Added updates from comments

dwiley258 · dwiley258 · commit d738b70bcc7c · 2025-07-31T11:34:07.000+01:00
diff --git a/docs/Secure-Coding-Guide-for-Python/CWE-703/CWE-230/README.md b/docs/Secure-Coding-Guide-for-Python/CWE-703/CWE-230/README.md
@@ -1,19 +1,19 @@
 # CWE-230: Improper Handling of Missing Values
 
-The `NaN` value should be stripped before as they can cause surprising or undefined behaviours in the statistics functions that sort or count occurrences [[2024 doc.python.org]](https://docs.python.org/3/library/statistics.html).
-In python, some datasets use `NaN` (not-a-number) to represent the missing data. This can be problematic as the `NaN` values are unordered.  Any ordered comparison of a number to a not-a-number value are `False`. A counter-intuitive implication is that `not-a-number` values are not equal to themselves.
+In python, some datasets use `NaN` (not-a-number) to represent the missing data. This can be problematic as the `NaN` values are unordered. The `NaN` value should be stripped before as they can cause surprising or undefined behaviours in the statistics functions that sort or count occurrences [[2024 doc.python.org]](https://docs.python.org/3/library/statistics.html) Any ordered comparison of a number to a not-a-number value are `False`. A counter-intuitive implication is that `not-a-number` values are not equal to themselves.
 
 This behavior is compliant with IEEE 754[[2024 Wikipedia]](https://en.wikipedia.org/wiki/IEEE_754) a hardware induced compromise.
-The [example01.py](example01.py) code demonstrates various comparisons of float('NaN') all resulting in False
+The [example01.py](example01.py) code demonstrates various comparisons of `float('NaN')` all resulting in `False`.
+
 ```python
 # SPDX-FileCopyrightText: OpenSSF project contributors
 # SPDX-License-Identifier: MIT
 """ Code Example """
- 
+
 foo = float('NaN')
 print(f"foo={foo} type = {type(foo)}")
- 
- 
+
+
 print(foo == float("NaN") or
       foo is float("NaN") or
       foo < 3 or
@@ -22,20 +22,19 @@ print(foo == float("NaN") or
       )
 
 ```
-## Non-Compliant Code Example
 
-This noncompliant code example [[2024 docs.python.org]](https://docs.python.org/3/reference/expressions.html#value-comparisons) attempts a direct comparison with NaN in
+## Non-Compliant Code Example
 
-_value == float("NaN").
+This noncompliant code example [[2024 docs.python.org]](https://docs.python.org/3/reference/expressions.html#value-comparisons) attempts a direct comparison with `NaN` in `_value == float("NaN")`.
 
 *[noncompliant01.py](noncompliant01.py):*
 
 ```python
 # SPDX-FileCopyrightText: OpenSSF project contributors
 # SPDX-License-Identifier: MIT
 """ Non-compliant Code Example """
- 
- 
+
+
 def balance_is_positive(value: str) -> bool:
     """Returns True if there is still enough value for a transaction"""
     _value = float(value)
@@ -45,8 +44,8 @@ def balance_is_positive(value: str) -> bool:
         return False
     else:
         return True
- 
- 
+
+
 #####################
 # attempting to exploit above code example
 #####################
@@ -56,31 +55,32 @@ print(balance_is_positive("NaN"))
 
 ```
 
-The balance_is_positive method returns True for all 3 cases instead of throwing an ValureError exception for balance_is_positive("NaN")
+The `balance_is_positive` method returns `True` for all 3 cases instead of throwing an `ValureError` exception for `balance_is_positive("NaN")`.
 
 ## Compliant Solution
 
 In the `compliant01.py` code example, the method `Decimal.quantize` is used to gain control over known rounding errors in floating point values.
 
-The decision by the `balance_is_positive` method is to `ROUND_DOWN` instead of the default `ROUND_HALF_EVEN`.
+The decision by the balance_is_positive method is to `ROUND_DOWN` instead of the default `ROUND_HALF_EVEN`.
 
