Add standalone OWASP cheat sheet refresh script#952
Conversation
|
Warning Review limit reached
Next review available in: 29 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Path: .coderabbit.yml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
WalkthroughThis PR adds a new Bash script, ChangesCheatsheets Update Script
Estimated code review effort: 2 (Simple) | ~10 minutes Sequence Diagram(s)sequenceDiagram
participant Script as update-cheatsheets.sh
participant Venv as Python venv
participant DB as standards_cache.sqlite
participant Cre as cre.py
Script->>Venv: create/activate venv, install requirements if flask missing
Script->>DB: verify DB exists
Script->>DB: create timestamped .bak backup
Script->>Cre: run cre.py --cheatsheets_in --cache_file DB
Script->>DB: query node table for OWASP Cheat Sheets links
Script->>DB: update matching links to official cheatsheets URL
Related issues: None specified. Related PRs: None specified. Suggested labels: scripts, maintenance Suggested reviewers: None specified. 🐰 A rabbit hops through cache and code, 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
d08d662 to
716f8b2
Compare
There was a problem hiding this comment.
🧹 Nitpick comments (2)
scripts/update-cheatsheets.sh (2)
23-24: 🗄️ Data Integrity & Integration | 🔵 Trivial | ⚡ Quick winBackup filename collision within the same second.
date +%Y%m%d%H%M%Shas 1-second resolution; two runs within the same second silently overwrite each other's backup.🛡️ Add uniqueness
-BACKUP_FILE="${DB_PATH}.$(date +%Y%m%d%H%M%S).bak" +BACKUP_FILE="${DB_PATH}.$(date +%Y%m%d%H%M%S)_$$.bak"🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@scripts/update-cheatsheets.sh` around lines 23 - 24, The backup creation in the update-cheatsheets script can collide when run multiple times within the same second because BACKUP_FILE is based only on date +%Y%m%d%H%M%S. Update the BACKUP_FILE naming logic in the script so each run produces a unique filename, for example by adding higher-resolution time, the process ID, or another unique suffix, and keep the cp backup step using that new unique name.
14-16: 🩺 Stability & Availability | 🔵 Trivial | ⚡ Quick winFragile dependency-check proxy.
Using
import flasksuccess as a stand-in for "all deps installed" means new/updated packages inrequirements.txtwon't get installed ifflaskis already present in the venv from a prior run.♻️ Simpler and more robust alternative
-if ! python -c "import flask" >/dev/null 2>&1; then - pip install -r "$ROOT_DIR/requirements.txt" -fi +pip install -q -r "$ROOT_DIR/requirements.txt"
pip installis idempotent and fast when nothing changed, so always running it avoids silently skipping updated dependencies.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@scripts/update-cheatsheets.sh` around lines 14 - 16, The dependency check in the update-cheatsheets.sh script is too narrow because it only tests flask via the python import gate, so updated or newly added packages in requirements.txt can be skipped. Remove the import-based conditional around the pip install step and always run the requirements installation in the script flow so dependency updates are applied reliably; the relevant logic is the shell block that wraps pip install -r "$ROOT_DIR/requirements.txt".
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@scripts/update-cheatsheets.sh`:
- Around line 23-24: The backup creation in the update-cheatsheets script can
collide when run multiple times within the same second because BACKUP_FILE is
based only on date +%Y%m%d%H%M%S. Update the BACKUP_FILE naming logic in the
script so each run produces a unique filename, for example by adding
higher-resolution time, the process ID, or another unique suffix, and keep the
cp backup step using that new unique name.
- Around line 14-16: The dependency check in the update-cheatsheets.sh script is
too narrow because it only tests flask via the python import gate, so updated or
newly added packages in requirements.txt can be skipped. Remove the import-based
conditional around the pip install step and always run the requirements
installation in the script flow so dependency updates are applied reliably; the
relevant logic is the shell block that wraps pip install -r
"$ROOT_DIR/requirements.txt".
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yml
Review profile: CHILL
Plan: Pro
Run ID: 4a99f980-fd4a-4622-a8a0-b5532012fd97
📒 Files selected for processing (1)
scripts/update-cheatsheets.sh
Summary
This PR is split out from the larger issue-471 review flow to make review smaller and more focused.
It adds a standalone script for refreshing OWASP Cheat Sheet data and normalizing cheat sheet links in the local cache.
Issue reference:
Problem Fixed
The earlier refresh-scripts review became too large because it was mixed with broader OWASP importer and follow-up work.
For this part of the work, the useful standalone contribution is:
Solution
This PR adds a single standalone script:
scripts/update-cheatsheets.shThe script:
--cheatsheets_inTests
Reviewer Notes
This PR is intentionally narrow because it was split to reduce review size:
This PR is meant to be reviewed as a standalone operational helper.