semgrep-rules icon indicating copy to clipboard operation
semgrep-rules copied to clipboard

Published 20 hours ago verified publisher icon semgrep

Add new rule for flask-route-decorator

Open khanhldt opened this issue 1 year ago • 4 comments

Wahoo! New published rules with khanhldt.pnbj from @khanhldt.

See semgrep.dev/s/2ZJ3Y for more details.

Thanks for your contribution! ❤️

khanhldt avatar Dec 13 '23 15:12 khanhldt

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Dec 13 '23 15:12 CLAassistant

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

CLAassistant avatar Dec 13 '23 15:12 CLAassistant

I signed the CLA but that message doesn't get resolved for some reason.

khanhldt avatar Dec 21 '23 01:12 khanhldt

It looks like Semgrep does not take the order of decorators into account currently: https://semgrep.dev/playground/s/pKLAZ

While your regex is a nice workaround, I am reporting this as a bug/feature request so that we can avoid complex regexes for this.

There are other route decorators in Flask besides the route decorator, e.g. delete, patch, put, post, get. These are basically aliases for the route decorator that use a different default value for the optional methods argument. I think the rule should probably include those as well.

I've annotated a few more things you should change for the CI checks to pass.

0xDC0DE avatar Jan 09 '24 09:01 0xDC0DE