 *[compliant01.py](compliant01.py):*
 
 ```python
 # SPDX-FileCopyrightText: OpenSSF project contributors
 # SPDX-License-Identifier: MIT
 """ Compliant Code Example """
+
 from decimal import ROUND_DOWN, Decimal
- 
- 
+
+
 def balance_is_positive(value: str) -> bool:
     """Returns True if there is still enough value for a transaction"""
     # TODO: additional input sanitation for expected type
     _value = Decimal(value)
     # TODO: exception handling
     return _value.quantize(Decimal(".01"), rounding=ROUND_DOWN) > Decimal("0.00")
- 
- 
+
+
 #####################
 # attempting to exploit above code example
 #####################
@@ -90,19 +90,20 @@ print(balance_is_positive("NaN"))
 
 ```
 
-Decimal throws a decimal.InvalidOperation for NaN values, the controlled rounding causes only "0.01" to return True.
+`Decimal` throws a `decimal.InvalidOperation` for `NaN` values, the controlled rounding causes only `"0.01"` to return `True`.
 
-In `compliant02.py` we use the `math.isnan` to verify if the value passed is a valid `float` value.
+In `compliant02.py` we use the math.isnan to very if the value passed is a valid `float` value.
 
 *[compliant02.py](compliant02.py):*
 
 ```python
 # SPDX-FileCopyrightText: OpenSSF project contributors
 # SPDX-License-Identifier: MIT
 """ Compliant Code Example """
+
 import math
- 
- 
+
+
 def balance_is_positive(value: str) -> bool:
     """Returns True if there is still enough value for a transaction"""
     _value = float(value)
@@ -112,8 +113,8 @@ def balance_is_positive(value: str) -> bool:
         return False
     else:
         return True
- 
- 
+
+
 #####################
 # attempting to exploit above code example
 #####################
@@ -123,7 +124,7 @@ print(balance_is_positive("NaN"))
 
 ```
 
-The balance_is_poitive method will raise an ValueError for NaN values.
+The `balance_is_poitive` method will raise an `ValueError` for `NaN` values.
 
 ## Automated Detection
 
diff --git a/docs/Secure-Coding-Guide-for-Python/CWE-703/CWE-230/compliant01.py b/docs/Secure-Coding-Guide-for-Python/CWE-703/CWE-230/compliant01.py
@@ -1,6 +1,6 @@
 # SPDX-FileCopyrightText: OpenSSF project contributors
 # SPDX-License-Identifier: MIT
-""" Non-compliant Code Example """
+""" Compliant Code Example """
 
 from decimal import ROUND_DOWN, Decimal
 
diff --git a/docs/Secure-Coding-Guide-for-Python/CWE-703/CWE-230/compliant02.py b/docs/Secure-Coding-Guide-for-Python/CWE-703/CWE-230/compliant02.py
@@ -1,8 +1,10 @@
 # SPDX-FileCopyrightText: OpenSSF project contributors
 # SPDX-License-Identifier: MIT
-""" Non-compliant Code Example """
+""" Compliant Code Example """
+
 import math
- 
+
+
 def balance_is_positive(value: str) -> bool:
     """Returns True if there is still enough value for a transaction"""
     _value = float(value)
@@ -12,8 +14,8 @@ def balance_is_positive(value: str) -> bool:
         return False
     else:
         return True
- 
- 
+
+
 #####################
 # attempting to exploit above code example
 #####################
diff --git a/docs/Secure-Coding-Guide-for-Python/readme.md b/docs/Secure-Coding-Guide-for-Python/readme.md
@@ -92,7 +92,7 @@ It is __not production code__ and requires code-style or python best practices t
 
 |[CWE-703: Improper Check or Handling of Exceptional Conditions](https://cwe.mitre.org/data/definitions/703.html)|Prominent CVE|
 |:----------------------------------------------------------------|:----|
-|[CWE-230: Improper Handling of Missing Values](CWE-703/CWE-230/.)||
+|[CWE-230: Improper Handling of Missing Values](CWE-703/CWE-230/README.md)||
 |[CWE-252: Unchecked Return Value](CWE-703/CWE-252/README.md)||
 |[CWE-390: Detection of Error Condition without Action](CWE-703/CWE-390/README.md)||
 |[CWE-392: Missing Report of Error Condition](CWE-703/CWE-392/README.md)||
