Modify rule S2317: LaYC format (#2677)

2023-08-08 11:11:03 +02:00 · 2023-08-08 11:11:03 +02:00 · 5aa384f99e
commit 5aa384f99e
parent 75bfbc1ea2
1 changed files with 14 additions and 4 deletions
--- a/rules/S2317/python/rule.adoc
+++ b/rules/S2317/python/rule.adoc
@ -1,19 +1,29 @@
+This rule raises an issue when the exec statement is used.
+
 == Why is this an issue?

 Use of the ``++exec++`` statement could be dangerous, and should be avoided. Moreover, the ``++exec++`` statement was removed in Python 3.0. Instead, the built-in ``++exec()++`` function can be used.

+Use of the ``++exec++`` statement is strongly discouraged for several reasons such as:

-=== Noncompliant code example
+* *Security Risks:* Executing code from a string opens up the possibility of code injection attacks.
+* *Readability and Maintainability:* Code executed with ``++exec++`` statement is often harder to read and understand since it is not explicitly written in the source code.
+* *Performance Implications:* The use of ``++exec++`` statement can have performance implications since the code is compiled and executed at runtime.
+* *Limited Static Analysis:* Since the code executed with ``++exec++`` statement is only known at runtime, static code analysis tools may not be able to catch certain errors or issues, leading to potential bugs.

-[source,python]
+=== Code examples
+
+==== Noncompliant code example
+
+[source,python,diff-id=1,diff-type=noncompliant]
 ----
 exec 'print 1' # Noncompliant
 ----


-=== Compliant solution
+==== Compliant solution

-[source,python]
+[source,python,diff-id=1,diff-type=compliant]
 ----
 exec('print 1')
 ----