Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ruff: Add and fix Q000 #10095

Merged
merged 4 commits into from
Jul 12, 2024

Update .settings.dist.py.sha256sum

edf2af3
Select commit
Loading
Failed to load commit list.
Merged

Ruff: Add and fix Q000 #10095

Update .settings.dist.py.sha256sum
edf2af3
Select commit
Loading
Failed to load commit list.
DryRunSecurity / Sensitive Files Analyzer succeeded Jul 9, 2024 in 0s

DryRun Security

Details

Sensitive Files Analyzer Findings: 5 detected

⚠️ Potential Sensitive File dojo/cred/urls.py (click for details)
Type Potential Sensitive File
Description When a urls.py file is changed it often means that there have been changes to HTTP routes or endpoints in your Django application. As such, this changes the attack surface of the application and is a marker for risk.
Filename dojo/cred/urls.py
CodeLink

django-DefectDojo/dojo/cred/urls.py

Lines 3 to 28 in edf2af3

from . import views
urlpatterns = [
re_path(r"^cred/add", views.new_cred, name="add_cred"),
re_path(r"^cred/(?P<ttid>\d+)/view$", views.view_cred_details, name="view_cred_details"),
re_path(r"^cred/(?P<ttid>\d+)/edit$", views.edit_cred, name="edit_cred"),
re_path(r"^cred/(?P<ttid>\d+)/delete$", views.delete_cred, name="delete_cred"),
re_path(r"^cred$", views.cred, name="cred"),
re_path(r"^product/(?P<pid>\d+)/cred/add$", views.new_cred_product, name="new_cred_product"),
re_path(r"^product/(?P<pid>\d+)/cred/all$", views.all_cred_product, name="all_cred_product"),
re_path(r"^product/(?P<pid>\d+)/cred/(?P<ttid>\d+)/edit$", views.edit_cred_product, name="edit_cred_product"),
re_path(r"^product/(?P<pid>\d+)/cred/(?P<ttid>\d+)/view$", views.view_cred_product, name="view_cred_product"),
re_path(r"^product/(?P<pid>\d+)/cred/(?P<ttid>\d+)/delete$", views.delete_cred_product, name="delete_cred_product"),
re_path(r"^engagement/(?P<eid>\d+)/cred/add$", views.new_cred_product_engagement, name="new_cred_product_engagement"),
re_path(r"^engagement/(?P<eid>\d+)/cred/(?P<ttid>\d+)/view$", views.view_cred_product_engagement,
name="view_cred_product_engagement"),
re_path(r"^engagement/(?P<eid>\d+)/cred/(?P<ttid>\d+)/delete$", views.delete_cred_engagement,
name="delete_cred_engagement"),
re_path(r"^test/(?P<tid>\d+)/cred/add$", views.new_cred_engagement_test, name="new_cred_engagement_test"),
re_path(r"^test/(?P<tid>\d+)/cred/(?P<ttid>\d+)/view$", views.view_cred_engagement_test,
name="view_cred_engagement_test"),
re_path(r"^test/(?P<tid>\d+)/cred/(?P<ttid>\d+)/delete$", views.delete_cred_test, name="delete_cred_test"),
re_path(r"^finding/(?P<fid>\d+)/cred/add$", views.new_cred_finding, name="new_cred_finding"),
re_path(r"^finding/(?P<fid>\d+)/cred/(?P<ttid>\d+)/view$", views.view_cred_finding, name="view_cred_finding"),
re_path(r"^finding/(?P<fid>\d+)/cred/(?P<ttid>\d+)/delete$", views.delete_cred_finding, name="delete_cred_finding"),
]
⚠️ Potential Sensitive File dojo/development_environment/urls.py (click for details)
Type Potential Sensitive File
Description When a urls.py file is changed it often means that there have been changes to HTTP routes or endpoints in your Django application. As such, this changes the attack surface of the application and is a marker for risk.
Filename dojo/development_environment/urls.py
CodeLink

django-DefectDojo/dojo/development_environment/urls.py

Lines 4 to 12 in edf2af3

urlpatterns = [
# dev envs
re_path(r"^dev_env$", views.dev_env, name="dev_env"),
re_path(r"^dev_env/add$", views.add_dev_env,
name="add_dev_env"),
re_path(r"^dev_env/(?P<deid>\d+)/edit$",
views.edit_dev_env, name="edit_dev_env"),
]
⚠️ Potential Sensitive File dojo/endpoint/urls.py (click for details)
Type Potential Sensitive File
Description When a urls.py file is changed it often means that there have been changes to HTTP routes or endpoints in your Django application. As such, this changes the attack surface of the application and is a marker for risk.
Filename dojo/endpoint/urls.py
CodeLink

