-
Notifications
You must be signed in to change notification settings - Fork 1
🎨 Palette: Detailed Dry-Run Plan Visibility #162
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| ## 2024-05-22 - CLI Dry-Run Visibility | ||
| **Learning:** Users running destructive CLI tools (sync/delete) rely heavily on dry-run output to trust the tool. Providing high-level stats is insufficient; showing exactly *what* will be affected (e.g., specific folder names and actions) reduces anxiety and prevents errors. | ||
| **Action:** When implementing `--dry-run`, always list the specific entities that would be created, modified, or deleted, not just counts. |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| 3.13 | ||
| 3.13 | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -1129,6 +1129,34 @@ | |
| plan_accumulator.append(plan_entry) | ||
|
|
||
| if dry_run: | ||
| log.info("Dry-run Plan:") | ||
| for folder in plan_entry["folders"]: | ||
| # Determine action label | ||
| if "rule_groups" in folder: | ||
| action_str = f"Multi-Action ({len(folder['rule_groups'])} groups)" | ||
| else: | ||
| act_val = folder.get("action") | ||
| # Handle missing 'do' field (None) as default Allow (0) for display | ||
| if act_val is None: | ||
| act_val = 0 | ||
|
|
||
| if act_val == 0: | ||
| action_str = "Allow" | ||
| elif act_val == 1: | ||
| action_str = "Block" | ||
| elif act_val == 2: | ||
| action_str = "Bypass-Mode" | ||
| else: | ||
| action_str = f"Action={act_val}" | ||
|
|
||
| # Use %s formatting and explicit sanitization to satisfy CodeQL | ||
| log.info( | ||
| " - %s: %s rules (%s)", # codeql[py/clear-text-logging-sensitive-data] | ||
| sanitize_for_log(folder.get("name", "Unknown")), | ||
| folder.get("rules", 0), | ||
Check failureCode scanning / CodeQL Clear-text logging of sensitive information High
This expression logs
sensitive data (password) Error loading related location Loading Copilot AutofixAI about 2 months ago Copilot could not generate an autofix suggestion Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support. |
||
| action_str, | ||
Check failureCode scanning / CodeQL Clear-text logging of sensitive information High
This expression logs
sensitive data (password) Error loading related location Loading Copilot AutofixAI about 2 months ago Copilot could not generate an autofix suggestion Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support. |
||
| ) | ||
|
|
||
|
Comment on lines
+1132
to
+1159
|
||
| log.info("Dry-run complete: no API calls were made.") | ||
| return True | ||
|
|
||
|
|
||
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,18 @@ | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Check warningCode scanning / Pylintpython3 (reported by Codacy) Missing module docstring Warning
Missing module docstring
Check warningCode scanning / Pylint (reported by Codacy) Missing module docstring Warning
Missing module docstring
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| import logging | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Check warningCode scanning / Prospector (reported by Codacy) Unused import logging (unused-import) Warning
Unused import logging (unused-import)
Check noticeCode scanning / Pylintpython3 (reported by Codacy) Unused import logging Note
Unused import logging
Check noticeCode scanning / Pylint (reported by Codacy) Unused import logging Note
Unused import logging
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| import logging |
Check notice
Code scanning / Bandit
Possible hardcoded password: 'secret_token' Note
Check warning
Code scanning / Prospector (reported by Codacy)
Import "import main" should be placed at the top of the module (wrong-import-position) Warning
Check warning
Code scanning / Pylintpython3 (reported by Codacy)
Import "import main" should be placed at the top of the module Warning
Check warning
Code scanning / Pylint (reported by Codacy)
Import "import main" should be placed at the top of the module Warning
Check warning
Code scanning / Pylintpython3 (reported by Codacy)
Missing function or method docstring Warning
Check warning
Code scanning / Pylint (reported by Codacy)
Missing function docstring Warning
Copilot
AI
Feb 4, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Module 'main' is imported with both 'import' and 'import from'.
| from main import sanitize_for_log | |
| TOKEN = "secret_token" | |
| import main | |
| main.TOKEN = TOKEN | |
| def test_sanitize(): | |
| entry_name = "Folder with " + TOKEN | |
| sanitized = sanitize_for_log(entry_name) | |
| import main | |
| TOKEN = "secret_token" | |
| main.TOKEN = TOKEN | |
| def test_sanitize(): | |
| entry_name = "Folder with " + TOKEN | |
| sanitized = main.sanitize_for_log(entry_name) |
Check notice
Code scanning / Bandit
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Note
Check notice
Code scanning / Bandit (reported by Codacy)
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Note
Check notice
Code scanning / Bandit
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Note
Check notice
Code scanning / Bandit (reported by Codacy)
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code. Note
Copilot
AI
Feb 4, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file modifies a TOKEN global variable in the main module (lines 6-7), which could have unintended side effects if the script is accidentally imported or run in an environment where the main module is already loaded. If this script must be kept, it should use proper test isolation techniques such as mocking or fixtures to avoid modifying global state.
| TOKEN = "secret_token" | |
| import main | |
| main.TOKEN = TOKEN | |
| def test_sanitize(): | |
| entry_name = "Folder with " + TOKEN | |
| sanitized = sanitize_for_log(entry_name) | |
| print(f"Original: {entry_name}") | |
| print(f"Sanitized: {sanitized}") | |
| assert "[REDACTED]" in sanitized | |
| assert TOKEN not in sanitized | |
| from unittest import mock | |
| TOKEN = "secret_token" | |
| def test_sanitize(): | |
| with mock.patch("main.TOKEN", TOKEN): | |
| entry_name = "Folder with " + TOKEN | |
| sanitized = sanitize_for_log(entry_name) | |
| print(f"Original: {entry_name}") | |
| print(f"Sanitized: {sanitized}") | |
| assert "[REDACTED]" in sanitized | |
| assert TOKEN not in sanitized |
Check warning
Code scanning / Prospector (reported by Codacy)
expected 2 blank lines after class or function definition, found 1 (E305) Warning
Copilot
AI
Feb 4, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This file appears to be a debug/test script that was likely used during development but should not be committed to the repository. The file tests the sanitize_for_log function, but there are already comprehensive tests in tests/test_log_sanitization.py. This script should either be moved to the tests/ directory as a proper test case, or removed entirely and added to .gitignore if it's meant for local development only.
| import logging | |
| from main import sanitize_for_log | |
| TOKEN = "secret_token" | |
| import main | |
| main.TOKEN = TOKEN | |
| def test_sanitize(): | |
| entry_name = "Folder with " + TOKEN | |
| sanitized = sanitize_for_log(entry_name) | |
| print(f"Original: {entry_name}") | |
| print(f"Sanitized: {sanitized}") | |
| assert "[REDACTED]" in sanitized | |
| assert TOKEN not in sanitized | |
| if __name__ == "__main__": | |
| test_sanitize() | |
| from main import sanitize_for_log | |
| TOKEN = "secret_token" | |
| import main | |
| main.TOKEN = TOKEN | |
| def test_sanitize(): | |
| entry_name = "Folder with " + TOKEN | |
| sanitized = sanitize_for_log(entry_name) | |
| assert "[REDACTED]" in sanitized | |
| assert TOKEN not in sanitized |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This change appears to be a formatting-only modification (removing the leading space from line 1). While this makes the file more consistent, it doesn't relate to the PR's stated purpose of adding detailed dry-run logging. If this is an intentional cleanup, it should be mentioned in the PR description. If unintentional, it should be reverted.