Modify rule S4507: Add support for Flask-GraphQL #3428

daniel-teuchert-sonarsource · 2023-11-09T13:51:23Z

Review

A dedicated reviewer checked the rule description successfully for:

logical errors and incorrect information
information gaps and missing content
text style and tone
PR summary and labels follow the guidelines

pierre-loup-tristant-sonarsource

LGTM. Some minor comments regarding the consistency of code examples.

pierre-loup-tristant-sonarsource · 2023-11-13T09:56:31Z

rules/S4507/python/how-to-fix-it/flask-graphql.adoc

+[source,python]
+----
+from flask import Flask
+from flask_graphql import GraphQLView


Suggested change

from flask_graphql import GraphQLView

from graphql_server.flask import GraphQLView

I suggest using a different import since flask_graphql is now part of graphql_server (see README)

In general, try to be consistent with the code example we already have in S6786

@daniel-teuchert-sonarsource not sure you saw this one.

pierre-loup-tristant-sonarsource

I just notice the asciidoc check is failing with the following errors:

Rule python:S4507 has a "Code examples" subsection with an unallowed name: "Sensitive Code Example"
Rule python:S4507 has an unconventional header "How to fix it in Django"

…sec-987

daniel-teuchert-sonarsource · 2023-11-13T13:28:18Z

I missed that hotspots do not make use of the "How to fix it in" sections.
I adjusted the format.

pierre-loup-tristant-sonarsource · 2023-11-13T14:31:25Z

rules/S4507/python/rule.adoc

@@ -4,8 +4,6 @@ include::../ask-yourself.adoc[]

 include::../recommended.adoc[]

-== Sensitive Code Example


This section title should not be removed.

pierre-loup-tristant-sonarsource

LGTM.
Before merging make sure you read the comment I made earlier this morning #3428 (comment)

daniel-teuchert-sonarsource · 2023-11-13T15:26:24Z

LGTM. Before merging make sure you read the comment I made earlier this morning #3428 (comment)

Thanks! I overlooked this. I will make this adjustment. The PR will be merged once the implementation ticket is done.

sonarqube-next · 2023-11-13T15:31:56Z

Quality Gate passed for 'rspec-frontend'

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

sonarqube-next · 2023-11-13T15:33:05Z

Quality Gate passed for 'rspec-tools'

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

daniel-teuchert-sonarsource added 2 commits November 9, 2023 13:46

Added how to fix it section for flask-graphql

585f461

Restructured code examples

86676b2

daniel-teuchert-sonarsource added appsec python labels Nov 9, 2023

pierre-loup-tristant-sonarsource approved these changes Nov 13, 2023

View reviewed changes

pierre-loup-tristant-sonarsource requested changes Nov 13, 2023

View reviewed changes

daniel-teuchert-sonarsource and others added 3 commits November 13, 2023 14:02

Merge branch 'master' into rule/python/S4507/add-graphiql-support-app…

b38fb40

…sec-987

Adjusted format

e526cf2

Change to allowed_framework_names not needed anymore

711da21

daniel-teuchert-sonarsource requested a review from pierre-loup-tristant-sonarsource November 13, 2023 13:27

pierre-loup-tristant-sonarsource requested changes Nov 13, 2023

View reviewed changes

Update rule.adoc

d483a5b

daniel-teuchert-sonarsource requested a review from pierre-loup-tristant-sonarsource November 13, 2023 14:55

pierre-loup-tristant-sonarsource approved these changes Nov 13, 2023

View reviewed changes

Applied suggestion.

750a404

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Modify rule S4507: Add support for Flask-GraphQL #3428

Modify rule S4507: Add support for Flask-GraphQL #3428

daniel-teuchert-sonarsource commented Nov 9, 2023

pierre-loup-tristant-sonarsource left a comment

pierre-loup-tristant-sonarsource Nov 13, 2023

pierre-loup-tristant-sonarsource Nov 13, 2023

pierre-loup-tristant-sonarsource left a comment

daniel-teuchert-sonarsource commented Nov 13, 2023

pierre-loup-tristant-sonarsource Nov 13, 2023

pierre-loup-tristant-sonarsource left a comment

daniel-teuchert-sonarsource commented Nov 13, 2023

sonarqube-next bot commented Nov 13, 2023

sonarqube-next bot commented Nov 13, 2023

	from flask_graphql import GraphQLView
	from graphql_server.flask import GraphQLView

		@@ -4,8 +4,6 @@ include::../ask-yourself.adoc[]

		include::../recommended.adoc[]

		== Sensitive Code Example

Modify rule S4507: Add support for Flask-GraphQL #3428

Are you sure you want to change the base?

Modify rule S4507: Add support for Flask-GraphQL #3428

Conversation

daniel-teuchert-sonarsource commented Nov 9, 2023

Review

pierre-loup-tristant-sonarsource left a comment

Choose a reason for hiding this comment

pierre-loup-tristant-sonarsource Nov 13, 2023

Choose a reason for hiding this comment

pierre-loup-tristant-sonarsource Nov 13, 2023

Choose a reason for hiding this comment

pierre-loup-tristant-sonarsource left a comment

Choose a reason for hiding this comment

daniel-teuchert-sonarsource commented Nov 13, 2023

pierre-loup-tristant-sonarsource Nov 13, 2023

Choose a reason for hiding this comment

pierre-loup-tristant-sonarsource left a comment

Choose a reason for hiding this comment

daniel-teuchert-sonarsource commented Nov 13, 2023

sonarqube-next bot commented Nov 13, 2023

Quality Gate passed for 'rspec-frontend'

sonarqube-next bot commented Nov 13, 2023

Quality Gate passed for 'rspec-tools'