Skip to content

some code #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

some code #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
e22b293
some code
hjrocha Sep 7, 2023
a8a8233
Merge branch 'master' into feature-branch-02
hjrocha May 10, 2024
d8cd50d
Create .codacy.yaml
heliocodacy Jul 8, 2024
fca3efb
add requirements.txt and a bit more code
hjrocha Jul 10, 2024
cb71288
lib removal
heliocodacy Oct 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .codacy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
reviews:
high_level_summary: true
1 change: 1 addition & 0 deletions kotlin/bin/test/com/kheiron/ktbind/NativeBindingsTest.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ abstract class NativeObject : AutoCloseable {
*/
@Suppress("unused")
private val nativePointer: Long = 0
private val testvar123455VariableMVariableMaxLengthVariableMaxLengthaxLengthVariableMaxLengthVariableMaxLengthVariableMaxLengthVariableMaxLengthVariableMaxLengthVariableMaxLengthVariableMaxLengthVariableMaxLengthVariableMaxLengthVariableMaxLength: Long = 0
}

private class TempTest(message: String) : Throwable(message: String) {
Expand Down
1 change: 1 addition & 0 deletions kotlin/src/test/kotlin/com/kheiron/ktbind/NativeBindingsTest.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ abstract class NativeObject : AutoCloseable {
*/
@Suppress("unused")
private val nativePointer: Long = 0
private val testvar123455VariableMVariableMaxLengthVariableMaxLengthaxLengthVariableMaxLengthVariableMaxLengthVariableMaxLengthVariableMaxLengthVariableMaxLengthVariableMaxLengthVariableMaxLengthVariableMaxLengthVariableMaxLengthVariableMaxLength: Long = 0
}

private class TempTest(message: String) : Throwable(message: String) {
Expand Down
17 changes: 16 additions & 1 deletion python/person.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,24 @@
return 'There is no such user'
else:
return self.name[user_id]

Check notice on line 13 in python/person.py

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

python/person.py#L13 

Trailing whitespace
Copy link

@codacy-production codacy-production bot Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ℹ️ Codacy found a minor CodeStyle issue: Trailing whitespace

The issue identified by Pylint is "Trailing whitespace," which means there are extra spaces or tabs at the end of a line that are not necessary. This can lead to code that is harder to read and maintain, and it's generally considered bad practice in Python.

To fix this issue, you should remove any trailing whitespace from the line in question. Since the specific line with the trailing whitespace is not explicitly provided, I will suggest a generic fix that applies to the last line shown in the code fragment.

Here’s the code suggestion to remove the trailing whitespace:

Suggested change
def fibonacci_of(n):

This comment was generated by an experimental AI tool.

def TowerOfHanoi(n , source, destination, auxiliary):
if n==1:
print ("Move disk 1 from source",source,"to destination",destination)
return
TowerOfHanoi(n-1, source, auxiliary, destination)

Check warning on line 18 in python/person.py

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

python/person.py#L18 

undefined name 'TowerOfHanoi' (F821)
Copy link

@codacy-production codacy-production bot Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 Codacy found a high ErrorProne issue: undefined name 'TowerOfHanoi' (F821)

The issue identified by the Prospector linter is that the function TowerOfHanoi is defined without a self parameter, which means it is not a method of the class where get_name is likely defined. In Python, if a function is defined as a method within a class, it must include self as the first parameter to refer to the instance of the class. The linter is flagging the call to TowerOfHanoi because it is not recognized as a defined name in the current scope.

To fix this issue, we need to add the self parameter to the TowerOfHanoi method definition. Here’s the suggested change:

Suggested change
TowerOfHanoi(n-1, source, auxiliary, destination)
def TowerOfHanoi(self, n , source, destination, auxiliary):

This comment was generated by an experimental AI tool.

print ("Move disk",n,"from source",source,"to destination",destination)
TowerOfHanoi(n-1, auxiliary, destination, source)

Check warning on line 20 in python/person.py

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

python/person.py#L20 

undefined name 'TowerOfHanoi' (F821)
Copy link

@codacy-production codacy-production bot Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 Codacy found a high ErrorProne issue: undefined name 'TowerOfHanoi' (F821)

The issue reported by the Prospector linter, "undefined name 'TowerOfHanoi' (F821)," indicates that the function TowerOfHanoi is being called before it is defined. In Python, functions must be defined before they can be called in the same scope.

