diff --git a/src/codemodder/scripts/generate_docs.py b/src/codemodder/scripts/generate_docs.py index b819a5546..821c04026 100644 --- a/src/codemodder/scripts/generate_docs.py +++ b/src/codemodder/scripts/generate_docs.py @@ -184,6 +184,9 @@ def main(): registry = load_registered_codemods() for codemod in registry.codemods: + if codemod.name == "order-imports": + continue + doc = generate_docs(codemod) codemod_doc_name = f"{codemod.id.replace(':', '_').replace('/', '_')}.md" with open(parent_dir / codemod_doc_name, "w", encoding="utf-8") as f: diff --git a/src/core_codemods/docs/pixee_python_sql-parameterization.md b/src/core_codemods/docs/pixee_python_sql-parameterization.md index b3c8603f9..fd5a4d98f 100644 --- a/src/core_codemods/docs/pixee_python_sql-parameterization.md +++ b/src/core_codemods/docs/pixee_python_sql-parameterization.md @@ -1,6 +1,6 @@ This codemod refactors SQL statements to be parameterized, rather than built by hand. -Without parameterization, developers must remember to escape string inputs using the rules for that column type and database. This usually results in bugs -- and sometimes vulnerability. Although it's not clear if this code is exploitable today, this change will make the code more robust in case the conditions which prevent exploitation today ever go away. +Without parameterization, developers must remember to escape string inputs using the rules for that column type and database. This usually results in bugs -- and sometimes vulnerabilities. Although we can't tell for sure if your code is actually exploitable, this change will make the code more robust in case the conditions which prevent exploitation today ever go away. Our changes look something like this: diff --git a/src/core_codemods/docs/pixee_python_use-defusedxml.md b/src/core_codemods/docs/pixee_python_use-defusedxml.md index a59817291..a0a1eb616 100644 --- a/src/core_codemods/docs/pixee_python_use-defusedxml.md +++ b/src/core_codemods/docs/pixee_python_use-defusedxml.md @@ -1,4 +1,4 @@ -You might be surprised to learn that Python's standard library XML libraries are +You might be surprised to learn that Python's built-in XML libraries are [considered insecure](https://docs.python.org/3/library/xml.html#xml-vulnerabilities) against various kinds of attacks. diff --git a/src/core_codemods/sql_parameterization.py b/src/core_codemods/sql_parameterization.py index c6ae7c624..1c22fe5ec 100644 --- a/src/core_codemods/sql_parameterization.py +++ b/src/core_codemods/sql_parameterization.py @@ -34,7 +34,7 @@ class SQLQueryParameterization(BaseCodemod, UtilsMixin, Codemod): - SUMMARY = "Parameterize SQL queries." + SUMMARY = "Parameterize SQL Queries" METADATA = CodemodMetadata( DESCRIPTION=SUMMARY, NAME="sql-parameterization",