-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement codemod for sslcontext-minimum-version #19
Conversation
@@ -122,3 +122,16 @@ def leave_Call(self, original_node: cst.Call, updated_node: cst.Call): | |||
return new_node | |||
|
|||
return updated_node | |||
|
|||
def leave_Assign(self, original_node, updated_node): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adding individual handlers like this does not feel like a viable long-term solution.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The goal is that we're going to get to a point that we have all of these cases. Right now most (all?) our api based codemods related to a func/method call so leave_Call is appropriate. Your case is new so we need this. I think the django debug / session cookies codemods are similar and maybe we need to move those to the new api too
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm hoping that we can handle this via clever metaprogramming somehow (maybe with __getattr__
?) rather than having to override each possible method explicitly.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, can be done with metaprogramming. Either use the __dict__
directly (and recursively over all the mro()
classes), or use the getmembers
from the inspect
module.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes that is another possibility. There are a variety of ways to approach this problem.
c93b7dd
to
9a92c04
Compare
9a92c04
to
0c31f47
Compare
0c31f47
to
0c5050c
Compare
Overview
Implement new codemod for
sslcontext-minimum-version
Description
SSLContext.minimum_version
is set to an insecure version of SSL/TLSmaximum_version
could also be set to a bad version. This is a bit of a philosophical question but it feels like that should be handled by a separate codemod