Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement codemod for sslcontext-minimum-version #19

Merged
merged 2 commits into from
Sep 6, 2023
Merged

Implement codemod for sslcontext-minimum-version #19

merged 2 commits into from
Sep 6, 2023

Conversation

drdavella
Copy link
Member

@drdavella drdavella commented Sep 5, 2023
edited
Loading

Overview

Implement new codemod for sslcontext-minimum-version

Description

  • This fixes the case where SSLContext.minimum_version is set to an insecure version of SSL/TLS
  • In theory the maximum_version could also be set to a bad version. This is a bit of a philosophical question but it feels like that should be handled by a separate codemod

@drdavella drdavella marked this pull request as ready for review September 5, 2023 19:47
drdavella
drdavella commented Sep 5, 2023
View reviewed changes
src/codemodder/codemods/api/__init__.py
@@ -122,3 +122,16 @@ def leave_Call(self, original_node: cst.Call, updated_node: cst.Call):
return new_node

return updated_node

def leave_Assign(self, original_node, updated_node):
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding individual handlers like this does not feel like a viable long-term solution.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The goal is that we're going to get to a point that we have all of these cases. Right now most (all?) our api based codemods related to a func/method call so leave_Call is appropriate. Your case is new so we need this. I think the django debug / session cookies codemods are similar and maybe we need to move those to the new api too

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm hoping that we can handle this via clever metaprogramming somehow (maybe with __getattr__?) rather than having to override each possible method explicitly.

Copy link
Contributor

@andrecsilva andrecsilva Sep 6, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, can be done with metaprogramming. Either use the __dict__ directly (and recursively over all the mro() classes), or use the getmembers from the inspect module.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes that is another possibility. There are a variety of ways to approach this problem.

@andrecsilva andrecsilva self-requested a review September 6, 2023 13:57
@drdavella drdavella merged commit d607ac6 into main Sep 6, 2023
6 checks passed
@drdavella drdavella deleted the sslcontext-minimum-version branch September 6, 2023 15:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrecsilva andrecsilva andrecsilva approved these changes

@clavedeluna clavedeluna clavedeluna approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@drdavella @andrecsilva @clavedeluna