-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Modify rule S5146: Fix invalid Python sample #2239
Modify rule S5146: Fix invalid Python sample #2239
Conversation
I couldn't get Sonarcloud to trigger this issue using the provided noncompliant code example. I think the code examples as written end up being circular because the local function 'redirect()' will call itself rather than the imported 'redirect()' function of the same name. The fix is to change the local function name to be redirecting(). I changed the API endpoint name as well so that it matched.
If you keep the Flask call in, it triggers a different hotspot instead of this rule. Removing it seems to mean that this example triggers this rule.
Undo my removal of 'Flask()' calls. This will cause a hotspot to be raised but I don't know enough to fix that properly so will have to leave it for now. I'll leave this PR solving the circular call issue and raise a dogfood post on the compliant code causing a hotspot to appear.
SonarQube Quality Gate for 'rspec-frontend' |
SonarQube Quality Gate for 'rspec-tools' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice finding 👍 Since it is a security rule, feel free to ping AppSec next time for a review.
The change itself looks good, just the title of the PR was not matching yet the format of the readme. I have updated the title, so feel free to merge.
I couldn't get Sonarcloud to trigger this issue using the provided noncompliant code example. I think the code examples as written end up being circular because the local function 'redirect()' will call itself rather than the imported 'redirect()' function of the same name. The fix is to change the local function name to be redirecting(). I changed the API endpoint name as well so that it matched. Once I had made this change, the noncompliant code example did lead to Sonarcloud spotting the issue. ## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
I couldn't get Sonarcloud to trigger this issue using the provided noncompliant code example.
I think the code examples as written end up being circular because the local function 'redirect()' will call itself rather than the imported 'redirect()' function of the same name. The fix is to change the local function name to be redirecting(). I changed the API endpoint name as well so that it matched. Once I had made this change, the noncompliant code example did lead to Sonarcloud spotting the issue.
Review
A dedicated reviewer checked the rule description successfully for: