securesauce / precaution-beta

Precaution provides a simple, automated code review for GitHub projects by running code linters with a security focus on pull requests.
Other
1 stars 0 forks source link

Handle invalid python files with syntax errors #145

Closed MVrachev closed 5 years ago

MVrachev commented 5 years ago

Related to: https://github.com/vmware/precaution/issues/142

This pull request fixes an issue when scanning Python code with syntax errors. If there are invalid python files they will be annotated at their begging like this:

image

The error annotation is with high severity and confidence and that way the check run will fail because of this issue.

Signed-off-by: Martin Vrachev mvrachev@vmware.com

MVrachev commented 5 years ago

In your commit messages, please keep it less like a dialog and more to the point on what the PR is fixing.

s/AST three/AST

"Before we didn't check" - this sounds redundant because every bug fix could start that way.

Are we checking the exit code of the process that we spawn?

I edited the pr message.

Unfortunately, we can't use the exit code of the Bandit and Gosec processes... :(

I ran Bandit on two invalid files and checked the exit code of the command:

image

I did the same think with Gosec:

image

ericwb commented 5 years ago

In your PR message This issue is easily resolved when using Bandit but the situation with Gosec is a little more complicated. I will try to create a patch for this there.

This sounds like you're casually talking to someone and not describing the fix.

When this pr is merged - no need to state this as this would end up in the history and read funny.

This pull request gives a solution when scanning invalid python code - just state This fixes an issue when scanning Python code with syntax errors

MVrachev commented 5 years ago

I closed the pull request by accident.

I will do as you suggested. I will just create an error annotation that will show on the top of the invalid file and that way we can report the other issues we find.

MVrachev commented 5 years ago

Sadly, if the start line and end line in one annotation are 0 then the annotation won't show up in the "Files Changed" tab.

I tried to use start line 0 and end line 1 but the result was that the annotation showed like a mistake on line 1: image

So yes, we are stuck with the "Error syntax" annotations to be shown on line 1...