Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ruff: Add PLR5 and fix PLR5501 #11714

Merged
merged 1 commit into from
Feb 12, 2025
Merged

Ruff: Add PLR5 and fix PLR5501 #11714

merged 1 commit into from
Feb 12, 2025

Conversation

kiblik
Copy link
Contributor

@kiblik kiblik commented Feb 2, 2025

Add PLR5* rules and fix collapsible-else-if (PLR5501)

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Feb 2, 2025
edited
Loading

DryRun Security Summary

The pull request involves code refactoring across DefectDojo project files, with no critical security vulnerabilities introduced but containing potential security concerns around JIRA user creation, sensitive data handling, logging practices, and configuration dependencies that require careful management.

Expand for full summary

The pull request contains code refactoring across multiple files in the DefectDojo project, primarily simplifying conditional logic and reducing code complexity. Multiple files were modified with minor changes to improve code readability and structure.

Security Findings:

  1. Hardcoded JIRA User Creation (dojo/jira_link/helper.py): Potential security concern with predictable system user creation with username "JIRA"
  2. Sensitive Information Exposure: Multiple parsers handle vulnerability data with potential information sensitivity
  3. Logging of Sensitive Details: Some files log detailed vulnerability information that could potentially expose sensitive data
  4. Configuration Dependency: Several files rely on external settings that could introduce configuration management risks

No direct critical security vulnerabilities were introduced, but the code contains several areas that require careful configuration and management to prevent potential information exposure or unauthorized access.

Code Analysis

We ran 9 analyzers against 27 files and 2 analyzers had findings. 7 analyzers had no findings.

Analyzer Findings
Authn/Authz Analyzer 4 findings
IDOR Analyzer 1 finding

Overall Riskiness

🟡 Please give this pull request extra attention during review.

View PR in the DryRun Dashboard.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 6, 2025

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 6, 2025

Conflicts have been resolved. A maintainer will review the pull request shortly.

mtesauro
mtesauro approved these changes Feb 7, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@mtesauro mtesauro merged commit 79ea71d into DefectDojo:dev Feb 12, 2025
73 checks passed
@kiblik kiblik deleted the ruff_PLR5501 branch February 13, 2025 06:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@hblankenship hblankenship hblankenship approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
apiv2 lint parser
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kiblik @mtesauro @dogboat @hblankenship @Maffooch