pySCG: Adding documentation to CWE-175 as part of #531 #687
Conversation
Signed-off-by: edanhub <[email protected]>
There was a problem hiding this comment.
code not working, line 12 and 15 are missing locale.CURRENT_LOCALE
docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-175/compliant03.py
Outdated
Show resolved
Hide resolved
docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-175/noncompliant03.py
Outdated
Show resolved
Hide resolved
myteron
changed the title
Signed-off-by: edanhub <[email protected]>
| # Trying to exploit above code example | ||
| ##################### | ||
|
|
||
| locale.setlocale(locale.LC_ALL, CURRENT_LOCALE) |
There was a problem hiding this comment.
Did you forget to initialise CURRENT_LOCALE in here?
| print(f"Locale is {locale.getlocale()}") | ||
| print(f"Do the numbers match? {compare_number(ORIGINAL_NUMBER)}") | ||
|
|
||
| ## Locale is ('English_Ireland', '1252') |
There was a problem hiding this comment.
Linter also gives out everytime there is more than one "#" for me
too many leading '#' for block commentFlake8(E266)
There was a problem hiding this comment.
Looks like this is resolved!
| """ Non-compliant Code Example """ | ||
| import io | ||
|
|
||
| LOREM = """Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. |
There was a problem hiding this comment.
Got a lot of "Line too long" from Pylint... not sure if we care about this though:
Line too long (456/100)PylintC0301:line-too-long
(constant) LOREM: Literal['Lorem ipsum dolor sit amet, consectetur adipiscing…']
Got that for lines 6,7,8 and 18
There was a problem hiding this comment.
You can resolve this, don't think we care about this
| """ Compliant Code Example """ | ||
| import io | ||
|
|
||
| LOREM = """Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum. |
There was a problem hiding this comment.
Pylint giving out that lines 6, 7 and 8 are too long... not sure if we care though...
There was a problem hiding this comment.
Don't think we care here either, can be resolved
Co-authored-by: myteron <[email protected]> Signed-off-by: Hubert Daniszewski <[email protected]>
Co-authored-by: myteron <[email protected]> Signed-off-by: Hubert Daniszewski <[email protected]>
docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-175/compliant01.py
Outdated
Show resolved
Hide resolved
docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-175/compliant02.py
Outdated
Show resolved
Hide resolved
docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-175/noncompliant01.py
Outdated
Show resolved
Hide resolved
docs/Secure-Coding-Guide-for-Python/CWE-707/CWE-175/noncompliant02.py
Outdated
Show resolved
Hide resolved
Co-authored-by: BartyBoi1128 <[email protected]> Signed-off-by: Hubert Daniszewski <[email protected]>
…1.py Co-authored-by: BartyBoi1128 <[email protected]> Signed-off-by: Hubert Daniszewski <[email protected]>
…2.py Co-authored-by: BartyBoi1128 <[email protected]> Signed-off-by: Hubert Daniszewski <[email protected]>
Co-authored-by: BartyBoi1128 <[email protected]> Signed-off-by: Hubert Daniszewski <[email protected]>
Co-authored-by: BartyBoi1128 <[email protected]> Signed-off-by: Hubert Daniszewski <[email protected]>
…nt01.py Co-authored-by: BartyBoi1128 <[email protected]> Signed-off-by: Hubert Daniszewski <[email protected]>
…nt01.py Co-authored-by: BartyBoi1128 <[email protected]> Signed-off-by: Hubert Daniszewski <[email protected]>
…nt02.py Co-authored-by: BartyBoi1128 <[email protected]> Signed-off-by: Hubert Daniszewski <[email protected]>
…nt01.py Co-authored-by: BartyBoi1128 <[email protected]> Signed-off-by: Hubert Daniszewski <[email protected]>
Thank you for the suggestions, I have now merged all of them. As for the "##" in comments, I will change them to a singular "#" and indicate if they are supposed to be console output or something else. |
Signed-off-by: edanhub <[email protected]>
Adding documentation to CWE-175 as part of #531