You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While triaging your project, our bug fixing tool generated the following message(s)-
In file: [ipaddress.py], class: _TotalOrderingMixin, there is a special method __lt__ that raises a NotImplementedError. If a special method supporting a binary operation is not implemented it should return NotImplemented. On the other hand, NotImplementedError should be raised from abstract methods inside user defined base classes to indicate that derived classes should override those methods. iCR suggested that the special method __lt__ should return NotImplemented instead of raising an exception. An example of how NotImplemented helps the interpreter support a binary operation is here.
Here, we can see that the methods __ne__, __le__, __gt__, and __ge__ are dependent on method __eq__ and __lt__. However, since both of these methods raise an exception instead of returning NotImplemented, the four prior methods aren't going to have any meaningful impact at all. So what can we do about it?
1. Use NotImplemented in methods __eq__ and __lt__
Since four of these methods don't work the way they are written to do, we can modify the two methods to make them work. I understand that _BaseAddress is the class that implements _IPAddressBase class, which implements _TotalOrderingMixin class.
This exception is derived from RuntimeError. In user defined base classes, abstract methods should raise this exception when they require derived classes to override the method, or while the class is being developed to indicate that the real implementation still needs to be added.
As a result, the class should be converted to an abstract class and all these methods need to raise NotImplementedError. It shouldn't affect any other classes since the _BaseAddress class is overriding those methods manually. This approach is more like tidying up/refactoring the codebase.
Please suggest your opinion on this matter. If you're willing, I can create and submit a PR accordingly.
CLA Requirements
This section is only relevant if your project requires contributors to sign a Contributor License Agreement (CLA) for external contributions.
All contributed commits are already automatically signed off.
The meaning of a signoff depends on the project, but it typically certifies that committer has the rights to submit this work under the same license and agrees to a Developer Certificate of Origin (see https://developercertificate.org/ for more information).
- Git Commit SignOff documentation
Sponsorship and Support
This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.
The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.
The text was updated successfully, but these errors were encountered:
Description
While triaging your project, our bug fixing tool generated the following message(s)-
As we can see, the
_TotalOrderingMixinclass is-Here, we can see that the methods
__ne__,__le__,__gt__, and__ge__are dependent on method__eq__and__lt__. However, since both of these methods raise an exception instead of returningNotImplemented, the four prior methods aren't going to have any meaningful impact at all. So what can we do about it?1. Use
NotImplementedin methods__eq__and__lt__Since four of these methods don't work the way they are written to do, we can modify the two methods to make them work. I understand that
_BaseAddressis the class that implements_IPAddressBaseclass, which implements_TotalOrderingMixinclass.2. Convert
_TotalOrderingMixinto an ABCAccording to the documentation -
As a result, the class should be converted to an abstract class and all these methods need to
raise NotImplementedError. It shouldn't affect any other classes since the_BaseAddressclass is overriding those methods manually. This approach is more like tidying up/refactoring the codebase.Please suggest your opinion on this matter. If you're willing, I can create and submit a PR accordingly.
CLA Requirements
This section is only relevant if your project requires contributors to sign a Contributor License Agreement (CLA) for external contributions.
All contributed commits are already automatically signed off.
Sponsorship and Support
This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.
The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.
The text was updated successfully, but these errors were encountered: