Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minor updates to the docs and script #98

Merged
merged 1 commit into from
Oct 25, 2023
Merged

Minor updates to the docs and script #98

merged 1 commit into from
Oct 25, 2023

Conversation

drdavella
Copy link
Member

No description provided.

@codecov
Copy link

codecov bot commented Oct 25, 2023
edited
Loading

Codecov Report

❗ No coverage uploaded for pull request base (main@f98f83a). Click here to learn what that means.
The diff coverage is 100.00%.

Impacted file tree graph

@@           Coverage Diff           @@
##             main      #98   +/-   ##
=======================================
  Coverage        ?   95.22%           
=======================================
  Files           ?       51           
  Lines           ?     2285           
  Branches        ?        0           
=======================================
  Hits            ?     2176           
  Misses          ?      109           
  Partials        ?        0
Files Coverage Δ
src/core_codemods/sql_parameterization.py 91.36% <100.00%> (ø)

@drdavella drdavella marked this pull request as ready for review October 25, 2023 14:31
andrecsilva
andrecsilva approved these changes Oct 25, 2023
View reviewed changes
src/core_codemods/docs/pixee_python_sql-parameterization.md
@@ -1,6 +1,6 @@
This codemod refactors SQL statements to be parameterized, rather than built by hand.

Without parameterization, developers must remember to escape string inputs using the rules for that column type and database. This usually results in bugs -- and sometimes vulnerability. Although it's not clear if this code is exploitable today, this change will make the code more robust in case the conditions which prevent exploitation today ever go away.
Without parameterization, developers must remember to escape string inputs using the rules for that column type and database. This usually results in bugs -- and sometimes vulnerabilities. Although we can't tell for sure if your code is actually exploitable, this change will make the code more robust in case the conditions which prevent exploitation today ever go away.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You might want to also update the Java version of SQL parameterization. This was lifted straight from there.

src/core_codemods/sql_parameterization.py
@@ -34,7 +34,7 @@


class SQLQueryParameterization(BaseCodemod, UtilsMixin, Codemod):
SUMMARY = "Parameterize SQL queries."
SUMMARY = "Parameterize SQL Queries"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see no reason for the capitalization here.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This becomes the title of the PR and the docs, which are capitalized for consistency.

@drdavella drdavella merged commit e09942c into main Oct 25, 2023
11 checks passed
@drdavella drdavella deleted the small-docs-fixes branch October 25, 2023 17:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clavedeluna clavedeluna clavedeluna approved these changes

@andrecsilva andrecsilva andrecsilva approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@drdavella @andrecsilva @clavedeluna