iCR for Python User Guides
iCR for Python 3.5
iCR for Python 3.5
  • Table of contents
    • Introduction
    • Overview
    • Authorizing Access to Your Source Code
      • Authenticating GitHub Access with a Cloud-Based VCS Repository Service
        • Authenticating GitHub Access with a Private VCS Repository
      • Authenticating GitLab Access with a Cloud-Based VCS Repository
        • Authenticating GitLab Access with a Private VCS Repository
      • Authenticating Bitbucket Access with a Cloud-Based VCS Repository
    • Using the Navigator
      • Connecting to the Navigator
      • Setting your User Password
      • The Navigator top banner
      • The Analysis Engine status
      • Selecting Your Source Code
        • Using a cloud-based VCS
        • Selecting your branch
        • Using a private VCS
        • Using a local project
        • Limiting the files to be analyzed
      • Integrating with your bug tracking system
        • Integrating with Jira - Define Your Project
        • Integrating with Jira - Authorizing Access for iCR
        • Integrating with Jira - Connecting with iCR
    • Using the Analysis Engine
      • Initiating an analysis
      • Monitoring the analysis
      • Interrupting the analysis
    • Reviewing your results
      • Reviewer summary and filters
      • Filter by Directory pane
      • Filter by Category pane
      • Reviewing a fix
      • Accepting a fix
        • Accepting a fix when integrated with your bug system
      • Rejecting a fix
        • Rejecting a fix when integrated with your bug system
      • Undoing a fix
        • Undoing a fix when integrated with your bug system
      • Rejected fix history
      • Providing feedback
      • Applying the fixes
      • Cases needing manual attention
      • Capturing results for printing or sharing
      • Ending a reviewer session
    • When you are complete
    • Appendix – List of supported fixers
    • Appendix – Example Summary Report
    • Appendix - Sample Bug Listing
Powered by GitBook
On this page
  1. Table of contents
  2. Reviewing your results

Reviewing a fix

PreviousFilter by Category paneNextAccepting a fix

Last updated 1 year ago

Once you have filtered for the set of fixes for review, you may begin processing them. That typically begins with clicking on the Unresolved tab to see what fixes need to be reviewed. In our example, we will be looking at a set of fixes within the Sensitive Data Exposure category. There were 7 fixes identified. To show how to process a fix, we will look at Fix SDE-PyRRG-1-1.

In this example, it has detected the use of a weak encryption library leading to possible attacks. To learn more about this issue, you can click on the link should not be used for security purposes to learn more about the use of pseudo-random generators.

To strengthen the security for this issue, it is recommended that the weak random library be replaced with the stronger secrets library.

To see the diffs for this fix, click on the Show Diff button. Doing that reveals an expanded display.

There is a Diff: tab shown where the tab displays the changes suggested for the affected file. In this example, Diff: 1 is selected and displayed. This is the diff for the file using the weak library.

The lines that were changed are identified by the red highlighted statements. In this example, those are Lines 1 and 32. The text below that shows the corrected code with green highlights. The iCR generated code corrects the issue by replacing the import of the random library with the stronger secrets one. In addition, the usage statement 32 is updated to refer to the stronger pseudo-random number generator secrets.SystemRandom.

If you want to browse the original source file associated with this fix, you can click on the Show Source button. A scrollable window will appear below the diff window with tabs for each of the files that have a diff for this fix. You can click on any tab to browse the source for any of the affected files. In this case Source of Diff: 1.

You can scroll through the original source file independently of the diff window.

Once you are satisfied with reviewing a particular correction, you can select other Diff: tabs to review all the suggested changes for this fix.

To view other fixes, scroll through the list of fixes or select new filters.