-
Techs
Python, Flask, sqlite3 -
Code
vulpy/libuser.py at 5249cc8b05a1c37f6b2f757b1cf16a509c327122 · fportantier/vulpy · GitHub -
Error observed
SonarCloud is not adding this as a finding, there are a couple red flags, like a SQL query being formatted and cursor.execute being executed without parameters. -
Steps to reproduce
$ docker run --rm -v vulpy:/usr/src -e SONAR_HOST_URL=“https://sonarcloud.io/” -e SONAR_LOGIN="${SONAR_TOKEN}" sonarsource/sonar-scanner-cli -Dsonar.organization= -Dsonar.projectKey=
Hi @rsprudencio,
Welcome to our community, and thanks for reporting the problem you are facing.
The expected issues are not raised because the bad and good folders don’t contain any __init__.py file, and they are not seen as packages (see 6. Modules — Python 3.10.4 documentation).
Because of this, when in bad/mod_user.py the module libuser is imported, there is an ambiguity about which libuser should be analyzed, if the one in bad or the one in good.
You should be able to raise the issues by adding the __init__.py file inside the two folders and by importing the libuser with from bad import libuser.
Another option is to keep the project as it is and scan the good and the bad folder separately as if they were two separate projects.
Cheers,
Roberto
2 Likes
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.