Conversation
- Remove Python builtins injection into executor event_dict so only AC_-prefixed allowlist is callable via JSON/socket payloads. - Pin core and platform dependencies in pyproject.toml and align PySide6 between pyproject, requirements, and dev_requirements. - Make create_project_dir's lock module-level and cover all writes. - Replace get_dir_files_as_list's mutable getcwd() default with None sentinel evaluated per call. - Remove unused imports and deduplicate __all__.
Update example jsons
- CLAUDE.md: add Static Analysis Compliance section covering complexity, exception chaining, Bandit security, resource management, and naming. - Replace print() in library code with autocontrol_logger across utils, wrapper, osx, and linux backends to satisfy python:S4792. - Narrow bare `except Exception` to specific exception tuples and add `raise ... from error` for chain preservation (python:S5655). - Remove shell=True from ShellManager; normalize commands via shlex to argv list, eliminating Bandit B602. - Replace wildcard Cocoa/Foundation imports in osx_listener with explicit symbols (python:S2208). - Drop sys.argv side effects from start_autocontrol_socket_server; bind default host to 127.0.0.1 for least privilege. - Split platform_wrapper monolith into _platform_linux / _platform_osx / _platform_windows to satisfy the 750-line file limit.
AutoClickTabMixin owns the _build_auto_click_tab / _do_click / _send_* methods; the copies in main_widget were dead duplicates.
|
Not up to standards ⛔🔴 Issues
|
| Category | Results |
|---|---|
| ErrorProne | 1 high |
| Security | 1 critical |
🟢 Metrics -33 complexity · 2 duplication
Metric Results Complexity -33 Duplication 2
TIP This summary will be updated as you push new changes. Give us feedback
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
CLAUDE.mdcovering SonarQube / Codacy / Pylint / Bandit rules (complexity, exception chaining, security, resources, style, tests, verification commands).je_auto_control/: replaceprint()withautocontrol_logger, narrow broadexcept Exceptionto specific tuples, addraise ... from errorfor chain preservation, and rename shadowed exception variables.shell=TruefromShellManagerand normalize commands viashlexto an argv list (fixes Bandit B602). Dropsys.argvside effects fromstart_autocontrol_socket_serverand bind default host to127.0.0.1for least privilege.wrapper/platform_wrapper.pymonolith into_platform_linux.py,_platform_osx.py,_platform_windows.pyto satisfy the new 750-line file limit.AutoControlGUIWidget;AutoClickTabMixinis the single source of truth.Test plan
py -m py_compileon every modified module passes (verified locally).ruff check je_auto_control/reports no new issues.pylint je_auto_control/reports no new issues.bandit -r je_auto_control/ -x je_auto_control/testreports no new issues.radon cc je_auto_control/ -a -ncflags no functions at complexity C or higher.python -m pytest test/unit_test/on Windows, macOS, Linux.test/unit_test/socket_server_test/socket_server_test.pystill starts server on default localhost:9938.ShellManager.exec_shellstill runs commands on Windows withoutshell=True(argv or shlex-splittable string).