search

patched-codes / patchwork

Automate development gruntwork like code reviews, patching and documentation with LLM workflows.
https://patched.codes
GNU Affero General Public License v3.0
813 stars 47 forks source link

PatchWork AutoFix #620

Closed patched-admin closed 3 weeks ago

patched-admin commented 3 weeks ago

This pull request from patched fixes 3 issues.

* File changed: [patchwork/app.py](https://github.com/patched-codes/patchwork/pull/620/files#diff-839e90b808d34e4cf447eff0896161788ccfc6e1f2970be2e551b64ba413a503)
Fix vulnerability by avoiding dynamic values in importlib.import_module() Avoided dynamic values in importlib.import_module() by using spec_from_file_location() and module_from_spec() to load modules safely.
* File changed: [patchwork/common/utils/step_typing.py](https://github.com/patched-codes/patchwork/pull/620/files#diff-4490efb269fda5b75b1edc5f5fa275d34675bca1ffbb22e06829384e562205ff)
Fix vulnerability related to untrusted user input in importlib.import_module() Avoided using f-string with dynamic values in importlib.import_module()
* File changed: [patchwork/common/utils/dependency.py](https://github.com/patched-codes/patchwork/pull/620/files#diff-6ad070db06c1de59a1e0b0b199944f057089f121f94abdf817a0845e3c5d81f6)
Fix vulnerability by avoiding dynamic input in `importlib.import_module()` Removed dynamic input in `importlib.import_module()` by using a whitelist to prevent running untrusted code.
codelion commented 3 weeks ago

Make the sure all new methods have docstrings.