Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Whitelist lines ending in # nosec #121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
KevinHock merged 22 commits into from
Apr 28, 2018
+37 −17
Merged

Whitelist lines ending in # nosec #121

Changes from 1 commit
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
4cd3ea5
nosec_lines for #108's issue
omergunal Apr 22, 2018
ae9e8e9
nosec_lines
omergunal Apr 23, 2018
1735db7
added nosec_lines parameter
omergunal Apr 23, 2018
fb88051
Update vulnerabilities.py
omergunal Apr 23, 2018
d0e8ef0
Code edited
omergunal Apr 24, 2018
8569aa4
unnecessary codes deleted
omergunal Apr 24, 2018
e8cddd0
passed nosec_lines on analyse_repo
omergunal Apr 25, 2018
3d5867b
Added nosec_lines
omergunal Apr 26, 2018
1502ee7
added empty nosec lines for tests
omergunal Apr 26, 2018
bed2f77
added nosec_lines
omergunal Apr 26, 2018
69d0193
added empty nosec_lines for tests
omergunal Apr 26, 2018
3cb5186
Added ignore-nosec argument
omergunal Apr 26, 2018
ec6d23a
Update vulnerabilities_test.py
omergunal Apr 26, 2018
6f09912
unnecessary codes removed
omergunal Apr 26, 2018
9c4dea6
added default nosec_lines
omergunal Apr 26, 2018
f4ebbff
Update vulnerabilities.py
omergunal Apr 27, 2018
7c872a0
Update vulnerabilities.py
omergunal Apr 27, 2018
b943310
removed spaces
omergunal Apr 28, 2018
175c235
new line between imports and codes
omergunal Apr 28, 2018
c79161c
Update __main__.py
omergunal Apr 28, 2018
ed13514
new line between imports and codes
omergunal Apr 28, 2018
0928700
removed set() from nosec_lines
omergunal Apr 28, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
added default nosec_lines
  • Loading branch information
@omergunal
omergunal authored Apr 26, 2018
commit 9c4dea6e511f76abca8feb396ecf1e6f2e1565fb
4 changes: 2 additions & 2 deletions pyt/vulnerabilities.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,7 @@ def append_node_if_reassigned(
def find_triggers(
nodes,
trigger_words,
nosec_lines
nosec_lines = set()
Copy link
Copy Markdown
Collaborator

@KevinHock KevinHock Apr 28, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please do nosec_lines=set() instead of nosec_lines = set()? I thought find_vulnerabilities was the only function that needed this, but you're right since we do call find_triggers once from a test here

pyt/tests/vulnerabilities_test.py

Line 96 in a3b9951

l = vulnerabilities.find_triggers(XSS1.nodes, trigger_words)
maybe since we just call it once from tests we can pass in the set in that test.

Copy link
Copy Markdown
Collaborator

@KevinHock KevinHock Apr 28, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can see some of these in the https://codeclimate.com/github/python-security/pyt/pull/121 output.

):
"""Find triggers from the trigger_word_list in the nodes.

Expand Down Expand Up @@ -470,7 +470,7 @@ def find_vulnerabilities_in_cfg(
ui_mode,
blackbox_mapping,
vulnerabilities_list,
nosec_lines
nosec_lines = set()
Copy link
Copy Markdown
Collaborator

@KevinHock KevinHock Apr 28, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this shouldn't be necessary, (to make it default to empty set), we can just leave it as nosec_lines. This is b/c we only call find_vulnerabilities from tests, not this function.

):
"""Find vulnerabilities in a cfg.

Expand Down