Skip to content

42 code example where tested with various SAST tools detecting flaws: #653

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 17, 2024
Merged

42 code example where tested with various SAST tools detecting flaws: #653

merged 3 commits into from
Oct 17, 2024

Conversation

myteron
Copy link
Contributor

@myteron myteron commented Oct 11, 2024

  • PyLint 6
  • Bandit 3
  • Pyre 1
  • flake8 0
  • Pysa 0

Some type hint related flaws are corrected as part of this PR

fixed wrong type hints in:
CWE-664/CWE-134/compliant01.py
CWE-664/CWE-843/compliant01.py
CWE-682/CWE-1335/01/compliant02.py
CWE-693/CWE-184/compliant01.py
CWE-693/CWE-184/noncompliant01.py

renamed CWE-664/CWE-502/compliant01.py to example as it does not represent compliance.

@myteron
42 code example where tested with various SAST tools detecting flaws:
d74ee96 
- PyLint 6
- Bandit 3
- Pyre 1
- flake8 0
- Pysa 0

Some type hint related flaws are corrected as part of this PR

fixed wrong type hints in:
CWE-664/CWE-134/compliant01.py
CWE-664/CWE-843/compliant01.py
CWE-682/CWE-1335/01/compliant02.py
CWE-693/CWE-184/compliant01.py
CWE-693/CWE-184/noncompliant01.py

renamed CWE-664/CWE-502/compliant01.py to example as it does not represent compliance.

Signed-off-by: Helge Wehder <[email protected]>
@myteron
Merge branch 'main' of github.com:myteron/wg-best-practices-os-develo…
4259706 
…pers into pySAST_findings
@myteron
CWE-664/CWE-1335/compliant02.py corrected type hints
7dd078d 
CWE-664/665/ removed example01.py as its just a code snippet

Signed-off-by: Helge Wehder <[email protected]>
barnabasdomozi
barnabasdomozi approved these changes Oct 17, 2024
View reviewed changes
Copy link

@barnabasdomozi barnabasdomozi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi, I reviewed the PR.

The changes LGTM.

docs/Secure-Coding-Guide-for-Python/CWE-664/CWE-665/example01.py
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with the proposal to move this code into documentation.

docs/Secure-Coding-Guide-for-Python/CWE-682/CWE-1335/01/compliant02.py
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This correctly fixed the type annotation issue.

BartyBoi1128
BartyBoi1128 approved these changes Oct 17, 2024
View reviewed changes
Copy link
Contributor

@BartyBoi1128 BartyBoi1128 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes look fine! I approve them!

@myteron myteron merged commit 21937cb into ossf:main Oct 17, 2024
2 checks passed
@myteron myteron deleted the pySAST_findings branch October 17, 2024 10:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@BartyBoi1128 BartyBoi1128 BartyBoi1128 approved these changes

@barnabasdomozi barnabasdomozi barnabasdomozi approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@myteron @BartyBoi1128 @barnabasdomozi