Skip to content

Hardening suggestions for codemodder-python / update-codetf-findings #491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
pixeebot wants to merge 3 commits into from
Closed

Hardening suggestions for codemodder-python / update-codetf-findings #491

pixeebot wants to merge 3 commits into from

Conversation

@pixeebot
Copy link
Contributor

@pixeebot pixeebot bot commented Apr 19, 2024

I've reviewed the recently opened PR (490 - Update codetf bindings) and have identified some area(s) that could benefit from additional hardening measures.

These changes should help prevent potential security vulnerabilities and improve overall code quality.

Thank you for your consideration!

docs | feedback
Powered by: pixeebot

@pixeebot pixeebot bot requested a review from drdavella April 19, 2024 20:57
@pixeebot pixeebot bot requested a review from clavedeluna as a code owner April 19, 2024 20:57
pixeebot[bot]
pixeebot bot commented Apr 19, 2024
View reviewed changes
src/codemodder/codemods/libcst_transformer.py

diff = create_diff_from_tree(source_tree, tree)
if not diff:
if not (diff := create_diff_from_tree(source_tree, tree)):
Copy link
Contributor Author

@pixeebot pixeebot bot Apr 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replaces multiple expressions involving if operator with 'walrus' operator.

pixeebot[bot]
pixeebot bot commented Apr 19, 2024
View reviewed changes
src/codemodder/codemods/test/integration_utils.py

self.write_original_code()
self.write_original_dependencies()

Copy link
Contributor Author

@pixeebot pixeebot bot Apr 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replaces subprocess.{func} with more secure safe_command library functions.

pixeebot[bot]
pixeebot bot commented Apr 19, 2024
View reviewed changes
src/codemodder/codemods/test/integration_utils.py Outdated
# idempotency test, run it again and assert no files changed
completed_process = subprocess.run(
command,
completed_process = safe_command.run(subprocess.run, command,
Copy link
Contributor Author

@pixeebot pixeebot bot Apr 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replaces subprocess.{func} with more secure safe_command library functions.

pixeebot[bot]
pixeebot bot commented Apr 19, 2024
View reviewed changes
pyproject.toml
"tomlkit~=0.12.0",
"wrapt~=1.16.0",
"chardet~=5.2.0",
"security==1.2.1",
Copy link
Contributor Author

@pixeebot pixeebot bot Apr 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This library holds security tools for protecting Python API calls.

License: MITOpen SourceMore facts

@sonarqubecloud
Copy link

sonarqubecloud bot commented Apr 19, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@drdavella drdavella Awaiting requested review from drdavella drdavella is a code owner

@andrecsilva andrecsilva Awaiting requested review from andrecsilva andrecsilva is a code owner

@clavedeluna clavedeluna Awaiting requested review from clavedeluna clavedeluna is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@clavedeluna