Skip to content

Commit e637469

Browse files
myteronmyteron
committed
adressed comments
Signed-off-by: Helge Wehder <[email protected]>
1 parent 9beb3dc commit e637469

File tree

2 files changed

+15
-17
lines changed

2 files changed

+15
-17
lines changed

docs/Secure-Coding-Guide-for-Python/CWE-693/CWE-798/README.md

Lines changed: 14 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -35,42 +35,42 @@ The `noncompliant01.py` code `front_end` method simulates our front-end service
3535
```py
3636
# SPDX-FileCopyrightText: OpenSSF project contributors
3737
# SPDX-License-Identifier: MIT
38-
""" Non-compliant Code Example """
38+
"""Non-compliant Code Example"""
39+
3940
import logging
4041
import unittest
41-
42+
4243
logging.basicConfig(encoding="utf-8", level=logging.DEBUG)
43-
44-
44+
45+
4546
def front_end():
46-
"""Dummy method demonstrating noncompliant implementation"""
47+
"""Simulating front end implementation"""
4748
# A noncompliant implementation would typically hardcode server_config
4849
# and load it from a project global python file or variable
4950
server_config = {}
5051
server_config["IP"] = "192.168.0.1"
5152
server_config["PORT"] = "192.168.0.1"
5253
server_config["USER"] = "admin"
5354
server_config["PASS"] = "SuperSecret123"
54-
55+
5556
# it would then use the configuration
5657
logging.debug("connecting to server IP %s", server_config["IP"])
5758
logging.debug("connecting to server PORT %s", server_config["IP"])
5859
logging.debug("connecting to server USER %s", server_config["USER"])
5960
logging.debug("connecting to server PASS %s", server_config["PASS"])
60-
61-
61+
62+
6263
class TestSimulateDeployingFrontEnd(unittest.TestCase):
6364
"""
6465
Simulate the deployment starting the front_end to connect
6566
to the backend
6667
"""
67-
68+
6869
def test_front_end(self):
6970
"""Verifiy front_end implementation"""
7071
front_end()
71-
72-
73-
72+
73+
7474
if __name__ == "__main__":
7575
unittest.main()
7676
```
@@ -94,11 +94,10 @@ The `compliant01.py` code is using a `config.ini` file that is created by the de
9494
*[compliant01.py](compliant01.py):*
9595

9696
```python
97-
""" Compliant Code Example """
9897
# SPDX-FileCopyrightText: OpenSSF project contributors
9998
# SPDX-License-Identifier: MIT
10099
""" Compliant Code Example """
101-
import logging
100+
102101
from pathlib import Path
103102
import unittest
104103
import configparser
@@ -107,8 +106,7 @@ logging.basicConfig(encoding="utf-8", level=logging.DEBUG)
107106

108107

109108
def front_end(config_file_path: Path):
110-
"""Dummy method demonstrating noncompliant implementation"""
111-
# A compliant loads connection information from a well protect file
109+
"""Simulating front end implementation"""
112110
_config = configparser.ConfigParser()
113111
_config.read(config_file_path)
114112

docs/Secure-Coding-Guide-for-Python/CWE-693/CWE-798/compliant01.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111

1212

1313
def front_end(config_file_path: Path):
14-
"""Dummy method demonstrating noncompliant implementation"""
14+
"""Simulating front end implementation"""
1515
# A compliant loads connection information from a well protect file
1616
_config = configparser.ConfigParser()
1717
_config.read(config_file_path)

0 commit comments

Comments
 (0)