Skip to content

Linters 2 #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Linters 2 #12

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
639eafb
test semgrep for directly-returned-format-string and nan-injection
alexcoderabbitai Oct 11, 2024
791cad9
trigger with linter
alexcoderabbitai Oct 11, 2024
29217a7
test with new workflow
alexcoderabbitai Oct 12, 2024
746a5a1
more tests
alexcoderabbitai Oct 12, 2024
9db563f
use black --diff
alexcoderabbitai Oct 12, 2024
b2c002c
test something new
alexcoderabbitai Oct 12, 2024
fd59353
remove the file stuff
alexcoderabbitai Oct 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 13 additions & 21 deletions .github/workflows/linters.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,28 +4,10 @@ name: Linters
on:
workflow_dispatch:
pull_request:
branches:
- main
push:
branches:
- main

jobs:
# TODO: Fix Bandit Vulns
"Bandit":
runs-on: ubuntu-latest
container: python:3.11

steps:
- uses: actions/checkout@v2

- name: Bandit check
uses: jpetrucciani/bandit-check@master
with:
path: "app.py"
bandit_flags: "-lll"

"Black":
Black:
runs-on: ubuntu-latest
container: python:3.11

Expand All @@ -35,5 +17,15 @@ jobs:
- name: Install dependencies
run: pip install black

- name: Run black check
run: black --check .
- name: Run Black diff and create detailed annotations
run: |
# Run black with --diff and capture the output
black --diff . | tee diff_output.txt

# Display the diff output directly in logs (helpful for debugging)
echo "::error::Black found code style issues. See the diff below:"
cat diff_output.txt

# Run black --check and fail the job if Black finds issues
- name: Run black check to enforce formatting
run: black --check .
50 changes: 1 addition & 49 deletions app.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -446,55 +446,7 @@ def megaitemnames():
)
)


@app.route("/petshoppinglist", methods=["GET", "POST"])
def petshoppinglist():
return redirect("https://saddlebagexchange.com/wow/shopping-list")

# DEPRECIATED
if request.method == "GET":
return return_safe_html(render_template("petshoppinglist.html"))
elif request.method == "POST":
json_data = {
"region": request.form.get("region"),
"itemID": int(request.form.get("petID")),
"maxPurchasePrice": int(request.form.get("maxPurchasePrice")),
"connectedRealmIDs": {},
}

response = requests.post(
f"{api_url}/wow/shoppinglistx",
headers={"Accept": "application/json"},
json=json_data,
).json()

if "data" not in response:
logger.error(
f"Error no matching data with given inputs {json_data} response {response}"
)
if NO_RATE_LIMIT:
return f"Error no matching data with given inputs {json_data} response {response}"
# send generic error message to remove XSS potential
return f"error no matching results found matching search inputs"

response = response["data"]

column_order = [
"realmID",
"price",
"quantity",
"realmName",
"realmNames",
"link",
]
response = [{key: item.get(key) for key in column_order} for item in response]
fieldnames = list(response[0].keys())

return return_safe_html(
render_template(
"petshoppinglist.html", results=response, fieldnames=fieldnames, len=len
)
)



@app.route("/petmarketshare", methods=["GET", "POST"])
Expand Down
53 changes: 53 additions & 0 deletions routes/wow.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -90,4 +90,57 @@ def wow_outofstock_api():
fieldnames=fieldnames,
len=len,
)
)

@wow_bp.route("/petshoppinglist", methods=["GET", "POST"])
def petshoppinglist():
# return redirect("https://saddlebagexchange.com/wow/shopping-list")

# DEPRECIATED
if request.method == "GET":
return return_safe_html(render_template("petshoppinglist.html"))
elif request.method == "POST":
Comment on lines +95 to +102
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Remove or update deprecated route

The route is marked as deprecated but still being added. The commented redirect suggests moving to a new URL.

Either:

  1. Implement the redirect
  2. Remove the deprecated route
  3. Remove the deprecated comment if still needed
@wow_bp.route("/petshoppinglist", methods=["GET", "POST"])
def petshoppinglist():
-    # return redirect("https://saddlebagexchange.com/wow/shopping-list")
-    # DEPRECIATED
+    return redirect("https://saddlebagexchange.com/wow/shopping-list", code=301)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
@wow_bp.route("/petshoppinglist", methods=["GET", "POST"])
def petshoppinglist():
# return redirect("https://saddlebagexchange.com/wow/shopping-list")
# DEPRECIATED
if request.method == "GET":
return return_safe_html(render_template("petshoppinglist.html"))
elif request.method == "POST":
@wow_bp.route("/petshoppinglist", methods=["GET", "POST"])
def petshoppinglist():
return redirect("https://saddlebagexchange.com/wow/shopping-list", code=301)

json_data = {
"region": request.form.get("region"),
"itemID": int(request.form.get("petID")),
"maxPurchasePrice": int(request.form.get("maxPurchasePrice")),
"connectedRealmIDs": {},
}
Comment on lines +103 to +108
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Add input validation for form data

The route accepts form data without validation. Consider adding proper validation:

+ from typing import Optional
+ from dataclasses import dataclass
+ from flask import abort

+ @dataclass
+ class ShoppingListRequest:
+     region: str
+     item_id: int
+     max_purchase_price: int
+     
+     @classmethod
+     def from_form(cls, form_data) -> Optional['ShoppingListRequest']:
+         try:
+             return cls(
+                 region=form_data.get('region'),
+                 item_id=int(form_data.get('petID')),
+                 max_purchase_price=int(form_data.get('maxPurchasePrice'))
+             )
+         except (ValueError, TypeError):
+             return None

def petshoppinglist():
    if request.method == "POST":
+        data = ShoppingListRequest.from_form(request.form)
+        if not data:
+            abort(400, description="Invalid input data")
         json_data = {
-            "region": request.form.get("region"),
-            "itemID": int(request.form.get("petID")),
-            "maxPurchasePrice": int(request.form.get("maxPurchasePrice")),
+            "region": data.region,
+            "itemID": data.item_id,
+            "maxPurchasePrice": data.max_purchase_price,
             "connectedRealmIDs": {},
         }

Committable suggestion skipped: line range outside the PR's diff.


print(json_data)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Replace print statements with proper logging

Debug print statements should be replaced with proper logging:

+ import logging
+ logger = logging.getLogger(__name__)

- print(json_data)
+ logger.debug("Processing shopping list request with data: %s", json_data)

- print(response)
+ logger.debug("Received API response: %s", response)

- print(f"Error no matching data with given inputs {json_data} response {response}")
+ logger.error("No matching data found. Inputs: %s, Response: %s", json_data, response)

Also applies to: 118-118, 121-123


response = requests.post(
f"{api_url}/wow/shoppinglistx",
headers={"Accept": "application/json"},
json=json_data,
).json()

print(response)

if "data" not in response:
print(
f"Error no matching data with given inputs {json_data} response {response}"
)
if NO_RATE_LIMIT:
return f"Error no matching data with given inputs {json_data} response {response}"
# send generic error message to remove XSS potential
return f"error no matching results found matching search inputs"
Comment on lines +124 to +127
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Security: Remove detailed error exposure

When NO_RATE_LIMIT is True, the error message exposes internal data (json_data and response) which could contain sensitive information.

-            if NO_RATE_LIMIT:
-                return f"Error no matching data with given inputs {json_data} response {response}"
-            # send generic error message to remove XSS potential
-            return f"error no matching results found matching search inputs"
+            return "No matching results found for the given search criteria"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
if NO_RATE_LIMIT:
return f"Error no matching data with given inputs {json_data} response {response}"
# send generic error message to remove XSS potential
return f"error no matching results found matching search inputs"
return "No matching results found for the given search criteria"


response = response["data"]

column_order = [
"realmID",
"price",
"quantity",
"realmName",
"realmNames",
"link",
]
response = [{key: item.get(key) for key in column_order} for item in response]
fieldnames = list(response[0].keys())

return return_safe_html(
render_template(
"petshoppinglist.html", results=response, fieldnames=fieldnames, len=len
)
)
Loading
Loading