To fix this issue, you should reference the function using self. since it seems to be a method of a class. Here's the single line change to fix the issue:

Suggested change
TowerOfHanoi(n-1, auxiliary, destination, source)
self.TowerOfHanoi(n-1, auxiliary, destination, source)

This comment was generated by an experimental AI tool.



def fibonacci_of(n):
if n in {0, 1}: # Base case
return n
return fibonacci_of(n - 1) + fibonacci_of(n - 2) # Recursive case

Check warning on line 26 in python/person.py

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

python/person.py#L26 

undefined name 'fibonacci_of' (F821)
Copy link

@codacy-production codacy-production bot Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 Codacy found a high ErrorProne issue: undefined name 'fibonacci_of' (F821)

The issue reported by the Prospector linter indicates that the fibonacci_of function is being referenced before it is defined. In Python, functions must be defined before they are called. In the provided code fragment, the TowerOfHanoi function appears to be defined before the fibonacci_of function, which causes the undefined name 'fibonacci_of' (F821) error.

To fix this issue, we can simply move the definition of the fibonacci_of function above the TowerOfHanoi function. This ensures that fibonacci_of is defined before it is called.

Here is the code suggestion to fix the issue:

        def fibonacci_of(n):
            if n in {0, 1}:  # Base case
                return n
            return fibonacci_of(n - 1) + fibonacci_of(n - 2)  # Recursive case

This comment was generated by an experimental AI tool.


if __name__ == '__main__':
person = Person()
print('User Abbas has been added with id ', person.set_name('Abbas'))
print('User associated with id 0 is ', person.get_name(0))
print('User associated with id 0 is ', person.get_name(0))
eval("person.get_name(0)")

Check warning on line 32 in python/person.py

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

python/person.py#L32 

Use of possibly insecure function - consider using safer ast.literal_eval.
Copy link

@codacy-production codacy-production bot Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Codacy found a medium Security issue: Use of possibly insecure function - consider using safer ast.literal_eval.

The issue with using eval is that it can execute arbitrary code, which poses a significant security risk, especially if any part of the input could be influenced by an external source. This could lead to code injection vulnerabilities. Instead, using ast.literal_eval is safer as it only evaluates literals (strings, numbers, tuples, lists, dicts, booleans, and None) and does not execute any arbitrary code.

To fix the issue, you can replace the eval call with a direct function call, as there is no need to use eval in this context.

Here’s the suggested code change:

Suggested change
eval("person.get_name(0)")
person.get_name(0)

This comment was generated by an experimental AI tool.

eval("fibonacci_of(3)")

Check warning on line 33 in python/person.py

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

python/person.py#L33 

Use of possibly insecure function - consider using safer ast.literal_eval.
Copy link

@codacy-production codacy-production bot Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Codacy found a medium Security issue: Use of possibly insecure function - consider using safer ast.literal_eval.

The issue with using eval is that it executes the string as a Python expression, which can lead to security vulnerabilities if the input is not controlled. An attacker could potentially inject malicious code through the string being evaluated. The Bandit linter suggests using ast.literal_eval, which is a safer alternative that only evaluates literals and is not capable of executing arbitrary code.

To fix the issue, we can replace the eval call with a direct function call to fibonacci_of since we already know the function we want to execute. Here’s the code suggestion:

Suggested change
eval("fibonacci_of(3)")
fibonacci_of(3)

This comment was generated by an experimental AI tool.

3 changes: 3 additions & 0 deletions python/requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
flask==1.0.2

Check warning on line 1 in python/requirements.txt

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

python/requirements.txt#L1 

Insecure dependency pypi/[email protected] (CVE-2023-30861: flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header) (update to 2.2.5)
Copy link
Author

@heliocodacy heliocodacy Apr 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we should upgrade this lib

Copy link

@codacy-production codacy-production bot Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 Codacy found a high Security issue: Insecure dependency pypi/[email protected] (CVE-2023-30861: flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header) (update to 2.2.5)

The issue identified by the Trivy linter indicates that the version of Flask being used (1.0.2) has a security vulnerability (CVE-2023-30861) related to the potential disclosure of permanent session cookies due to the absence of the Vary: Cookie header. This vulnerability can lead to security risks, such as session fixation or exposure of sensitive session data.

To resolve this issue, you should update Flask to a secure version that addresses this vulnerability. The recommended version is 2.2.5.

