-
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
page-intex #13
page-intex #13
Changes from 3 commits
afa03f7
b2ad53e
aa4f75b
6eded52
87d2a70
ac26510
9b42eba
b2d730a
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,3 +2,4 @@ github-app-handler==0.15 | |
sentry-sdk==1.39.2 | ||
flask==3.0.0 | ||
Polidoro-PyGithub==2.2.0 | ||
Markdown==3.5.2 |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
<!DOCTYPE html> | ||
<link rel="shortcut icon" href="../static/favicon.ico" type="image/x-icon"> | ||
<link rel="icon" href="../static/favicon.ico" type="image/x-icon"> | ||
|
||
<html lang="en"> | ||
<head> | ||
<meta charset="UTF-8"> | ||
<title>{{ title }}</title> | ||
</head> | ||
<body> | ||
{{ body|safe }} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. There could be potential XSS (Cross-site scripting) security issues with using 'safe' filter, it allows rendering of HTML tags from user-input directly. Consider escaping the HTML content or using another way to prevent potential security risks. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Micro-Learning Topic: Cross-site scripting (Detected by phrase)Matched on "Cross-site scripting"Cross-site scripting vulnerabilities occur when unescaped input is rendered into a page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context. Try a challenge in Secure Code WarriorHelpful references
|
||
</body> | ||
</html> |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,11 @@ | ||
from unittest.mock import patch | ||
|
||
from src.app import handle, sentry_init | ||
from app import handle, sentry_init | ||
|
||
|
||
def test_sentry_init(monkeypatch): | ||
monkeypatch.setenv("SENTRY_DSN", "https://example.com") | ||
with patch("src.app.sentry_sdk") as mock_sentry: | ||
with patch("app.sentry_sdk") as mock_sentry: | ||
sentry_init() | ||
mock_sentry.init.assert_called_once_with( | ||
dsn="https://example.com", | ||
|
@@ -15,14 +15,14 @@ def test_sentry_init(monkeypatch): | |
|
||
|
||
def test_sentry_dont_init(monkeypatch): | ||
with patch("src.app.sentry_sdk") as mock_sentry: | ||
with patch("app.sentry_sdk") as mock_sentry: | ||
sentry_init() | ||
mock_sentry.init.assert_not_called() | ||
|
||
|
||
def test_handle_check_suite_requested(event): | ||
with patch("src.app.handle_create_pull_request") as mock_handle_create_pull_request: | ||
def test_handle_check_suite_requested(event, repository): | ||
with patch("app.handle_create_pull_request") as mock_handle_create_pull_request: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It looks like the function signature for 'test_handle_check_suite_requested' has changed. Make sure the behavior of the test is still correct. |
||
handle(event) | ||
mock_handle_create_pull_request.assert_called_once_with( | ||
event.repository, event.check_suite.head_branch | ||
repository, event.check_suite.head_branch | ||
) |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,13 +1,13 @@ | ||
{ | ||
"version": 2, | ||
"builds": [ | ||
{"src": "src/app.py", | ||
{"src": "app.py", | ||
"use": "@vercel/python" | ||
} | ||
], | ||
"routes": [ | ||
{"src": "/.*", | ||
"dest": "src/app.py" | ||
"dest": "app.py" | ||
} | ||
] | ||
} |
Check failure
Code scanning / SonarCloud
I/O function calls should not be vulnerable to path injection attacks High
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Micro-Learning Topic: Injection attack (Detected by phrase)
Matched on "injection attack"
Injection flaws, such as SQL, NoSQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Source: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
Try a challenge in Secure Code Warrior
Helpful references