Skip to content

Conversation

@lucas-bremond
Copy link

Add support for isort's known_OTHER that requires sections to be written in APP_CAPS (documentation).

In addition, allow additional properties to be sent to the command line (because not every option is mapped out, and to make it able to support isort forks with additional settings).

@github-actions
Copy link

Binder 👈 Launch a Binder on branch lucas-bremond/jupyterlab_code_formatter/users%2Flucas%2Fimport-isort-configurability

@lucas-bremond
Copy link
Author

Hello @ryantam626! If you think this simple PR could be merged/released at some point, this would be awesome!

@krassowski
Copy link
Contributor

In addition, allow additional properties to be sent to the command line

I have not looked in depth but would it not a potential vulnerability by allowing someone to drop overrides.json with commands to execute?

@lucas-bremond
Copy link
Author

lucas-bremond commented Sep 28, 2025

Thanks @krassowski for taking a look!

would it not a potential vulnerability by allowing someone to drop overrides.json with commands to execute?

I actually asked myself the same question, but I don't think it does, because (noting that "additionalProperties": true is only scoped for isort) the isort formatter calls either

SortImports(file_contents=code, **options).output

or

isort.code(code=code, **options)

and in turn isort.code is an alias for sort_code_string that feeds **options here to a structured Config object.

As far as I can see, there's no mechanism that would lead to malicious code being injected into a shell.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants