rspec/rules/S4823/comments-and-links.adoc

=== on 4 Sep 2018, 10:57:29 Alexandre Gigleux wrote:
\[~nicolas.harraudeau] Review

On which part of the code are we going to raise issues? Each time there is a command line executed taking some arguments or on each arguments of the command line? This needs to be clarify maybe by providing an example of command line execution using arguments.

=== on 25 Sep 2019, 16:55:57 Prakash Reddy Barri wrote:
Hi Team,


We have this security hotspot in our python source code and have validators framework configured to validate the command line arguments.


Here is the sample snippet.


*pip install validator-collection*


*from validator_collection import validators, checkers*


*validators.ipv4(sys.argv[1])*


But sonar still complains about input sanity, Please let us know which framework to use.


Thanks,


ABC


 


 


 


 


 

=== on 30 Sep 2019, 17:55:24 Nicolas Harraudeau wrote:
Hi [~prakash951],


Security Hotspots guide developers during their Code Review so that they can easily spot security sensitive code. You can find more information in [the documentation| \https://docs.sonarqube.org/latest/user-guide/security-hotspots/].


Next time could you please post your question on https://community.sonarsource.com/? It is our community support forum.

=== on 1 Oct 2019, 08:48:00 Prakash Reddy Barri wrote:
Hi Nicolas,


Thanks for the information.


 


 

=== on 27 May 2020, 16:43:45 Eric Therond wrote:
Deprecated because it overlaps with SonarSecurity