-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hardening suggestions for codemodder-python / dep-hashes #274
Conversation
src/codemodder/scripts/get_hashes.py
Outdated
|
||
|
||
def get_package_hashes(package_name: str, version: str) -> list[str]: | ||
""" | ||
Fetch the SHA256 hashes for a given package version from PyPI. | ||
""" | ||
url = f"https://pypi.org/pypi/{package_name}/{version}/json" | ||
response = requests.get(url) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add timeout to requests
call
@@ -35,8 +35,7 @@ def main(): | |||
continue | |||
|
|||
package_name, version = arg.split("==", 1) | |||
hashes = get_package_hashes(package_name, version) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Replaces multiple expressions involving if
operator with 'walrus' operator.
@clavedeluna I'd like to drop the commit that adds the |
694ef51
to
0d0931e
Compare
Quality Gate passedIssues Measures |
I've reviewed the recently opened PR (273 - Requirements.txt writer adds hashes and a way to remember to update codemodder deps) and have identified some area(s) that could benefit from additional hardening measures.
These changes should help prevent potential security vulnerabilities and improve overall code quality.
Thank you for your consideration!
docs | feedback
Powered by: pixeebot