Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed Inappropriate Logical Expression #1315

Merged
merged 1 commit into from
Dec 11, 2023
Merged

Fixed Inappropriate Logical Expression #1315

merged 1 commit into from
Dec 11, 2023

Conversation

fazledyn-or
Copy link
Contributor

Details

While triaging your project, our bug fixing tool generated the following message(s)-

In file: PixivBrowserFactory.py, the comparison of Collection length creates a logical short circuit. iCR suggested that the Collection length comparison should be done without creating a logical short circuit.

As a result, I've modified the conditions to a simpler one. Just checking them with a not before achieves the same goal.

Example

Running the following code gives the output-

# case 1
username = ""
password = ""
if not username or not password:
	print("Inside")

# case 2
username = None
password = None
if not username or not password:
	print("Inside")
Inside
Inside

CLA Requirements

This section is only relevant if your project requires contributors to sign a Contributor License Agreement (CLA) for external contributions.

All contributed commits are already automatically signed off.

The meaning of a signoff depends on the project, but it typically certifies that committer has the rights to submit this work under the same license and agrees to a Developer Certificate of Origin (see https://developercertificate.org/ for more information).
- Git Commit SignOff documentation

Sponsorship and Support

This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.

The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.

@fazledyn-or
Fixed Inappropriate Logical Expression
b2fda79 
Signed-off-by: fazledyn-or <ataf@openrefactory.com>
@PatrickL546
Copy link
Contributor

Is this a bot?

@fazledyn-or
Copy link
Contributor Author

Is this a bot?

😅 Uh no. This PR is 100% created by me manually.

We are working with the OpenSSF under the Linux Foundation to scan top 10,000 Java, Python and Go projects and find and fix bugs in them. As a part of that effort, in the recent past, I have engaged with the maintainers of many Python projects. The bugs reported include XSS, crypto issues, deserialization, improper method call, etc.

We use various SAST tool to scan the projects, then based on the results, we clone the project locally and triage ourselves. And then manually create the commits and submit PR. None of it is done by bots.

@Nandaka Nandaka merged commit eace55a into Nandaka:master Dec 11, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fazledyn-or @PatrickL546 @Nandaka