fix type annotation mistake that caused a security detector to misfire #891

matt-codecov · 2024-11-13T22:05:10Z

fixes https://github.com/codecov/internal-issues/issues/965

we import xml.etree.ElementTree.Element but what we're actually using is lxml.etree.Element. we use lxml for xml parsing, not the standard library module:

worker/services/report/report_processor.py

Line 129 in 8056e7b

parser = etree.XMLParser(recover=True, resolve_entities=False)

this caused a security alert to misfire

codecov-notifications · 2024-11-13T22:11:25Z

Codecov Report

All modified and coverable lines are covered by tests ✅

✅ All tests successful. No failed tests found.

@@            Coverage Diff             @@
##             main     #891      +/-   ##
==========================================
- Coverage   98.05%   98.05%   -0.01%     
==========================================
  Files         444      444              
  Lines       35395    35394       -1     
==========================================
- Hits        34705    34704       -1     
  Misses        690      690

Flag	Coverage Δ
integration	`41.96% <100.00%> (-0.01%)`	⬇️
unit	`90.84% <100.00%> (-0.01%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
NonTestCode	`96.14% <100.00%> (-0.01%)`	⬇️
OutsideTasks	`95.93% <100.00%> (-0.01%)`	⬇️

Files with missing lines	Coverage Δ
services/report/languages/bullseye.py	`97.77% <100.00%> (ø)`
services/report/languages/clover.py	`98.33% <100.00%> (ø)`
services/report/languages/cobertura.py	`98.05% <100.00%> (ø)`
services/report/languages/csharp.py	`98.36% <100.00%> (ø)`
services/report/languages/helpers.py	`100.00% <100.00%> (ø)`
services/report/languages/jacoco.py	`100.00% <100.00%> (ø)`
services/report/languages/jetbrainsxml.py	`90.62% <100.00%> (ø)`
services/report/languages/mono.py	`39.28% <100.00%> (ø)`
services/report/languages/scoverage.py	`100.00% <100.00%> (ø)`
services/report/languages/vb.py	`96.55% <100.00%> (ø)`
... and 2 more

codecov-qa · 2024-11-13T22:11:32Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.05%. Comparing base (8056e7b) to head (4b9cdc8).
Report is 1 commits behind head on main.

✅ All tests successful. No failed tests found.

@@            Coverage Diff             @@
##             main     #891      +/-   ##
==========================================
- Coverage   98.05%   98.05%   -0.01%     
==========================================
  Files         444      444              
  Lines       35395    35394       -1     
==========================================
- Hits        34705    34704       -1     
  Misses        690      690

Flag	Coverage Δ
integration	`41.96% <100.00%> (-0.01%)`	⬇️
unit	`90.84% <100.00%> (-0.01%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
NonTestCode	`96.14% <100.00%> (-0.01%)`	⬇️
OutsideTasks	`95.93% <100.00%> (-0.01%)`	⬇️

Files with missing lines	Coverage Δ
services/report/languages/bullseye.py	`97.77% <100.00%> (ø)`
services/report/languages/clover.py	`98.33% <100.00%> (ø)`
services/report/languages/cobertura.py	`98.05% <100.00%> (ø)`
services/report/languages/csharp.py	`98.36% <100.00%> (ø)`
services/report/languages/helpers.py	`100.00% <100.00%> (ø)`
services/report/languages/jacoco.py	`100.00% <100.00%> (ø)`
services/report/languages/jetbrainsxml.py	`90.62% <100.00%> (ø)`
services/report/languages/mono.py	`39.28% <100.00%> (ø)`
services/report/languages/scoverage.py	`100.00% <100.00%> (ø)`
services/report/languages/vb.py	`96.55% <100.00%> (ø)`
... and 2 more

codecov · 2024-11-13T22:11:34Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.05%. Comparing base (8056e7b) to head (4b9cdc8).
Report is 1 commits behind head on main.

✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #891      +/-   ##
==========================================
- Coverage   98.05%   98.05%   -0.01%     
==========================================
  Files         444      444              
  Lines       35395    35394       -1     
==========================================
- Hits        34705    34704       -1     
  Misses        690      690

Flag	Coverage Δ
integration	`41.96% <100.00%> (-0.01%)`	⬇️
unit	`90.84% <100.00%> (-0.01%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
NonTestCode	`96.14% <100.00%> (-0.01%)`	⬇️
OutsideTasks	`95.93% <100.00%> (-0.01%)`	⬇️

Files with missing lines	Coverage Δ
services/report/languages/bullseye.py	`97.77% <100.00%> (ø)`
services/report/languages/clover.py	`98.33% <100.00%> (ø)`
services/report/languages/cobertura.py	`98.05% <100.00%> (ø)`
services/report/languages/csharp.py	`98.36% <100.00%> (ø)`
services/report/languages/helpers.py	`100.00% <100.00%> (ø)`
services/report/languages/jacoco.py	`100.00% <100.00%> (ø)`
services/report/languages/jetbrainsxml.py	`90.62% <100.00%> (ø)`
services/report/languages/mono.py	`39.28% <100.00%> (ø)`
services/report/languages/scoverage.py	`100.00% <100.00%> (ø)`
services/report/languages/vb.py	`96.55% <100.00%> (ø)`
... and 2 more

codecov-public-qa · 2024-11-13T22:11:41Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.05%. Comparing base (8056e7b) to head (4b9cdc8).
Report is 1 commits behind head on main.

✅ All tests successful. No failed tests found.

@@            Coverage Diff             @@
##             main     #891      +/-   ##
==========================================
- Coverage   98.05%   98.05%   -0.01%     
==========================================
  Files         444      444              
  Lines       35395    35394       -1     
==========================================
- Hits        34705    34704       -1     
  Misses        690      690

Flag	Coverage Δ
integration	`41.96% <100.00%> (-0.01%)`	⬇️
unit	`90.84% <100.00%> (-0.01%)`	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
NonTestCode	`96.14% <100.00%> (-0.01%)`	⬇️
OutsideTasks	`95.93% <100.00%> (-0.01%)`	⬇️

Files with missing lines	Coverage Δ
services/report/languages/bullseye.py	`97.77% <100.00%> (ø)`
services/report/languages/clover.py	`98.33% <100.00%> (ø)`
services/report/languages/cobertura.py	`98.05% <100.00%> (ø)`
services/report/languages/csharp.py	`98.36% <100.00%> (ø)`
services/report/languages/helpers.py	`100.00% <100.00%> (ø)`
services/report/languages/jacoco.py	`100.00% <100.00%> (ø)`
services/report/languages/jetbrainsxml.py	`90.62% <100.00%> (ø)`
services/report/languages/mono.py	`39.28% <100.00%> (ø)`
services/report/languages/scoverage.py	`100.00% <100.00%> (ø)`
services/report/languages/vb.py	`96.55% <100.00%> (ø)`
... and 2 more

github-actions · 2024-11-13T22:11:49Z

✅ All tests successful. No failed tests were found.

📣 Thoughts on this report? Let Codecov know! | Powered by Codecov

fix type annotation mistake that caused a security detector to misfire

4b9cdc8

matt-codecov requested a review from a team November 13, 2024 22:07

matt-codecov enabled auto-merge November 13, 2024 22:07

adrian-codecov approved these changes Nov 13, 2024

View reviewed changes

matt-codecov added this pull request to the merge queue Nov 13, 2024

Merged via the queue into main with commit e5095d3 Nov 13, 2024
26 of 27 checks passed

matt-codecov deleted the pr891 branch November 13, 2024 23:35

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

fix type annotation mistake that caused a security detector to misfire #891

fix type annotation mistake that caused a security detector to misfire #891

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

fix type annotation mistake that caused a security detector to misfire #891

fix type annotation mistake that caused a security detector to misfire #891

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Uh oh!

Uh oh!