From 586422a05397e502dcda678407db20efef06e748 Mon Sep 17 00:00:00 2001 From: Daniel D'Avella Date: Wed, 25 Oct 2023 10:05:24 -0400 Subject: [PATCH] Minor updates to the docs and script --- src/codemodder/scripts/generate_docs.py | 3 +++ src/core_codemods/docs/pixee_python_sql-parameterization.md | 2 +- src/core_codemods/docs/pixee_python_use-defusedxml.md | 2 +- src/core_codemods/sql_parameterization.py | 2 +- 4 files changed, 6 insertions(+), 3 deletions(-) diff --git a/src/codemodder/scripts/generate_docs.py b/src/codemodder/scripts/generate_docs.py index b819a554..821c0402 100644 --- a/src/codemodder/scripts/generate_docs.py +++ b/src/codemodder/scripts/generate_docs.py @@ -184,6 +184,9 @@ def main(): registry = load_registered_codemods() for codemod in registry.codemods: + if codemod.name == "order-imports": + continue + doc = generate_docs(codemod) codemod_doc_name = f"{codemod.id.replace(':', '_').replace('/', '_')}.md" with open(parent_dir / codemod_doc_name, "w", encoding="utf-8") as f: diff --git a/src/core_codemods/docs/pixee_python_sql-parameterization.md b/src/core_codemods/docs/pixee_python_sql-parameterization.md index b3c8603f..fd5a4d98 100644 --- a/src/core_codemods/docs/pixee_python_sql-parameterization.md +++ b/src/core_codemods/docs/pixee_python_sql-parameterization.md @@ -1,6 +1,6 @@ This codemod refactors SQL statements to be parameterized, rather than built by hand. -Without parameterization, developers must remember to escape string inputs using the rules for that column type and database. This usually results in bugs -- and sometimes vulnerability. Although it's not clear if this code is exploitable today, this change will make the code more robust in case the conditions which prevent exploitation today ever go away. +Without parameterization, developers must remember to escape string inputs using the rules for that column type and database. This usually results in bugs -- and sometimes vulnerabilities. Although we can't tell for sure if your code is actually exploitable, this change will make the code more robust in case the conditions which prevent exploitation today ever go away. Our changes look something like this: diff --git a/src/core_codemods/docs/pixee_python_use-defusedxml.md b/src/core_codemods/docs/pixee_python_use-defusedxml.md index a5981729..a0a1eb61 100644 --- a/src/core_codemods/docs/pixee_python_use-defusedxml.md +++ b/src/core_codemods/docs/pixee_python_use-defusedxml.md @@ -1,4 +1,4 @@ -You might be surprised to learn that Python's standard library XML libraries are +You might be surprised to learn that Python's built-in XML libraries are [considered insecure](https://docs.python.org/3/library/xml.html#xml-vulnerabilities) against various kinds of attacks. diff --git a/src/core_codemods/sql_parameterization.py b/src/core_codemods/sql_parameterization.py index c6ae7c62..1c22fe5e 100644 --- a/src/core_codemods/sql_parameterization.py +++ b/src/core_codemods/sql_parameterization.py @@ -34,7 +34,7 @@ class SQLQueryParameterization(BaseCodemod, UtilsMixin, Codemod): - SUMMARY = "Parameterize SQL queries." + SUMMARY = "Parameterize SQL Queries" METADATA = CodemodMetadata( DESCRIPTION=SUMMARY, NAME="sql-parameterization",