1
98%
master: 98%

Ran 04 Oct 2021 05:49PM UTC

Files 7

Run time 1s

Badge

Embed ▾

Committed 04 Oct 2021 05:47PM UTC coverage: 98.75% (+0.002%) from 98.748%

Job # TOXENV=pylint

Build Type

push

travis-ci-com

Committed by

web-flow

Commit Message

[REF] sql-injection: No sql-injection using constants (#351)

The following examples should not be considered as sql-injection:

    self.env.cr.execute("SELECT * FROM %s" % 'table_constant')
    self.env.cr.execute("SELECT * FROM {}".format('table_constant'))
    self.env.cr.execute("SELECT * FROM %(table_variable)s" % {'table_variable': 'table_constant'})

Since that the constant is not possible to inject

* [FIX] sql-injection: AttributeError: 'NoneType' object has no attribute 'parent'

Using the following code:

    queries = [
        "SELECT id FROM res_partner",
        "SELECT id FROM res_users",
    ]
    for query in queries:
        self.env.cr.execute(query)

The check sql-injection shows the following error:
 - AttributeError: 'NoneType' object has no attribute 'parent'

So, Now it is validating if it is not None

* [FIX] sql-injection: Fix false positive using BinOp "+"

Considering the following valid case:

    cr.execute('SELECT ' + operator + ' FROM table' + 'WHERE')

The representation tree is:

    node.repr_tree()
    BinOp(
    op='+',
    left=BinOp(
        op='+',
        left=BinOp(
            op='+',
            left=Const(value='SELECT '),
            right=Name(name='operator')),
        right=Const(value=' FROM table')),
    right=Const(value='WHERE'))

Notice that left node is another BinOp node
So, it need to be considered recursively

Run Details

1501 of 1520 relevant lines covered (98.75%)

0.99 hits per line

OCA / pylint-odoo / 1082 / 1
98%
master: 98%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 1082.1 (TOXENV=pylint)

OCA / pylint-odoo / 1082 / 1 98% master: 98%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 1082.1 (TOXENV=pylint)

OCA / pylint-odoo / 1082 / 1
98%
master: 98%

README BADGES
x