Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hardening suggestions for codemodder-python / ruff #278

Closed
wants to merge 1 commit into from

Conversation

pixeebot[bot]
Copy link
Contributor

@pixeebot pixeebot bot commented Feb 19, 2024

I've reviewed the recently opened PR (277 - Replace pylint with ruff) and have identified some area(s) that could benefit from additional hardening measures.

These changes should help prevent potential security vulnerabilities and improve overall code quality.

Thank you for your consideration!

docs | feedback
Powered by: pixeebot

@pixeebot pixeebot bot requested a review from clavedeluna February 19, 2024 12:20
@pixeebot pixeebot bot requested a review from clavedeluna as a code owner February 19, 2024 12:20
@@ -170,8 +171,7 @@ def test_file_rewritten(self):
self.check_code_before()
self.check_dependencies_before()

completed_process = subprocess.run(
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replaces subprocess.{func} with more secure safe_command library functions.

@@ -185,8 +185,7 @@ def test_file_rewritten(self):

def _run_idempotency_chec(self, command):
# idempotency test, run it again and assert no files changed
completed_process = subprocess.run(
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replaces subprocess.{func} with more secure safe_command library functions.

@@ -22,6 +22,7 @@ dependencies = [
"tomlkit~=0.12.0",
"wrapt~=1.16.0",
"chardet~=5.2.0",
"security~=1.2.0",
]
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This library holds security tools for protecting Python API calls.

License: MITOpen SourceMore facts

Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@drdavella drdavella closed this Feb 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants