Conversation
There was a problem hiding this comment.
Some food for thought. View full project report here.
| class CWE(models.Model): | ||
|
|
||
| cwe_id = models.CharField(max_length=255, unique=True) | ||
| name = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| name = models.CharField(max_length=255, blank=True, null=True) | |
| name = models.CharField(max_length=255, blank=True, default='') |
null=True on a string field causes inconsistent data types because the value can be either str or None. This adds complexity and maybe bugs, but can be solved by replacing null=True with default="". Explained here.
security/models.py
Outdated
|
|
||
| cwe_id = models.CharField(max_length=255, unique=True) | ||
| name = models.CharField(max_length=255, blank=True, null=True) | ||
| description = models.CharField(max_length=65535, blank=True, null=True) |
There was a problem hiding this comment.
| description = models.CharField(max_length=65535, blank=True, null=True) | |
| description = models.TextField(blank=True, default='') |
TextField might be better used here, instead of CharField with a huge max_length. More.
Again, consider replacing null=True with default="" (and blank=True to pass validation checks).
|
|
||
| class CVSS(models.Model): | ||
|
|
||
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) |
There was a problem hiding this comment.
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) | |
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True, blank=True) |
Expect unwanted behavior if null and blank are different values: null controls if the database allows no value for score and blank controls if the application allows no value for score. Consider setting null and blank to the same value for score. More.
| class CVSS(models.Model): | ||
|
|
||
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) | ||
| severity = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| severity = models.CharField(max_length=255, blank=True, null=True) | |
| severity = models.CharField(max_length=255, blank=True, default='') |
Same as above: consider replacing null=True with default="" (and blank=True to pass validation checks).
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) | ||
| severity = models.CharField(max_length=255, blank=True, null=True) | ||
| version = models.DecimalField(max_digits=2, decimal_places=1) | ||
| vector_string = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| vector_string = models.CharField(max_length=255, blank=True, null=True) | |
| vector_string = models.CharField(max_length=255, blank=True, default='') |
As above, consider replacing null=True with default="" (and blank=True to pass validation checks).
| arch = models.ForeignKey(MachineArchitecture, blank=True, null=True, on_delete=models.CASCADE) | ||
| osgroup = models.ForeignKey(OSGroup, blank=True, null=True, | ||
| on_delete=models.SET_NULL) | ||
| osrelease = models.ForeignKey(OSRelease, blank=True, null=True, on_delete=models.SET_NULL) |
There was a problem hiding this comment.
Django automatically creates a related_name if it's not set. If it were set then a more readable and explicit relationship is set up. More.
| choices=PACKAGE_TYPES, | ||
| blank=True, | ||
| null=True) | ||
| packagetype = models.CharField(max_length=1, choices=PACKAGE_TYPES, blank=True, null=True) |
There was a problem hiding this comment.
null=True on a string field causes inconsistent data types because the value can be either str or None. This adds complexity and maybe bugs, but can be solved by replacing null=True with default="". More details.
| blank=True, | ||
| null=True) | ||
| packagetype = models.CharField(max_length=1, choices=PACKAGE_TYPES, blank=True, null=True) | ||
| category = models.ForeignKey(PackageCategory, blank=True, null=True, on_delete=models.SET_NULL) |
There was a problem hiding this comment.
Django automatically creates a related_name if it's not set. If it were set then a more readable and explicit relationship is set up. More.
| release = models.CharField(max_length=255, blank=True, null=True) | ||
| arch = models.CharField(max_length=255) | ||
| packagetype = models.CharField(max_length=1, blank=True, null=True) | ||
| category = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| category = models.CharField(max_length=255, blank=True, null=True) | |
| category = models.CharField(max_length=255, blank=True, default='') |
Similarly, consider replacing null=True with default="" (and blank=True to pass validation checks).
| path('', views.package_list, name='package_list'), | ||
| path('<str:packagename>/', views.package_detail, name='package_detail'), | ||
| path('', views.package_name_list, name='package_name_list'), | ||
| path('name/', views.package_name_list, name='package_name_list'), |
There was a problem hiding this comment.
URL names must be unique but multiple urls.py entires are called package_name_list. If reverse("package_name_list") or {% url package_name_list %} is ran then only one of those urls will be returned. The user will probably be sent to the wrong view. More info.
errata/utils.py
Outdated
| er_type = 'Mailing List' | ||
| if er_type == 'bugzilla' or 'bug' in url.hostname or 'bugs' in url.path: | ||
| er_type = 'Bug Tracker' | ||
| if ('ubuntu.com' in url.hostname and 'usn/' in url.path) or url.hostname == 'usn.ubuntu.com': |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 12 months ago
To fix the problem, we need to ensure that the URL's hostname is properly parsed and checked to confirm that it belongs to the intended domain. Instead of using a substring check, we should use a more robust method to verify the hostname. Specifically, we can use the urlparse function to parse the URL and then check if the hostname ends with the intended domain, ensuring that it handles arbitrary subdomain sequences correctly.
We will modify the code in errata/utils.py to use the urlparse function and check if the hostname ends with .ubuntu.com instead of using the substring check 'ubuntu.com' in url.hostname.
| @@ -67,3 +67,3 @@ | ||
| er_type = 'Bug Tracker' | ||
| if ('ubuntu.com' in url.hostname and 'usn/' in url.path) or url.hostname == 'usn.ubuntu.com': | ||
| if (url.hostname and url.hostname.endswith('.ubuntu.com') and 'usn/' in url.path) or url.hostname == 'usn.ubuntu.com': | ||
| netloc = url.netloc.replace('usn.', '').replace('www.', '') |
errata/utils.py
Outdated
| url = url._replace(netloc=netloc, path=path) | ||
| if url.hostname == 'ubuntu.com' and url.path.startswith('/security/notices/USN'): | ||
| er_type = 'USN' | ||
| if 'launchpad.net' in url.hostname: |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 12 months ago
To fix the problem, we need to ensure that the hostname is exactly launchpad.net or a valid subdomain of it. This can be achieved by parsing the URL and performing a proper check on the hostname.
- Use the
urlparsefunction to parse the URL and extract the hostname. - Check if the hostname is exactly
launchpad.netor ends with.launchpad.netto allow valid subdomains. - Update the relevant lines in the
fixup_erratum_referencefunction to use this secure check.
| @@ -76,3 +76,3 @@ | ||
| er_type = 'USN' | ||
| if 'launchpad.net' in url.hostname: | ||
| if url.hostname == 'launchpad.net' or (url.hostname and url.hostname.endswith('.launchpad.net')): | ||
| er_type = 'Bug Tracker' |
5b82c72 to
96cd496
Compare
There was a problem hiding this comment.
Worth considering. View full project report here.
reports/models.py
Outdated
| if verbose: | ||
| text = 'Processing report ' | ||
| text += f'{self.id!s} - {self.host!s}' | ||
| text = 'Processing report {self.id} - {self.host}' |
There was a problem hiding this comment.
| text = 'Processing report {self.id} - {self.host}' | |
| text = f'Processing report {self.id} - {self.host}' |
If this was meant to be f-string then f prefix is missing. More details.
reports/models.py
Outdated
| if verbose: | ||
| text = 'Finding updates for report ' | ||
| text += f'{self.id!s} - {self.host!s}' | ||
| text = 'Finding updates for report {self.id} - {self.host}' |
There was a problem hiding this comment.
| text = 'Finding updates for report {self.id} - {self.host}' | |
| text = f'Finding updates for report {self.id} - {self.host}' |
Likewise, Missing f prefix?
reports/models.py
Outdated
| else: | ||
| text = 'Error: OS, kernel or arch not sent ' | ||
| text += f'with report {self.id!s}' | ||
| text = 'Error: OS, kernel or arch not sent with report {self.id}' |
There was a problem hiding this comment.