Here’s the code suggestion to fix the issue:

Suggested change
flask==1.0.2
flask==2.2.5

This comment was generated by an experimental AI tool.

django==1.11.29

Check warning on line 2 in python/requirements.txt

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

python/requirements.txt#L2 

Insecure dependency pypi/[email protected] (CVE-2021-33203: django: Potential directory traversal via ``admindocs``) (update to 2.2.24)

Check warning on line 2 in python/requirements.txt

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

python/requirements.txt#L2 

Insecure dependency pypi/[email protected] (CVE-2022-36359: An issue was discovered in the HTTP FileResponse class in Django 3.2 b ...) (update to 3.2.15)

Check warning on line 2 in python/requirements.txt

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

python/requirements.txt#L2 

Insecure dependency pypi/[email protected] (CVE-2024-45231: python-django: Potential user email enumeration via response status on password reset) (update to 4.2.16)

Check warning on line 2 in python/requirements.txt

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

python/requirements.txt#L2 

Insecure dependency pypi/[email protected] (CVE-2025-48432: django: Django Path Injection Vulnerability) (update to 4.2.22)

Check warning on line 2 in python/requirements.txt

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

python/requirements.txt#L2 

Insecure dependency pypi/[email protected] (CVE-2025-57833: django: Django SQL injection in FilteredRelation column aliases) (update to 4.2.24)
Copy link

@codacy-production codacy-production bot Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 Codacy found a high Security issue: Insecure dependency pypi/[email protected] (CVE-2025-57833: django: Django SQL injection in FilteredRelation column aliases) (update to 4.2.24)

The issue identified by the Trivy linter is a security vulnerability in the specified version of Django (1.11.29). Specifically, it relates to a SQL injection vulnerability in the handling of FilteredRelation column aliases, which could potentially allow an attacker to manipulate SQL queries and gain unauthorized access to data. This vulnerability is documented under CVE-2025-57833. To mitigate this risk, it is recommended to upgrade to a more secure version of Django, specifically 4.2.24, which has addressed this issue.

To fix the issue, you can update the version of Django in your requirements file as follows:

Suggested change
django==1.11.29
django==4.2.24

This comment was generated by an experimental AI tool.

Copy link

@codacy-production codacy-production bot Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Codacy found a medium Security issue: Insecure dependency pypi/[email protected] (CVE-2024-45231: python-django: Potential user email enumeration via response status on password reset) (update to 4.2.16)

The issue identified by the Trivy linter is a security vulnerability in the Django package version 1.11.29. Specifically, it relates to a potential user email enumeration vulnerability during the password reset process, which could allow an attacker to determine whether an email address is registered in the system based on the response status. This is classified under CVE-2024-45231. The recommended fix is to upgrade Django to a more secure version, specifically 4.2.16, which addresses this vulnerability.

To resolve the issue, you should update the Django version in your requirements file. Here’s the suggested one-line change:

Suggested change
django==1.11.29
django==4.2.16

This comment was generated by an experimental AI tool.

Copy link

@codacy-production codacy-production bot Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Codacy found a medium Security issue: Insecure dependency pypi/[email protected] (CVE-2021-33203: django: Potential directory traversal via admindocs) (update to 2.2.24)

The issue identified by the Trivy linter pertains to a vulnerability in Django version 1.11.29, specifically related to CVE-2021-33203. This vulnerability allows for potential directory traversal attacks via the admindocs feature, which could be exploited by an attacker to access sensitive files on the server. To mitigate this security risk, it is recommended to upgrade Django to a secure version, such as 2.2.24, which addresses this vulnerability.

To fix the issue, you can update the version of Django in your requirements file. Here is the suggested code change:

Suggested change
django==1.11.29
django==2.2.24

This comment was generated by an experimental AI tool.

Copy link

@codacy-production codacy-production bot Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Codacy found a medium Security issue: Insecure dependency pypi/[email protected] (CVE-2025-48432: django: Django Path Injection Vulnerability) (update to 4.2.22)

The issue identified by the Trivy linter is a security vulnerability in Django version 1.11.29, specifically related to a Path Injection vulnerability (CVE-2025-48432). This vulnerability can allow an attacker to manipulate file paths, potentially leading to unauthorized access to sensitive files or execution of arbitrary code. It is crucial to update to a more secure version of Django to mitigate this risk.

To fix this issue, you should update the Django version to a secure release, such as 4.2.22, as recommended. Here’s the code suggestion to implement this change:

Suggested change
django==1.11.29
django==4.2.22

This comment was generated by an experimental AI tool.

Copy link

@codacy-production codacy-production bot Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 Codacy found a high Security issue: Insecure dependency pypi/[email protected] (CVE-2022-36359: An issue was discovered in the HTTP FileResponse class in Django 3.2 b ...) (update to 3.2.15)

The issue identified by the Trivy linter is related to a security vulnerability (CVE-2022-36359) present in Django version 1.11.29. This vulnerability affects the HTTP FileResponse class, which could potentially allow an attacker to exploit the application in certain scenarios. The recommended action is to upgrade Django to a more secure version, specifically 3.2.15 or later, where this vulnerability has been addressed.

