Skip to content

feat: address suggestions from SonarCloud #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
meleksabit wants to merge 35 commits into from
Closed

feat: address suggestions from SonarCloud #44

meleksabit wants to merge 35 commits into from

Conversation

@meleksabit
Copy link
Owner

@meleksabit meleksabit commented Nov 28, 2024

No description provided.

meleksabit and others added 30 commits August 29, 2024 02:19
@meleksabit
add devsecops_pipeline.py
b58cc9f
@meleksabit
add devsecops-pipeline workflow
8c039b1
@meleksabit
Merge branch 'main' into dev
6fe591f
@meleksabit
replace sonarqube with bandit
d3e5daf
@meleksabit
edit cron job
bfc3f90
@meleksabit
add comment for the cron job
80ec32c
@meleksabit
Merge branch 'main' into dev
4719684
@meleksabit
add Git Guardian workflow
b57b3ca
@meleksabit
Merge branch 'main' into dev
6f43c71
@meleksabit
edit Git Guardian workflow
0e76968
@meleksabit
edit Git Guardian workflow
b96d528
@meleksabit
edit Git Guardian workflow
da6d3fd
@meleksabit
edit Git Guardian workflow
e436b3f
@meleksabit
edit Git Guardian workflow
caf63b1
@meleksabit
edit Git Guardian workflow
54081f3
@meleksabit
edit Git Guardian workflow
6a283a0
@meleksabit
edit Git Guardian workflow
1392fd1
@meleksabit
edit Git Guardian workflow
7b1f5a0
@meleksabit
edit README file
b047d2f
@meleksabit
Merge branch 'main' into dev
846feeb
@meleksabit
edit DevSecOps pipeline
aa79a35
@meleksabit
edit release badge
0bf5315
@meleksabit
Merge branch 'main' into dev
76cf414
@meleksabit
add .gitignore file
a297c87
@meleksabit
Merge branch 'main' into dev
ed02de5
@meleksabit
add PR Title Linter
73401cd
@meleksabit
Merge branch 'main' into dev
819522f
@meleksabit
add status badge for PR Linter
e95ba0b
@meleksabit
Merge branch 'main' into dev
e612e23
@meleksabit
add SonarCloud implementation
0f06241
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 28, 2024
View reviewed changes
strong_passgen_for_prod.py
print("Strong Password: ", password)

# Output the generated password
print("Strong Password:", password)

Check failure

Code scanning / CodeQL

Clear-text logging of sensitive information High

This expression logs
sensitive data (password)
Loading
as clear text.

Copilot Autofix

AI about 1 year ago

To fix the problem, we should avoid logging the generated password in clear text. Instead, we can log a message indicating that a password has been generated without revealing the actual password. This way, we maintain the functionality of informing the user that a password has been generated without exposing sensitive information.

We need to modify the code in the file strong_passgen_for_prod.py to replace the line that logs the password with a more secure message.

Suggested changeset 1
strong_passgen_for_prod.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/strong_passgen_for_prod.py b/strong_passgen_for_prod.py
--- a/strong_passgen_for_prod.py
+++ b/strong_passgen_for_prod.py
@@ -49,3 +49,3 @@
 
-# Output the generated password
-print("Strong Password:", password)
+# Output a message indicating that a strong password has been generated
+print("A strong password has been generated successfully.")
EOF
@@ -49,3 +49,3 @@

# Output the generated password
print("Strong Password:", password)
# Output a message indicating that a strong password has been generated
print("A strong password has been generated successfully.")
Copilot is powered by AI and may make mistakes. Always verify output.
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 28, 2024

Quality Gate Failed Quality Gate failed

Failed conditions
1 Security Hotspot
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

@meleksabit meleksabit closed this Nov 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@meleksabit