| text = 'Error: OS, kernel or arch not sent with report {self.id}' | |
| text = f'Error: OS, kernel or arch not sent with report {self.id}' |
Again, Missing f prefix?
repos/models.py
Outdated
| else: | ||
| text = 'Error: unknown repo type for repo ' | ||
| text += f'{self.id!s}: {self.repotype!s}' | ||
| text = 'Error: unknown repo type for repo {self.id}: {self.repotype}' |
There was a problem hiding this comment.
| text = 'Error: unknown repo type for repo {self.id}: {self.repotype}' | |
| text = f'Error: unknown repo type for repo {self.id}: {self.repotype}' |
If this was meant to be f-string then f prefix is missing. Read more.
| class OSRelease(models.Model): | ||
|
|
||
| name = models.CharField(max_length=255, unique=True) | ||
| name = models.CharField(max_length=255, unique=True, blank=False, null=False) |
There was a problem hiding this comment.
| name = models.CharField(max_length=255, unique=True, blank=False, null=False) | |
| name = models.CharField(max_length=255, unique=True) |
False is the default value Django uses for blank, so blank=False can be removed. More details.
Again, redundant default arguments can be removed.
| name = models.CharField(max_length=255, unique=True, blank=False, null=False) | ||
| repos = models.ManyToManyField(Repository, blank=True) | ||
| codename = models.CharField(max_length=255, blank=True) | ||
| cpe_name = models.CharField(max_length=255, null=True, blank=True, unique=True) |
There was a problem hiding this comment.
null=True on a string field causes inconsistent data types because the value can be either str or None. This adds complexity and maybe bugs, but can be solved by replacing null=True with default="". More.
operatingsystems/views.py
Outdated
| page = paginator.page(paginator.num_pages) | ||
|
|
||
| empty_oses = list(OS.objects.filter(host__isnull=True)) | ||
| nohost_osvariants = OSVariant.objects.filter(host__isnull=True).count() >= 1 |
There was a problem hiding this comment.
| nohost_osvariants = OSVariant.objects.filter(host__isnull=True).count() >= 1 | |
| nohost_osvariants = OSVariant.objects.filter(host__isnull=True).exists() |
Comparing OSVariant.objects.filter(host__isnull=True).count() is less efficient than checking OSVariant.objects.filter(host__isnull=True).exists() More details.
| for os in oses: | ||
| os.delete() | ||
| text = f'{len(oses)!s} OS\'s have been deleted' | ||
| if not osvariants: |
There was a problem hiding this comment.
Again, consider osvariants.exists()
operatingsystems/views.py
Outdated
| return redirect(reverse('operatingsystems:osvariant_list')) | ||
| for osvariant in osvariants: | ||
| osvariant.delete() | ||
| text = f'{len(osvariants)} OS Variants have been deleted' |
There was a problem hiding this comment.
len(queryset) reads all the records from the database and checks the length at application level. It would probably be more efficient to do this at database level via queryset.count(). More details.
fccc3bf to
1d056a5
Compare
There was a problem hiding this comment.
Some food for thought. View full project report here.
reports/models.py
Outdated
| if verbose: | ||
| text = 'Processing report ' | ||
| text += f'{self.id!s} - {self.host!s}' | ||
| text = 'Processing report {self.id} - {self.host}' |
There was a problem hiding this comment.
| text = 'Processing report {self.id} - {self.host}' | |
| text = f'Processing report {self.id} - {self.host}' |
If this was meant to be f-string then f prefix is missing. Explained here.
reports/models.py
Outdated
| if verbose: | ||
| text = 'Finding updates for report ' | ||
| text += f'{self.id!s} - {self.host!s}' | ||
| text = 'Finding updates for report {self.id} - {self.host}' |
There was a problem hiding this comment.
| text = 'Finding updates for report {self.id} - {self.host}' | |
| text = f'Finding updates for report {self.id} - {self.host}' |
Again, Missing f prefix?
reports/models.py
Outdated
| else: | ||
| text = 'Error: OS, kernel or arch not sent ' | ||
| text += f'with report {self.id!s}' | ||
| text = 'Error: OS, kernel or arch not sent with report {self.id}' |
There was a problem hiding this comment.
| text = 'Error: OS, kernel or arch not sent with report {self.id}' | |
| text = f'Error: OS, kernel or arch not sent with report {self.id}' |
Same as above: Missing f prefix?
repos/models.py
Outdated
| else: | ||
| text = 'Error: unknown repo type for repo ' | ||
| text += f'{self.id!s}: {self.repotype!s}' | ||
| text = 'Error: unknown repo type for repo {self.id}: {self.repotype}' |
There was a problem hiding this comment.
| text = 'Error: unknown repo type for repo {self.id}: {self.repotype}' | |
| text = f'Error: unknown repo type for repo {self.id}: {self.repotype}' |
If this was meant to be f-string then f prefix is missing. More info.
| path('', views.package_list, name='package_list'), | ||
| path('<str:packagename>/', views.package_detail, name='package_detail'), | ||
| path('', views.package_name_list, name='package_name_list'), | ||
| path('name/', views.package_name_list, name='package_name_list'), |
There was a problem hiding this comment.
URL names must be unique but multiple urls.py entires are called package_name_list. If reverse("package_name_list") or {% url package_name_list %} is ran then only one of those urls will be returned. The user will probably be sent to the wrong view. More details.
| class CWE(models.Model): | ||
|
|
||
| cwe_id = models.CharField(max_length=255, unique=True) | ||
| name = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| name = models.CharField(max_length=255, blank=True, null=True) | |
| name = models.CharField(max_length=255, blank=True, default='') |
null=True on a string field causes inconsistent data types because the value can be either str or None. This adds complexity and maybe bugs, but can be solved by replacing null=True with default="". Explained here.
security/models.py
Outdated
|
|
||
| cwe_id = models.CharField(max_length=255, unique=True) | ||
| name = models.CharField(max_length=255, blank=True, null=True) | ||
| description = models.CharField(max_length=65535, blank=True, null=True) |
There was a problem hiding this comment.
| description = models.CharField(max_length=65535, blank=True, null=True) | |
| description = models.TextField(blank=True, default='') |
TextField might be better used here, instead of CharField with a huge max_length. More info.
Likewise, consider replacing null=True with default="" (and blank=True to pass validation checks).
|
|
||
| class CVSS(models.Model): | ||
|
|
||
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) |
There was a problem hiding this comment.
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) | |
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True, blank=True) |
Expect unwanted behavior if null and blank are different values: null controls if the database allows no value for score and blank controls if the application allows no value for score. Consider setting null and blank to the same value for score. Explained here.
| class CVSS(models.Model): | ||
|
|
||
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) | ||
| severity = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| severity = models.CharField(max_length=255, blank=True, null=True) | |
| severity = models.CharField(max_length=255, blank=True, default='') |
Again, consider replacing null=True with default="" (and blank=True to pass validation checks).
There was a problem hiding this comment.
Looks good. Worth considering though. View full project report here.
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) | ||
| severity = models.CharField(max_length=255, blank=True, null=True) | ||
| version = models.DecimalField(max_digits=2, decimal_places=1) | ||
| vector_string = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| vector_string = models.CharField(max_length=255, blank=True, null=True) | |
| vector_string = models.CharField(max_length=255, blank=True, default='') |
Likewise, consider replacing null=True with default="" (and blank=True to pass validation checks).
| class CVE(models.Model): | ||
|
|
||
| cve_id = models.CharField(max_length=255, unique=True) | ||
| title = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| title = models.CharField(max_length=255, blank=True, null=True) | |
| title = models.CharField(max_length=255, blank=True, default='') |
Similarly, consider replacing null=True with default="" (and blank=True to pass validation checks).
security/models.py
Outdated
|
|
||
| cve_id = models.CharField(max_length=255, unique=True) | ||
| title = models.CharField(max_length=255, blank=True, null=True) | ||
| description = models.CharField(max_length=65535) |
There was a problem hiding this comment.
| description = models.CharField(max_length=65535) | |
| description = models.TextField() |
Similarly, consider using a TextField.
ccb2b38 to
02f90f7
Compare
There was a problem hiding this comment.
Some food for thought. View full project report here.
| class CWE(models.Model): | ||
|
|
||
| cwe_id = models.CharField(max_length=255, unique=True) | ||
| name = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| name = models.CharField(max_length=255, blank=True, null=True) | |
| name = models.CharField(max_length=255, blank=True, default='') |
null=True on a string field causes inconsistent data types because the value can be either str or None. This adds complexity and maybe bugs, but can be solved by replacing null=True with default="". More details.
|
|
||
| class CVSS(models.Model): | ||
|
|
||
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) |
There was a problem hiding this comment.
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) | |
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True, blank=True) |
Expect unwanted behavior if null and blank are different values: null controls if the database allows no value for score and blank controls if the application allows no value for score. Consider setting null and blank to the same value for score. More details.
| class CVSS(models.Model): | ||
|
|
||
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) | ||
| severity = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| severity = models.CharField(max_length=255, blank=True, null=True) | |
| severity = models.CharField(max_length=255, blank=True, default='') |
As above, consider replacing null=True with default="" (and blank=True to pass validation checks).
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) | ||
| severity = models.CharField(max_length=255, blank=True, null=True) | ||
| version = models.DecimalField(max_digits=2, decimal_places=1) | ||
| vector_string = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| vector_string = models.CharField(max_length=255, blank=True, null=True) | |
| vector_string = models.CharField(max_length=255, blank=True, default='') |
Same as above: consider replacing null=True with default="" (and blank=True to pass validation checks).
| class CVE(models.Model): | ||
|
|
||
| cve_id = models.CharField(max_length=255, unique=True) | ||
| title = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| title = models.CharField(max_length=255, blank=True, null=True) | |
| title = models.CharField(max_length=255, blank=True, default='') |
Same as above: consider replacing null=True with default="" (and blank=True to pass validation checks).
| for os in oses: | ||
| os.delete() | ||
| text = f'{len(oses)!s} OS\'s have been deleted' | ||
| if not osvariants: |
There was a problem hiding this comment.
Comparing osvariants.count() is less efficient than checking osvariants.exists() More details.
| choices=PACKAGE_TYPES, | ||
| blank=True, | ||
| null=True) | ||
| packagetype = models.CharField(max_length=1, choices=PACKAGE_TYPES, blank=True, null=True) |
There was a problem hiding this comment.
null=True on a string field causes inconsistent data types because the value can be either str or None. This adds complexity and maybe bugs, but can be solved by replacing null=True with default="". Read more.
| blank=True, | ||
| null=True) | ||
| packagetype = models.CharField(max_length=1, choices=PACKAGE_TYPES, blank=True, null=True) | ||
| category = models.ForeignKey(PackageCategory, blank=True, null=True, on_delete=models.SET_NULL) |
There was a problem hiding this comment.
Django automatically creates a related_name if it's not set. If it were set then a more readable and explicit relationship is set up. Explained here.
| release = models.CharField(max_length=255, blank=True, null=True) | ||
| arch = models.CharField(max_length=255) | ||
| packagetype = models.CharField(max_length=1, blank=True, null=True) | ||
| category = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| category = models.CharField(max_length=255, blank=True, null=True) | |
| category = models.CharField(max_length=255, blank=True, default='') |
As above, consider replacing null=True with default="" (and blank=True to pass validation checks).
| path('', views.package_list, name='package_list'), | ||
| path('<str:packagename>/', views.package_detail, name='package_detail'), | ||
| path('', views.package_name_list, name='package_name_list'), | ||
| path('name/', views.package_name_list, name='package_name_list'), |
There was a problem hiding this comment.