To resolve this issue, you should update the Django version in your requirements file. Here’s the code suggestion to fix the issue:

Suggested change
django==1.11.29
django==3.2.15

This comment was generated by an experimental AI tool.

requests==2.19.1

Check warning on line 3 in python/requirements.txt

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

python/requirements.txt#L3 

Insecure dependency pypi/[email protected] (CVE-2018-18074: python-requests: Redirect from HTTPS to HTTP does not remove Authorization header) (update to 2.20.0)

Check warning on line 3 in python/requirements.txt

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

python/requirements.txt#L3 

Insecure dependency pypi/[email protected] (CVE-2023-32681: python-requests: Unintended leak of Proxy-Authorization header) (update to 2.31.0)

Check warning on line 3 in python/requirements.txt

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

python/requirements.txt#L3 

Insecure dependency pypi/[email protected] (CVE-2024-35195: requests: subsequent requests to the same host ignore cert verification) (update to 2.32.0)

Check warning on line 3 in python/requirements.txt

View check run for this annotation

Codacy Production / Codacy Static Code Analysis

python/requirements.txt#L3 

Insecure dependency pypi/[email protected] (CVE-2024-47081: requests: Requests vulnerable to .netrc credentials leak via malicious URLs) (update to 2.32.4)
Copy link

@codacy-production codacy-production bot Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 Codacy found a high Security issue: Insecure dependency pypi/[email protected] (CVE-2018-18074: python-requests: Redirect from HTTPS to HTTP does not remove Authorization header) (update to 2.20.0)

The issue identified by the Trivy linter relates to a security vulnerability in the requests library version 2.19.1. Specifically, it is associated with CVE-2018-18074, which describes a flaw where the library allows the Authorization header to be retained when redirecting from an HTTPS URL to an HTTP URL. This can lead to potential exposure of sensitive authentication information over an insecure connection.

To resolve this security issue, you should update the requests library to at least version 2.20.0, where this vulnerability has been addressed.

Here’s the code suggestion to fix the issue:

Suggested change
requests==2.19.1
requests==2.20.0

This comment was generated by an experimental AI tool.

Copy link

@codacy-production codacy-production bot Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Codacy found a medium Security issue: Insecure dependency pypi/[email protected] (CVE-2024-35195: requests: subsequent requests to the same host ignore cert verification) (update to 2.32.0)

The issue identified by the Trivy linter is related to a vulnerability in the requests library version 2.19.1, specifically CVE-2024-35195. This vulnerability allows subsequent requests to the same host to ignore certificate verification, which can expose applications to man-in-the-middle attacks and other security risks. To mitigate this vulnerability, it is recommended to upgrade the requests library to a more secure version, specifically version 2.32.0 or later.

To address this issue, you can update the version of the requests library in your code. Here is the suggested change:

Suggested change
requests==2.19.1
requests==2.32.0

This comment was generated by an experimental AI tool.

Copy link

@codacy-production codacy-production bot Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Codacy found a medium Security issue: Insecure dependency pypi/[email protected] (CVE-2024-47081: requests: Requests vulnerable to .netrc credentials leak via malicious URLs) (update to 2.32.4)

The issue identified by the Trivy linter is a security vulnerability in the requests library version 2.19.1. This vulnerability, specifically CVE-2024-47081, allows for the potential leakage of sensitive .netrc credentials through the use of malicious URLs. To mitigate this risk, it is recommended to upgrade the requests library to a secure version, specifically version 2.32.4 or later.

To fix the issue, you can update the version of the requests library in your requirements file as follows:

Suggested change
requests==2.19.1
requests==2.32.4

This comment was generated by an experimental AI tool.

Copy link

@codacy-production codacy-production bot Oct 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Codacy found a medium Security issue: Insecure dependency pypi/[email protected] (CVE-2023-32681: python-requests: Unintended leak of Proxy-Authorization header) (update to 2.31.0)

The issue identified by the Trivy linter is a security vulnerability in the requests library version 2.19.1. Specifically, it is associated with CVE-2023-32681, which describes an unintended leak of the Proxy-Authorization header. This vulnerability could potentially expose sensitive information when making requests through a proxy.

To address this security issue, you should update the requests library to a version that is not affected by this vulnerability. The recommended version to upgrade to is 2.31.0.

Here’s the single line change you can make to fix the issue:

Suggested change
requests==2.19.1
requests==2.31.0

This comment was generated by an experimental AI tool.