer.sh	510	# Step 3: work out if we can run privileged commands, and if so,
LOW	scripts/installer.sh	532	# Step 4: run the installation.

Example Usage Blocks6 hits · 9 pts

Severity	File	Line	Snippet
LOW	cmd/netlogfmt/main.go	9	// Example usage:
LOW	safeweb/http.go	47	// # Example usage
LOW	util/must/must.go	6	// Example usage:
LOW	util/ctxkey/key.go	6	// Example usage:
LOW	util/ctxkey/key.go	33	// Example usage:
LOW	util/ctxkey/key.go	53	// Example usage:

Self-Referential Comments3 hits · 9 pts

Severity	File	Line	Snippet
MEDIUM	cmd/k8s-operator/deploy/manifests/proxy.yaml	1	# This file is not a complete manifest, it's a skeleton that the operator embeds
MEDIUM	cmd/k8s-operator/deploy/manifests/userspace-proxy.yaml	1	# This file is not a complete manifest, it's a skeleton that the operator embeds
MEDIUM	tstest/integration/vms/nixos_test.go	65	# Define the package (derivation) for Tailscale based on the binaries we

Excessive Try-Catch Wrapping2 hits · 4 pts

Severity	File	Line	Snippet
MEDIUM	tstest/tailmac/Swift/Common/TailMacConfigHelper.swift	117	print("Error binding virtual network client socket - \(String(cString: strerror(errno)))")
MEDIUM	tstest/tailmac/Swift/Common/TailMacConfigHelper.swift	134	print("Error connecting to server socket \(serverSocket) - \(String(cString: strerror(errno)))")

Slop Phrases1 hit · 3 pts

Severity	File	Line	Snippet
MEDIUM	build_docker.sh	10	# If you want to build local images for testing, you can use make, which provides few convenience wrappers around this s

Hyper-Verbose Identifiers1 hit · 1 pts

Severity	File	Line	Snippet
LOW	client/web/src/components/update-available.tsx	10	export function UpdateAvailableNotification({

Score History

Severity Breakdown

Pattern Findings