URL names must be unique but multiple urls.py entires are called package_name_list. If reverse("package_name_list") or {% url package_name_list %} is ran then only one of those urls will be returned. The user will probably be sent to the wrong view. Read more.
There was a problem hiding this comment.
Some food for thought. View full project report here.
| url = models.CharField(max_length=255, unique=True) | ||
| last_access_ok = models.BooleanField(default=False) | ||
| file_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| packages_checksum = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| packages_checksum = models.CharField(max_length=255, blank=True, null=True) | |
| packages_checksum = models.CharField(max_length=255, blank=True, default='') |
null=True on a string field causes inconsistent data types because the value can be either str or None. This adds complexity and maybe bugs, but can be solved by replacing null=True with default="". Explained here.
| last_access_ok = models.BooleanField(default=False) | ||
| file_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| packages_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| modules_checksum = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| modules_checksum = models.CharField(max_length=255, blank=True, null=True) | |
| modules_checksum = models.CharField(max_length=255, blank=True, default='') |
Again, consider replacing null=True with default="" (and blank=True to pass validation checks).
| file_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| packages_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| modules_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| errata_checksum = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| errata_checksum = models.CharField(max_length=255, blank=True, null=True) | |
| errata_checksum = models.CharField(max_length=255, blank=True, default='') |
Likewise, consider replacing null=True with default="" (and blank=True to pass validation checks).
There was a problem hiding this comment.
Worth considering. View full project report here.
| class CWE(models.Model): | ||
|
|
||
| cwe_id = models.CharField(max_length=255, unique=True) | ||
| name = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| name = models.CharField(max_length=255, blank=True, null=True) | |
| name = models.CharField(max_length=255, blank=True, default='') |
null=True on a string field causes inconsistent data types because the value can be either str or None. This adds complexity and maybe bugs, but can be solved by replacing null=True with default="". More.
|
|
||
| class CVSS(models.Model): | ||
|
|
||
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) |
There was a problem hiding this comment.
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) | |
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True, blank=True) |
Expect unwanted behavior if null and blank are different values: null controls if the database allows no value for score and blank controls if the application allows no value for score. Consider setting null and blank to the same value for score. Explained here.
| class CVSS(models.Model): | ||
|
|
||
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) | ||
| severity = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| severity = models.CharField(max_length=255, blank=True, null=True) | |
| severity = models.CharField(max_length=255, blank=True, default='') |
Same as above: consider replacing null=True with default="" (and blank=True to pass validation checks).
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) | ||
| severity = models.CharField(max_length=255, blank=True, null=True) | ||
| version = models.DecimalField(max_digits=2, decimal_places=1) | ||
| vector_string = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| vector_string = models.CharField(max_length=255, blank=True, null=True) | |
| vector_string = models.CharField(max_length=255, blank=True, default='') |
Likewise, consider replacing null=True with default="" (and blank=True to pass validation checks).
| class CVE(models.Model): | ||
|
|
||
| cve_id = models.CharField(max_length=255, unique=True) | ||
| title = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| title = models.CharField(max_length=255, blank=True, null=True) | |
| title = models.CharField(max_length=255, blank=True, default='') |
Similarly, consider replacing null=True with default="" (and blank=True to pass validation checks).
| release = models.CharField(max_length=255, blank=True, null=True) | ||
| arch = models.CharField(max_length=255) | ||
| packagetype = models.CharField(max_length=1, blank=True, null=True) | ||
| category = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| category = models.CharField(max_length=255, blank=True, null=True) | |
| category = models.CharField(max_length=255, blank=True, default='') |
Same as above: consider replacing null=True with default="" (and blank=True to pass validation checks).
| path('', views.package_list, name='package_list'), | ||
| path('<str:packagename>/', views.package_detail, name='package_detail'), | ||
| path('', views.package_name_list, name='package_name_list'), | ||
| path('name/', views.package_name_list, name='package_name_list'), |
There was a problem hiding this comment.
