-
Techs
Python, Flask, sqlite3 -
Code
vulpy/libuser.py at 5249cc8b05a1c37f6b2f757b1cf16a509c327122 · fportantier/vulpy · GitHub -
Error observed
SonarCloud is not adding this as a finding, there are a couple red flags, like a SQL query being formatted and cursor.execute being executed without parameters. -
Steps to reproduce
$ docker run --rm -v vulpy:/usr/src -e SONAR_HOST_URL=“https://sonarcloud.io/” -e SONAR_LOGIN="${SONAR_TOKEN}" sonarsource/sonar-scanner-cli -Dsonar.organization= -Dsonar.projectKey=
Hi @rsprudencio,
Welcome to our community, and thanks for reporting the problem you are facing.
The expected issues are not raised because the bad
and good
folders don’t contain any __init__.py
file, and they are not seen as packages (see 6. Modules — Python 3.10.4 documentation).
Because of this, when in bad/mod_user.py
the module libuser
is imported, there is an ambiguity about which libuser
should be analyzed, if the one in bad
or the one in good
.
You should be able to raise the issues by adding the __init__.py
file inside the two folders and by importing the libuser
with from bad import libuser
.
Another option is to keep the project as it is and scan the good
and the bad
folder separately as if they were two separate projects.
Cheers,
Roberto