pyscg 06_logging, updated titles as part of #1017#1063
Conversation
Signed-off-by: Helge Wehder <helge.wehder@ericsson.com>
fixed linting Signed-off-by: myteron <myteron@gmail.com>
BartKaras1128
left a comment
BartKaras1128
left a comment
There was a problem hiding this comment.
Left a few comments of references that were missed.
docs/Secure-Coding-Guide-for-Python/06_logging/pyscg-0021/README.md
Outdated
Show resolved
Hide resolved
docs/Secure-Coding-Guide-for-Python/06_logging/pyscg-0050/README.md
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
This need to be done in the actual code example too I'd say
| # For more details, check CWE-693/CWE-778: Implement Informative Event Logging |
There was a problem hiding this comment.
TODO: add comment to line noncompliant02.py line 102 in the readme.md and line 18 in the .py
docs/Secure-Coding-Guide-for-Python/06_logging/pyscg-0050/README.md
Outdated
Show resolved
Hide resolved
…ME.md Co-authored-by: Bartlomiej Karas <moezarts@gmail.com> Signed-off-by: myteron <myteron@gmail.com>
…ME.md Co-authored-by: Bartlomiej Karas <moezarts@gmail.com> Signed-off-by: myteron <myteron@gmail.com>
…ME.md Co-authored-by: Bartlomiej Karas <moezarts@gmail.com> Signed-off-by: myteron <myteron@gmail.com>
…ME.md Co-authored-by: Bartlomiej Karas <moezarts@gmail.com> Signed-off-by: myteron <myteron@gmail.com>
|
reviewing |
s19110
left a comment
s19110
left a comment
There was a problem hiding this comment.
One file needs fixing. I also left one optional suggestion.
There was a problem hiding this comment.
I wonder if we should direct users to the CWEs or our rules that are based on those CWEs. Those would be:
CWE-390 = pyscg-0016
CWE-117 = pyscg-0022
CWE-532 = pyscg-0019
I think the intial intention was to link to our rules, which shared the names with CWEs but both approaches work in my opinion. Linking to our rules could be slightly better since we would provide a Python-specific solution, though.
There was a problem hiding this comment.
going to address this in code example and readme
| <<<<<<< HEAD | ||
| * *[pyscg-0050: Generation of Error Message Containing Sensitive Information](../../06_logging/pyscg-0050/README.md)* | ||
| * *[pyscg-0040: Trust Boundary Violation](../../01_introduction/pyscg-0040/README.md)* | ||
| ======= | ||
| * *[pyscg-0050: Sanitize Error Output to Prevent Information Disclosure](../../06_logging/pyscg-0050/README.md)* | ||
| * *[pyscg-0040: Use Process Isolation for Trust Zones](../../01_introduction/pyscg-0040/README.md)* |
There was a problem hiding this comment.
Looks like an unresolved merge conflict 😉
It should probably look like this instead:
| <<<<<<< HEAD | |
| * *[pyscg-0050: Generation of Error Message Containing Sensitive Information](../../06_logging/pyscg-0050/README.md)* | |
| * *[pyscg-0040: Trust Boundary Violation](../../01_introduction/pyscg-0040/README.md)* | |
| ======= | |
| * *[pyscg-0050: Sanitize Error Output to Prevent Information Disclosure](../../06_logging/pyscg-0050/README.md)* | |
| * *[pyscg-0040: Use Process Isolation for Trust Zones](../../01_introduction/pyscg-0040/README.md)* | |
| * *[pyscg-0050: Sanitize Error Output to Prevent Information Disclosure](../../06_logging/pyscg-0050/README.md)* | |
| * *[pyscg-0040: Use Process Isolation for Trust Zones](../../01_introduction/pyscg-0040/README.md)* |
There was a problem hiding this comment.
going to address this.
Signed-off-by: Helge Wehder <helge.wehder@ericsson.com>
Signed-off-by: myteron <helge.wehder@ericsson.com>
3 participants
Updating titles as per #1017