URL names must be unique but multiple urls.py entires are called package_name_list. If reverse("package_name_list") or {% url package_name_list %} is ran then only one of those urls will be returned. The user will probably be sent to the wrong view. More.
| url = models.CharField(max_length=255, unique=True) | ||
| last_access_ok = models.BooleanField(default=False) | ||
| file_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| packages_checksum = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| packages_checksum = models.CharField(max_length=255, blank=True, null=True) | |
| packages_checksum = models.CharField(max_length=255, blank=True, default='') |
null=True on a string field causes inconsistent data types because the value can be either str or None. This adds complexity and maybe bugs, but can be solved by replacing null=True with default="". More info.
| last_access_ok = models.BooleanField(default=False) | ||
| file_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| packages_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| modules_checksum = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| modules_checksum = models.CharField(max_length=255, blank=True, null=True) | |
| modules_checksum = models.CharField(max_length=255, blank=True, default='') |
Same as above: consider replacing null=True with default="" (and blank=True to pass validation checks).
| file_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| packages_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| modules_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| errata_checksum = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| errata_checksum = models.CharField(max_length=255, blank=True, null=True) | |
| errata_checksum = models.CharField(max_length=255, blank=True, default='') |
Again, consider replacing null=True with default="" (and blank=True to pass validation checks).
There was a problem hiding this comment.
Some food for thought. View full project report here.
| class CWE(models.Model): | ||
|
|
||
| cwe_id = models.CharField(max_length=255, unique=True) | ||
| name = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| name = models.CharField(max_length=255, blank=True, null=True) | |
| name = models.CharField(max_length=255, blank=True, default='') |
null=True on a string field causes inconsistent data types because the value can be either str or None. This adds complexity and maybe bugs, but can be solved by replacing null=True with default="". Read more.
|
|
||
| class CVSS(models.Model): | ||
|
|
||
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) |
There was a problem hiding this comment.
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) | |
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True, blank=True) |
Expect unwanted behavior if null and blank are different values: null controls if the database allows no value for score and blank controls if the application allows no value for score. Consider setting null and blank to the same value for score. More details.
| class CVSS(models.Model): | ||
|
|
||
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) | ||
| severity = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| severity = models.CharField(max_length=255, blank=True, null=True) | |
| severity = models.CharField(max_length=255, blank=True, default='') |
As above, consider replacing null=True with default="" (and blank=True to pass validation checks).
| score = models.DecimalField(max_digits=3, decimal_places=1, null=True) | ||
| severity = models.CharField(max_length=255, blank=True, null=True) | ||
| version = models.DecimalField(max_digits=2, decimal_places=1) | ||
| vector_string = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| vector_string = models.CharField(max_length=255, blank=True, null=True) | |
| vector_string = models.CharField(max_length=255, blank=True, default='') |
Likewise, consider replacing null=True with default="" (and blank=True to pass validation checks).
| class CVE(models.Model): | ||
|
|
||
| cve_id = models.CharField(max_length=255, unique=True) | ||
| title = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| title = models.CharField(max_length=255, blank=True, null=True) | |
| title = models.CharField(max_length=255, blank=True, default='') |
Same as above: consider replacing null=True with default="" (and blank=True to pass validation checks).
| release = models.CharField(max_length=255, blank=True, null=True) | ||
| arch = models.CharField(max_length=255) | ||
| packagetype = models.CharField(max_length=1, blank=True, null=True) | ||
| category = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| category = models.CharField(max_length=255, blank=True, null=True) | |
| category = models.CharField(max_length=255, blank=True, default='') |
Similarly, consider replacing null=True with default="" (and blank=True to pass validation checks).
| path('', views.package_list, name='package_list'), | ||
| path('<str:packagename>/', views.package_detail, name='package_detail'), | ||
| path('', views.package_name_list, name='package_name_list'), | ||
| path('name/', views.package_name_list, name='package_name_list'), |
There was a problem hiding this comment.
URL names must be unique but multiple urls.py entires are called package_name_list. If reverse("package_name_list") or {% url package_name_list %} is ran then only one of those urls will be returned. The user will probably be sent to the wrong view. More.
| url = models.CharField(max_length=255, unique=True) | ||
| last_access_ok = models.BooleanField(default=False) | ||
| file_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| packages_checksum = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| packages_checksum = models.CharField(max_length=255, blank=True, null=True) | |
| packages_checksum = models.CharField(max_length=255, blank=True, default='') |
null=True on a string field causes inconsistent data types because the value can be either str or None. This adds complexity and maybe bugs, but can be solved by replacing null=True with default="". Explained here.
| last_access_ok = models.BooleanField(default=False) | ||
| file_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| packages_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| modules_checksum = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| modules_checksum = models.CharField(max_length=255, blank=True, null=True) | |
| modules_checksum = models.CharField(max_length=255, blank=True, default='') |
Again, consider replacing null=True with default="" (and blank=True to pass validation checks).
| file_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| packages_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| modules_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| errata_checksum = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| errata_checksum = models.CharField(max_length=255, blank=True, null=True) | |
| errata_checksum = models.CharField(max_length=255, blank=True, default='') |
Same as above: consider replacing null=True with default="" (and blank=True to pass validation checks).
skip-checks: true
skip-checks: true
There was a problem hiding this comment.
Looks good. Worth considering though. View full project report here.
| url = models.CharField(max_length=255, unique=True) | ||
| last_access_ok = models.BooleanField(default=False) | ||
| file_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| packages_checksum = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| packages_checksum = models.CharField(max_length=255, blank=True, null=True) | |
| packages_checksum = models.CharField(max_length=255, blank=True, default='') |
null=True on a string field causes inconsistent data types because the value can be either str or None. This adds complexity and maybe bugs, but can be solved by replacing null=True with default="". More.
| last_access_ok = models.BooleanField(default=False) | ||
| file_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| packages_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| modules_checksum = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| modules_checksum = models.CharField(max_length=255, blank=True, null=True) | |
| modules_checksum = models.CharField(max_length=255, blank=True, default='') |
Same as above: consider replacing null=True with default="" (and blank=True to pass validation checks).
| file_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| packages_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| modules_checksum = models.CharField(max_length=255, blank=True, null=True) | ||
| errata_checksum = models.CharField(max_length=255, blank=True, null=True) |
There was a problem hiding this comment.
| errata_checksum = models.CharField(max_length=255, blank=True, null=True) | |
| errata_checksum = models.CharField(max_length=255, blank=True, default='') |
Likewise, consider replacing null=True with default="" (and blank=True to pass validation checks).
There was a problem hiding this comment.
Some food for thought. View full project report here.
| if refs: | ||
| ref = refs.first() | ||
| if ref.url != reference.get('url') and update_ref_type: | ||
| ref.ref_type = ref_type | ||
| ref.save() | ||
| else: | ||
| ref, created = Reference.objects.get_or_create( | ||
| ref_type=reference.get('ref_type'), | ||
| url=reference.get('url'), | ||
| ) |
There was a problem hiding this comment.
| if refs: | |
| ref = refs.first() | |
| if ref.url != reference.get('url') and update_ref_type: | |
| ref.ref_type = ref_type | |
| ref.save() | |
| else: | |
| ref, created = Reference.objects.get_or_create( | |
| ref_type=reference.get('ref_type'), | |
| url=reference.get('url'), | |
| ) | |
| if refs.exists(): | |
| ref = refs.first() | |
| if ref.url != reference.get('url') and update_ref_type: | |
| ref.ref_type = ref_type | |
| ref.save() | |
| else: | |
| (ref, created) = Reference.objects.get_or_create( | |
| ref_type=reference.get('ref_type'), url=reference.get('url') | |
| ) |
Checking refs truthiness is less efficient than checking refs.exists() or refs is not None. Checking queryset truthiness evaluates the queryset, therefore reading the records from the database. More info.
Uh oh!
There was an error while loading. Please reload this page.