Skip to content

Commit

Permalink
Minor updates to the docs and script
Browse files Browse the repository at this point in the history
  • Loading branch information
drdavella committed Oct 25, 2023
1 parent f98f83a commit 586422a
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 3 deletions.
3 changes: 3 additions & 0 deletions src/codemodder/scripts/generate_docs.py
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,9 @@ def main():

registry = load_registered_codemods()
for codemod in registry.codemods:
if codemod.name == "order-imports":
continue

doc = generate_docs(codemod)
codemod_doc_name = f"{codemod.id.replace(':', '_').replace('/', '_')}.md"
with open(parent_dir / codemod_doc_name, "w", encoding="utf-8") as f:
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
This codemod refactors SQL statements to be parameterized, rather than built by hand.

Without parameterization, developers must remember to escape string inputs using the rules for that column type and database. This usually results in bugs -- and sometimes vulnerability. Although it's not clear if this code is exploitable today, this change will make the code more robust in case the conditions which prevent exploitation today ever go away.
Without parameterization, developers must remember to escape string inputs using the rules for that column type and database. This usually results in bugs -- and sometimes vulnerabilities. Although we can't tell for sure if your code is actually exploitable, this change will make the code more robust in case the conditions which prevent exploitation today ever go away.

Our changes look something like this:

Expand Down
2 changes: 1 addition & 1 deletion src/core_codemods/docs/pixee_python_use-defusedxml.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
You might be surprised to learn that Python's standard library XML libraries are
You might be surprised to learn that Python's built-in XML libraries are
[considered insecure](https://docs.python.org/3/library/xml.html#xml-vulnerabilities)
against various kinds of attacks.

Expand Down
2 changes: 1 addition & 1 deletion src/core_codemods/sql_parameterization.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@


class SQLQueryParameterization(BaseCodemod, UtilsMixin, Codemod):
SUMMARY = "Parameterize SQL queries."
SUMMARY = "Parameterize SQL Queries"
METADATA = CodemodMetadata(
DESCRIPTION=SUMMARY,
NAME="sql-parameterization",
Expand Down

0 comments on commit 586422a

Please sign in to comment.