212 sonarqube - security blockers and some reliability maintainability blockers#2394
212 sonarqube - security blockers and some reliability maintainability blockers#2394crivetimihai merged 3 commits intomainfrom
Conversation
|
Awesome, can you check if this closes any of these https://github.com/IBM/mcp-context-forge/issues?q=is%3Aissue%20state%3Aopen%20label%3Asonar please? |
No they don't, I'm targeting blockers at the moment to be able to cut off the top. |
Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com>
Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com>
Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com>
abaa308 to
a36cef5
Compare
Review & Rebase CompleteChanges made:
Review findings:
Note on Signed-off-by: Mihai Criveti crivetimihai@gmail.com |
…y blockers (IBM#2394) * Remove last 2 security issues from Sonarqube Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> * Remove 5 of 8 blocker maintainability issues Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> * Correct linting errors Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com> --------- Signed-off-by: Brian Hussey <brian.hussey@ie.ibm.com>
Remove last security blockers and 5 reliability/maintainability blockers
This is in order to reduce Sonarqube findings on the maintainability of the code base as per #212
Key Changes
Refactor certain functions to not always return the same values.
Changed to use a positive piece of work and a default return instead. Increases readability and maintainability.
Note: tls_utils changes were primarily for sonarqube to ignore security issues we purposefully allow for via user configuration.
Benefits
The key benefits of these changes are to get towards net 0 blockers from Sonarqube's point of view so that we can activate a gate not allowing code with Blocker level problems in the CI pipeline.
Files Changed
.gitignore (ignore sonar scanner directory)
mcpgateway/config.py
mcpgateway/plugins/framework/external/mcp/tls_utils.py