Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ruff: Add and fix TRY401 #11644

Merged
merged 1 commit into from
Feb 5, 2025
Merged

Ruff: Add and fix TRY401 #11644

merged 1 commit into from
Feb 5, 2025

Conversation

kiblik
Copy link
Contributor

@kiblik kiblik commented Jan 24, 2025

Add rule TRY401 and fix it.

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jan 24, 2025
edited
Loading

DryRun Security Summary

The pull request implements comprehensive improvements to DefectDojo's security posture through enhanced error handling, logging practices, and input validation across multiple application components, with particular focus on JIRA integration, SonarQube API imports, and finding management features.

Expand for full summary

Summary:

The code changes in this pull request focus on improving the error handling, logging, and overall robustness of various features in the DefectDojo application. The changes span multiple files and address different aspects of the application's functionality, including JIRA integration, SonarQube API imports, and finding management.

The key security-related improvements include:

  1. Improved Error Handling and Logging: The code changes consistently replace the logging of full exception details with more generic error messages, reducing the risk of sensitive information leakage in the logs.
  2. Enhanced JIRA Integration: The changes in the JIRA-related files improve the handling of exceptions, the processing of JIRA issue resolutions, and the saving and pushing of findings to JIRA, contributing to a more secure and reliable integration.
  3. Secure Handling of User Input: The code changes ensure that user input is properly validated and sanitized, mitigating potential security risks such as injection vulnerabilities.
  4. Authorization and Access Control: The code utilizes appropriate authorization checks to ensure that users have the necessary permissions to perform sensitive operations, such as unlinking JIRA issues or adding API scan configurations.

While the changes do not directly address any specific security vulnerabilities, they contribute to the overall security posture of the DefectDojo application by improving error handling, logging, and input validation practices. These enhancements can help prevent the unintentional exposure of sensitive information and make the application more resilient to potential security issues.

Files Changed:

  1. dojo/engagement/views.py: Improved error handling and logging in the import_findings and add_risk_acceptance functions.
  2. dojo/endpoint/views.py: Enhanced error handling and file size validation in the import_endpoint_meta function.
  3. dojo/finding_group/views.py: Simplified exception handling in the unlink_jira function.
  4. dojo/finding/views.py: Improved exception handling in the unlink_jira function.
  5. dojo/jira_link/helper.py: Added new functions to handle JIRA issue resolutions and the saving and pushing of findings to JIRA.
  6. dojo/tasks.py: Simplified exception handling in the async_sla_compute_and_notify_task function.
  7. dojo/notifications/helper.py: Refactored the notification system and improved error handling.
  8. dojo/product/views.py: Added functionality to add API Scan Configurations to a product.
  9. dojo/test/views.py: Improved error handling and user feedback in the reimport_findings function.
  10. dojo/tool_config/views.py: Modified exception handling in the new_tool_config function to avoid logging sensitive information.
  11. dojo/jira_link/views.py: Improved error handling and logging in various JIRA-related functions.
  12. dojo/tools/api_sonarqube/importer.py: Enhanced error handling and logging in the SonarQube API importer.
  13. ruff.toml: Updated the Ruff linter configuration to include a new rule.

Code Analysis

We ran 9 analyzers against 13 files and 2 analyzers had findings. 7 analyzers had no findings.

Analyzer Findings
Authn/Authz Analyzer 1 finding
Mass Assignment 1 finding

Overall Riskiness

🟡 Please give this pull request extra attention during review.

View PR in the DryRun Dashboard.

@kiblik kiblik marked this pull request as draft January 25, 2025 09:23
@kiblik kiblik force-pushed the ruff_TRY401 branch 4 times, most recently from 739fa23 to 694ce37 Compare January 25, 2025 15:59
@kiblik kiblik marked this pull request as ready for review January 25, 2025 16:29
@kiblik kiblik requested review from mtesauro and Maffooch January 28, 2025 15:41
@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

mtesauro
mtesauro approved these changes Jan 31, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 3, 2025

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 3, 2025

Conflicts have been resolved. A maintainer will review the pull request shortly.

@mtesauro mtesauro merged commit 060ff7b into DefectDojo:dev Feb 5, 2025
73 checks passed
@kiblik kiblik deleted the ruff_TRY401 branch February 5, 2025 23:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@Maffooch Maffooch Maffooch approved these changes

@blakeaowens blakeaowens blakeaowens approved these changes

Assignees
No one assigned
Labels
parser
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kiblik @mtesauro @dogboat @Maffooch @blakeaowens