Explore the world of Python codemods in this 47-minute conference talk from Conf42 Python 2024. Dive into the philosophy and architecture of codemodder, learning how to leverage open-source tools to fix and harden code. Discover practical applications like replacing unsafe PyYAML loaders, using defusedxml for XML parsing, and automating resource closure. Follow along as the speaker demonstrates writing a codemod using a plugin template, and gain insights into making both easy and complex tasks achievable. Conclude with a look at future developments, including the PixeeBot app, and an invitation for community feedback on this innovative approach to code modification and security enhancement.
Overview
Syllabus
intro
preamble
https://github.com/pixee/codemodder-python
there is a problem
security tools
we need to fix and harden codes
code + modification
codemodder philosophy
leverage open-source tools
process results from other tools
invoke open-source tools
codemods tell a story
how can i use it?
what does it do?
what can we fix?
replace unsafe pyyaml loader
use defusedxml for parsing xml
automatically close resources
parametrize sql queries
use generator expressions
codemodder architecture
codemod metadata
dependency management
let's write a codemod
codemod plugin template
make the easy things easy
make the hard things possible
looking ahead
we want your feedback!
pixeebot app
about pixee
Taught by
Conf42
