language-servers/ruff - Forgejo: Beyond coding. We Forge.

language-servers/ruff

Fork 0

mirror of https://github.com/astral-sh/ruff.git synced 2025-09-27 12:29:28 +00:00

Commit graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Charlie Marsh	113610a8d4	Improve hardcoded-sql-expression documentation	2023-02-10 18:03:01 -05:00
Matt Oberle	fc628de667	Implement bandit's 'hardcoded-sql-expressions' S608 (#2698 ) This is an attempt to implement `bandit` rule `B608` (renamed here `S608`). - https://bandit.readthedocs.io/en/latest/plugins/b608_hardcoded_sql_expressions.html The rule inspects strings constructed via `+`, `%`, `.format`, and `f""`. - `+` and `%` via `BinOp` - `.format` via `Call` - `f""` via `JoinedString` Any SQL-ish strings that use Python string formatting are flagged. The expressions and targeted expression types for the rule come from here: - `7104b336d3/bandit/plugins/injection_sql.py` > Related Issue: https://github.com/charliermarsh/ruff/issues/1646	2023-02-09 19:28:17 -05:00

Charlie Marsh

113610a8d4

Improve hardcoded-sql-expression documentation

2023-02-10 18:03:01 -05:00

Matt Oberle

fc628de667

Implement bandit's 'hardcoded-sql-expressions' S608 (#2698 )

This is an attempt to implement `bandit` rule `B608` (renamed here `S608`).
- https://bandit.readthedocs.io/en/latest/plugins/b608_hardcoded_sql_expressions.html

The rule inspects strings constructed via `+`, `%`, `.format`, and `f""`.

- `+` and `%` via `BinOp`
- `.format` via `Call`
- `f""` via `JoinedString`

Any SQL-ish strings that use Python string formatting are flagged.

The expressions and targeted expression types for the rule come from here:
- 7104b336d3/bandit/plugins/injection_sql.py

> Related Issue: https://github.com/charliermarsh/ruff/issues/1646

2023-02-09 19:28:17 -05:00

2 commits