You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Many of Dlint's checks looking for code execution bugs due to user input aren't insecure if its argument is a constant string. E.g. eval("2+2"). There are a few linters where this is the case:
$ rg 'constant string'
docs/linters/DUO120.md
36:* Code may be safe if data passed to `marshal` is a constant string
docs/linters/DUO119.md
36:* Code may be safe if data passed to `shelve` is a constant string
docs/linters/DUO106.md
41:* Code may be safe if data passed to `os.system` is a constant string
docs/linters/DUO103.md
36:* Code may be safe if data passed to `pickle` is a constant string
docs/linters/DUO104.md
35:* Code may be safe if data passed to `eval` is a constant string
docs/linters/DUO105.md
42:* Code may be safe if data passed to `exec` is a constant string
docs/linters/DUO110.md
43:* Code may be safe if data passed to `compile` is a constant string and limits data size
We should consider adding logic to these linters to prevent false positives when the argument is a constant string.
The text was updated successfully, but these errors were encountered:
Many of Dlint's checks looking for code execution bugs due to user input aren't insecure if its argument is a constant string. E.g.
eval("2+2"). There are a few linters where this is the case:We should consider adding logic to these linters to prevent false positives when the argument is a constant string.
The text was updated successfully, but these errors were encountered: