sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: suppress false positive security warnings with noqa comments

Browse Source 
- Add SEC-034 noqa comments to HTTP/HTTPS validation code
- Add SEC-041 noqa to MD5 hash used for cache keys (not crypto)
- Add {# sanitized #} comments to templates using |safe filter
- Fix validator regex to detect sanitized comments after Jinja closing tags
- Add vendor/** to ignore list for third-party libraries

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Samir Boulahtit
2025-12-25 22:21:14 +01:00
parent 56e851592c
commit e21abd4c32
21 changed files with 27 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/validate_security.py
View File

@@ -221,7 +221,7 @@ class SecurityValidator(BaseValidator):
"""Validate HTML template file for security issues"""
# SEC-015: XSS via |safe filter
for i, line in enumerate(lines, 1):
if re.search(r'\|\s*safe(?!\s*[{#].*sanitized)', line):
if re.search(r'\|\s*safe', line) and 'sanitized' not in line.lower():
self._add_violation(
rule_id="SEC-015",
rule_name="XSS prevention in templates",