-
Techs
Python, Flask, sqlite3 -
Code
vulpy/libuser.py at 5249cc8b05a1c37f6b2f757b1cf16a509c327122 · fportantier/vulpy · GitHub -
Error observed
SonarCloud is not adding this as a finding, there are a couple red flags, like a SQL query being formatted and cursor.execute being executed without parameters. -
Steps to reproduce
$ docker run --rm -v vulpy:/usr/src -e SONAR_HOST_URL=“https://sonarcloud.io/” -e SONAR_LOGIN="${SONAR_TOKEN}" sonarsource/sonar-scanner-cli -Dsonar.organization= -Dsonar.projectKey=
Hi @rsprudencio,
Welcome to our community, and thanks for reporting the problem you are facing.
The expected issues are not raised because the bad
and good
folders don’t contain any __init__.py
file, and they are not seen as packages (see 6. Modules — Python 3.10.4 documentation).
Because of this, when in bad/mod_user.py
the module libuser
is imported, there is an ambiguity about which libuser
should be analyzed, if the one in bad
or the one in good
.
You should be able to raise the issues by adding the __init__.py
file inside the two folders and by importing the libuser
with from bad import libuser
.
Another option is to keep the project as it is and scan the good
and the bad
folder separately as if they were two separate projects.
Cheers,
Roberto
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.