Merged
Conversation
Addresses all 25 open SonarCloud code issues and the corresponding Codacy findings: - Reduce cognitive complexity (S3776) by extracting helpers in diagram_mermaid_parser, diagram_scene, build_plugin_menu, ssh_command_widget, ssh_file_viewer_widget, and both pull_text methods. - Extract duplicate literals (S1192) in i18n dicts. - Bound regex quantifiers in the mermaid parser to prevent ReDoS (S5852). - Remove unused variable nw (S1481), redundant list() calls (S7504), commented code (S125), always-True identity check (S5727). - Rename KeyType -> key_cls (S117); list() -> [] (S7498); dict comprehension -> dict.fromkeys (S7519). - Log rejected SSH key types instead of silent continue (Bandit B112). - Bind free-port probe socket to 127.0.0.1 (Semgrep bind-all-interfaces). - Remove unused pytest/sys/Path imports. - Add [tool.bandit] in pyproject.toml to skip B101/B404 and exclude tests. - Annotate intentional subprocess callsites with # nosec and rationale. - Annotate scheme-detection http literal and SSRF-validated urlopen.
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | -4 |
| Duplication | 0 |
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
Addresses PR #122 follow-up findings: - Sonar S7519: use dict.fromkeys in _assign_layers. - Codacy duplication gate (new-code 4.8% > 3%): extract load_private_key to ssh_key_loader.py (used by both ssh_command_widget and ssh_file_viewer_widget) and pump_message_queue to queue_pump.py (used by both python_task_process_manager and test_pioneer_process_manager). - Add # nosemgrep alongside # nosec on every intentional subprocess callsite so Semgrep's dangerous-subprocess/spawn-process/non-literal rules stop firing.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
safe_download_image).try/except/continuenow logs, free-port probe binds to127.0.0.1, Sphinxcopyrightgets# noqa: A001.[tool.bandit](excludestest/, skips B101/B404) and per-callsite# nosec/# nosemgrepannotations with rationale on every intentional subprocess spawn and the plugin-registryimport_modulecall.Test plan
python -m pytest test/test_utils/ -v— 49 passedpython -m ruff check pybreeze/— cleanAZ2SNbLpqLdx4W_f2Svm/n/o,AZ2SNbLQqLdx4W_f2Svl) as Reviewed: Safe in the Sonar UI if they don't auto-resolve