Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Modify rule S5146: Fix invalid Python sample #2239

Merged
merged 3 commits into from
Jun 29, 2023

Conversation

John-Clifton-SonarSource
Copy link
Contributor

@John-Clifton-SonarSource John-Clifton-SonarSource commented Jun 19, 2023

I couldn't get Sonarcloud to trigger this issue using the provided noncompliant code example.

I think the code examples as written end up being circular because the local function 'redirect()' will call itself rather than the imported 'redirect()' function of the same name. The fix is to change the local function name to be redirecting(). I changed the API endpoint name as well so that it matched. Once I had made this change, the noncompliant code example did lead to Sonarcloud spotting the issue.

Review

A dedicated reviewer checked the rule description successfully for:

  • logical errors and incorrect information
  • information gaps and missing content
  • text style and tone
  • PR summary and labels follow the guidelines

I couldn't get Sonarcloud to trigger this issue using the provided noncompliant code example. 

I think the code examples as written end up being circular because the local function 'redirect()' will call itself rather than the imported 'redirect()' function of the same name. The fix is to change the local function name to be redirecting(). I changed the API endpoint name as well so that it matched.
If you keep the Flask call in, it triggers a different hotspot instead of this rule. Removing it seems to mean that this example triggers this rule.
Undo my removal of 'Flask()' calls. This will cause a hotspot to be raised but I don't know enough to fix that properly so will have to leave it for now. I'll leave this PR solving the circular call issue and raise a dogfood post on the compliant code causing a hotspot to appear.
@sonarsource-next
Copy link

SonarQube Quality Gate for 'rspec-frontend'

Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

@sonarsource-next
Copy link

SonarQube Quality Gate for 'rspec-tools'

Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

Copy link
Contributor

@hendrik-buchwald-sonarsource hendrik-buchwald-sonarsource left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice finding 👍 Since it is a security rule, feel free to ping AppSec next time for a review.

The change itself looks good, just the title of the PR was not matching yet the format of the readme. I have updated the title, so feel free to merge.

@hendrik-buchwald-sonarsource hendrik-buchwald-sonarsource changed the title Update flask.adoc Modify rule S5146: Fix invalid Python sample Jun 29, 2023
@John-Clifton-SonarSource John-Clifton-SonarSource merged commit 4861cfa into master Jun 29, 2023
@John-Clifton-SonarSource John-Clifton-SonarSource deleted the John-Clifton-SonarSource-patch-1 branch June 29, 2023 13:57
guillaume-dequenne-sonarsource pushed a commit that referenced this pull request Jul 3, 2023
I couldn't get Sonarcloud to trigger this issue using the provided
noncompliant code example.

I think the code examples as written end up being circular because the
local function 'redirect()' will call itself rather than the imported
'redirect()' function of the same name. The fix is to change the local
function name to be redirecting(). I changed the API endpoint name as
well so that it matched. Once I had made this change, the noncompliant
code example did lead to Sonarcloud spotting the issue.

## Review

A dedicated reviewer checked the rule description successfully for:

- [x] logical errors and incorrect information
- [x] information gaps and missing content
- [x] text style and tone
- [x] PR summary and labels follow [the
guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants