Skip to content

Fix syntax errors and remove duplicate content across Python files#41

Merged
Bryan-Roe merged 3 commits into
mainfrom
copilot/fix-code-issues
Jan 19, 2026
Merged

Fix syntax errors and remove duplicate content across Python files#41
Bryan-Roe merged 3 commits into
mainfrom
copilot/fix-code-issues

Conversation

Copilot AI commented Jan 19, 2026

Copy link
Copy Markdown
Contributor

Repository had multiple syntax errors preventing compilation and ~600 lines of duplicate content in production files.

Fixed Syntax Errors

  • scripts/validate_datasets.py: Empty except block missing error handler
  • scripts/repo_automation.py: Malformed docstring and misplaced for loop in expression context
  • AI/microsoft_phi-silica-3.6_v1/scripts/train_lora.py: Missing pass statement in except block
  • AI/microsoft_phi-silica-3.6_v1/python mcp.py: Duplicate api_version parameter (kept 2024-12-01-preview)

Removed Duplicate Content

Both quantum-ai/production/test_api.py and banknote_api.py contained full file duplications starting at EOF:

if __name__ == '__main__':
    main()
"""                          # <- Closing quote without opening
Comprehensive test suite...  # <- Entire file duplicated from line 1

Removed 595 lines of duplicate code, fixed missing opening docstring quotes, and corrected duplicate timeout parameters in request calls.

Fixed Warnings

Changed docstrings with Windows paths to raw strings to eliminate invalid escape sequence warnings:

# Before
"""
    python .\train.py --csv ..\datasets\quantum\file.csv
"""

# After  
r"""
    python .\train.py --csv ..\datasets\quantum\file.csv
"""

All 266 Python files now compile cleanly.

Original prompt

Fix code


💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @Copilot! 👋

Your private repo does not have access to Sourcery.

Please upgrade to continue using Sourcery ✨

- Fixed IndentationError in scripts/validate_datasets.py (missing except block body)
- Fixed IndentationError in scripts/repo_automation.py (malformed docstring and misplaced for loop)
- Fixed SyntaxError in quantum-ai/production/test_api.py (unterminated docstring, duplicate content, duplicate timeout parameter)
- Fixed SyntaxError in quantum-ai/production/banknote_api.py (unterminated docstring, duplicate content)
- Fixed IndentationError in AI/microsoft_phi-silica-3.6_v1/scripts/train_lora.py (missing pass statement)
- Fixed SyntaxError in AI/microsoft_phi-silica-3.6_v1/python mcp.py (duplicate api_version parameter)
- Fixed SyntaxWarnings in quantum-ai/train_custom_dataset.py and azure_foundry_deploy.py (invalid escape sequences)

Co-authored-by: Bryan-Roe <74067792+Bryan-Roe@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix various issues in existing code Fix syntax errors and remove duplicate content across Python files Jan 19, 2026
Copilot AI requested a review from Bryan-Roe January 19, 2026 16:23
@Bryan-Roe Bryan-Roe marked this pull request as ready for review January 19, 2026 16:25
Copilot AI review requested due to automatic review settings January 19, 2026 16:25

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @Bryan-Roe! 👋

Your private repo does not have access to Sourcery.

Please upgrade to continue using Sourcery ✨

@Bryan-Roe Bryan-Roe merged commit 51a0ee0 into main Jan 19, 2026
8 of 15 checks passed
@Bryan-Roe Bryan-Roe deleted the copilot/fix-code-issues branch January 19, 2026 16:25
from src.hybrid_qnn import HybridQNN

app = Flask(__name__)
CORS(app) # Enable CORS for web clients

@bryan-roe-bot bryan-roe-bot Bot Jan 19, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Risk: Affected versions of Flask-Cors are vulnerable to Improper Access Control. The private network cors header, Access-Control-Allow-Private-Network is always sent with the value true, without any option to configure it. This behavior can potentially expose private network resources to unauthorized external access, leading to significant security risks.

Fix: Upgrade this library to at least version 4.0.2 at Aria/quantum-ai/production/requirements.txt:3.

Reference(s): GHSA-hxwh-jpp2-84pm, CVE-2024-6221

Removed in commit 51a0ee0

model_path = model_dir / "custom_model.pt"
if not model_path.exists():
raise FileNotFoundError(f"Model not found: {model_path}")
model.load_state_dict(torch.load(model_path, weights_only=True))

@bryan-roe-bot bryan-roe-bot Bot Jan 19, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Risk: Affected versions of torch are vulnerable to Deserialization of Untrusted Data. Using torch.load with the weights_only flag does not fully mitigate the risk of deserialization attacks; an attacker who crafts a malicious model file can trigger remote command execution despite the weights_only=True safeguard.

Fix: Upgrade this library to at least version 2.6.0 at Aria/quantum-ai/production/requirements.txt:5.

Reference(s): GHSA-53q9-r3pm-6pq6, CVE-2025-32434

🚀 Removed in commit 51a0ee0 🚀

# Load metadata
summary_path = model_dir / "custom_training_summary.json"
if summary_path.exists():
with open(summary_path) as f:

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Semgrep identified an issue in your code:
Missing 'encoding' parameter. 'open()' uses device locale encodings by default, corrupting files with special characters. Specify the encoding to ensure cross-platform support when opening files in text mode (e.g. encoding="utf-8").

To resolve this comment:

🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.

💬 Ignore this finding

Reply with Semgrep commands to ignore this finding.

  • /fp <comment> for false positive
  • /ar <comment> for acceptable risk
  • /other <comment> for all other reasons

Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by unspecified-open-encoding.

You can view more details about this finding in the Semgrep AppSec Platform.

scaler_path = model_dir / "custom_scaler.pkl"
if not scaler_path.exists():
raise FileNotFoundError(f"Scaler not found: {scaler_path}")
scaler = joblib.load(scaler_path)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Semgrep identified an issue in your code:
Scikit joblib uses pickle under the hood. Functions reliant on pickle can result in arbitrary code execution. Consider using skops instead.

To resolve this comment:

🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.

💬 Ignore this finding

Reply with Semgrep commands to ignore this finding.

  • /fp <comment> for false positive
  • /ar <comment> for acceptable risk
  • /other <comment> for all other reasons

Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by scikit-joblib-load.

You can view more details about this finding in the Semgrep AppSec Platform.

@bryan-roe-bot

bryan-roe-bot Bot commented Jan 19, 2026

Copy link
Copy Markdown
Contributor

Semgrep found 21 B101 findings:

The application was found using assert in non-test code. Usually reserved for debug and test
code, the assert
function is commonly used to test conditions before continuing execution. However, enclosed
code will be removed
when compiling Python code to optimized byte code. Depending on the assertion and subsequent
logic, this could
lead to undefined behavior of the application or application crashes.

To remediate this issue, remove the assert calls. If necessary, replace them with either if
conditions or
try/except blocks.

Example using try/except instead of assert:

# Below try/except is equal to the assert statement of:
# assert user.is_authenticated(), "user must be authenticated"
try:
    if not user.is_authenticated():
        raise AuthError("user must be authenticated")
except AuthError as e:
    # Handle error
    # ...
    # Return, do not continue processing
    return

Semgrep found 11 detect-pytorch findings:

Possibly found usage of AI tooling: PyTorch

Semgrep found 8 use-raise-for-status findings:

There's an HTTP request made with requests, but the raise_for_status() utility method isn't used. This can result in request errors going unnoticed and your code behaving in unexpected ways, such as if your authorization API returns a 500 error while you're only checking for a 401.

Semgrep found 2 unspecified-open-encoding findings:

Missing 'encoding' parameter. 'open()' uses device locale encodings by default, corrupting files with special characters. Specify the encoding to ensure cross-platform support when opening files in text mode (e.g. encoding="utf-8").

Semgrep found 2 B310-1 findings:

The application was found passing in a non-literal value to the urllib methods which issue
requests. urllib supports the file:// scheme, which may allow an adversary who can control
the URL value to read arbitrary files on the file system.

To remediate this issue either hardcode the URLs being used in urllib or use the requests
module instead.

Example using the requests module to issue an HTTPS request:

import requests
# Issue a GET request to https://example.com with a timeout of 10 seconds
response = requests.get('https://example.com', timeout=10)
# Work with the response object
# ...

Semgrep found 97 rule findings:

Semgrep found a match

Semgrep found 2 non-literal-import findings:

Untrusted user input in importlib.import_module() function allows an attacker to load arbitrary code. Avoid dynamic values in importlib.import_module() or use a whitelist to prevent running untrusted code.

Semgrep found 2 dynamic-urllib-use-detected findings:

Detected a dynamic value being used with urllib. urllib supports 'file://' schemes, so a dynamic value controlled by a malicious actor may allow them to read arbitrary files. Audit uses of urllib calls to ensure user data cannot control the URLs, or consider using the 'requests' library instead.

Semgrep found 1 dangerous-subprocess-use-audit finding:

Detected subprocess function 'run' without a static string. If this data can be controlled by a malicious actor, it may be an instance of command injection. Audit the use of this call to ensure it is not controllable by an external resource. You may consider using 'shlex.escape()'.

Semgrep found 4 identical-is-comparison findings:

Found identical comparison using is. Ensure this is what you intended.

Semgrep found 2 arbitrary-sleep findings:

time.sleep() call; did you mean to leave this in?

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses critical syntax errors and removes substantial duplicate content (~600 lines) across multiple Python files. The changes fix compilation errors that were preventing the repository's Python files from running properly.

Changes:

  • Fixed 4 syntax errors: empty except blocks, malformed docstrings, and misplaced code
  • Removed complete file duplications in two production API files
  • Converted docstrings with Windows paths to raw strings to eliminate escape sequence warnings

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
scripts/validate_datasets.py Added error handler to empty except block for JSON decode errors
scripts/repo_automation.py Fixed malformed docstring and relocated misplaced for loop to correct scope
quantum-ai/production/test_api.py Removed 286 lines of duplicate content and fixed duplicate timeout parameter
quantum-ai/production/banknote_api.py Removed 309 lines of duplicate content and improved security comment
AI/microsoft_phi-silica-3.6_v1/scripts/train_lora.py Added missing pass statement in exception handler
quantum-ai/train_custom_dataset.py Changed docstring to raw string for Windows path escapes
AI/microsoft_phi-silica-3.6_v1/azure_foundry_deploy.py Changed docstring to raw string for Windows path escapes


# Start server - default to localhost for security
# Use BANKNOTE_API_HOST environment variable to override if needed
host = os.environ.get('BANKNOTE_API_HOST', '127.0.0.1')

Copilot AI Jan 19, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The os module is used on line 305 (os.environ.get('BANKNOTE_API_HOST', '127.0.0.1')) but is not imported. This will cause a NameError at runtime when the main function is executed. Add import os to the imports section at the top of the file.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants