72 lines
1.4 KiB
Plaintext
72 lines
1.4 KiB
Plaintext
=== on 4 Sep 2018, 10:57:29 Alexandre Gigleux wrote:
|
||
\[~nicolas.harraudeau] Review
|
||
|
||
On which part of the code are we going to raise issues? Each time there is a command line executed taking some arguments or on each arguments of the command line? This needs to be clarify maybe by providing an example of command line execution using arguments.
|
||
|
||
=== on 25 Sep 2019, 16:55:57 Prakash Reddy Barri wrote:
|
||
Hi Team,
|
||
|
||
|
||
We have this security hotspot in our python source code and have validators framework configured to validate the command line arguments.
|
||
|
||
|
||
Here is the sample snippet.
|
||
|
||
|
||
*pip install validator-collection*
|
||
|
||
|
||
*from validator_collection import validators, checkers*
|
||
|
||
|
||
*validators.ipv4(sys.argv[1])*
|
||
|
||
|
||
But sonar still complains about input sanity, Please let us know which framework to use.
|
||
|
||
|
||
Thanks,
|
||
|
||
|
||
ABC
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
=== on 30 Sep 2019, 17:55:24 Nicolas Harraudeau wrote:
|
||
Hi [~prakash951],
|
||
|
||
|
||
Security Hotspots guide developers during their Code Review so that they can easily spot security sensitive code. You can find more information in [the documentation| \https://docs.sonarqube.org/latest/user-guide/security-hotspots/].
|
||
|
||
|
||
Next time could you please post your question on https://community.sonarsource.com/? It is our community support forum.
|
||
|
||
=== on 1 Oct 2019, 08:48:00 Prakash Reddy Barri wrote:
|
||
Hi Nicolas,
|
||
|
||
|
||
Thanks for the information.
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
=== on 27 May 2020, 16:43:45 Eric Therond wrote:
|
||
Deprecated because it overlaps with SonarSecurity
|
||
|