django-DefectDojo/dojo/endpoint/urls.py

Lines 4 to 41 in edf2af3

urlpatterns = [
# endpoints
re_path(r"^endpoint$", views.all_endpoints,
name="endpoint"),
re_path(r"^endpoint/host$", views.all_endpoint_hosts,
name="endpoint_host"),
re_path(r"^endpoint/vulnerable$", views.vulnerable_endpoints,
name="vulnerable_endpoints"),
re_path(r"^endpoint/host/vulnerable$", views.vulnerable_endpoint_hosts,
name="vulnerable_endpoint_hosts"),
re_path(r"^endpoint/(?P<eid>\d+)$", views.view_endpoint,
name="view_endpoint"),
re_path(r"^endpoint/host/(?P<eid>\d+)$", views.view_endpoint_host,
name="view_endpoint_host"),
re_path(r"^endpoint/(?P<eid>\d+)/edit$", views.edit_endpoint,
name="edit_endpoint"),
re_path(r"^endpoints/(?P<pid>\d+)/add$", views.add_endpoint,
name="add_endpoint"),
re_path(r"^endpoint/(?P<eid>\d+)/delete$", views.delete_endpoint,
name="delete_endpoint"),
re_path(r"^endpoints/add$", views.add_product_endpoint,
name="add_product_endpoint"),
re_path(r"^endpoint/(?P<eid>\d+)/add_meta_data$", views.add_meta_data,
name="add_endpoint_meta_data"),
re_path(r"^endpoint/(?P<eid>\d+)/edit_meta_data$", views.edit_meta_data,
name="edit_endpoint_meta_data"),
re_path(r"^endpoint/bulk$", views.endpoint_bulk_update_all,
name="endpoints_bulk_all"),
re_path(r"^product/(?P<pid>\d+)/endpoint/bulk_product$", views.endpoint_bulk_update_all,
name="endpoints_bulk_update_all_product"),
re_path(r"^endpoint/(?P<fid>\d+)/bulk_status$", views.endpoint_status_bulk_update,
name="endpoints_status_bulk"),
re_path(r"^endpoint/migrate$", views.migrate_endpoints_view,
name="endpoint_migrate"),
re_path(r"^endpoint/(?P<pid>\d+)/import_endpoint_meta$", views.import_endpoint_meta,
name="import_endpoint_meta"),
]
⚠️ Potential Sensitive File dojo/engagement/urls.py (click for details)
Type Potential Sensitive File
Description When a urls.py file is changed it often means that there have been changes to HTTP routes or endpoints in your Django application. As such, this changes the attack surface of the application and is a marker for risk.
Filename dojo/engagement/urls.py
CodeLink

django-DefectDojo/dojo/engagement/urls.py

Lines 4 to 59 in edf2af3

urlpatterns = [
# engagements and calendar
re_path(r"^calendar$", views.engagement_calendar, name="calendar"),
re_path(r"^calendar/engagements$", views.engagement_calendar, name="engagement_calendar"),
re_path(r"^engagement$", views.engagements, {"view": "active"}, name="engagement"),
re_path(r"^engagements_all$", views.engagements_all, name="engagements_all"),
re_path(r"^engagement/all$", views.engagements, {"view": "all"}, name="all_engagements"),
re_path(r"^engagement/active$", views.engagements, {"view": "active"}, name="active_engagements"),
re_path(r"^engagement/(?P<eid>\d+)$", views.ViewEngagement.as_view(),
name="view_engagement"),
re_path(r"^engagement/(?P<eid>\d+)/ics$", views.engagement_ics,
name="engagement_ics"),
re_path(r"^engagement/(?P<eid>\d+)/edit$", views.edit_engagement,
name="edit_engagement"),
re_path(r"^engagement/(?P<eid>\d+)/delete$", views.delete_engagement,
name="delete_engagement"),
re_path(r"^engagement/(?P<eid>\d+)/copy$", views.copy_engagement,
name="copy_engagement"),
re_path(r"^engagement/(?P<eid>\d+)/add_tests$", views.add_tests,
name="add_tests"),
re_path(
r"^engagement/(?P<engagement_id>\d+)/import_scan_results$",
views.ImportScanResultsView.as_view(),
name="import_scan_results"),
re_path(r"^engagement/(?P<eid>\d+)/close$", views.close_eng,
name="close_engagement"),
re_path(r"^engagement/(?P<eid>\d+)/reopen$", views.reopen_eng,
name="reopen_engagement"),
re_path(r"^engagement/(?P<eid>\d+)/complete_checklist$",
views.complete_checklist, name="complete_checklist"),
re_path(r"^engagement/(?P<eid>\d+)/risk_acceptance/add$",
views.add_risk_acceptance, name="add_risk_acceptance"),
re_path(r"^engagement/(?P<eid>\d+)/risk_acceptance/add/(?P<fid>\d+)$",
views.add_risk_acceptance, name="add_risk_acceptance"),
re_path(r"^engagement/(?P<eid>\d+)/risk_acceptance/(?P<raid>\d+)$",
views.view_risk_acceptance, name="view_risk_acceptance"),
re_path(r"^engagement/(?P<eid>\d+)/risk_acceptance/(?P<raid>\d+)/edit$",
views.edit_risk_acceptance, name="edit_risk_acceptance"),
re_path(r"^engagement/(?P<eid>\d+)/risk_acceptance/(?P<raid>\d+)/expire$",
views.expire_risk_acceptance, name="expire_risk_acceptance"),
re_path(r"^engagement/(?P<eid>\d+)/risk_acceptance/(?P<raid>\d+)/reinstate$",
views.reinstate_risk_acceptance, name="reinstate_risk_acceptance"),
re_path(r"^engagement/(?P<eid>\d+)/risk_acceptance/(?P<raid>\d+)/delete$",
views.delete_risk_acceptance, name="delete_risk_acceptance"),
re_path(r"^engagement/(?P<eid>\d+)/risk_acceptance/(?P<raid>\d+)/download$",
views.download_risk_acceptance, name="download_risk_acceptance"),
re_path(r"^engagement/(?P<eid>\d+)/threatmodel$", views.view_threatmodel,
name="view_threatmodel"),
re_path(r"^engagement/(?P<eid>\d+)/threatmodel/upload$",
views.upload_threatmodel, name="upload_threatmodel"),
re_path(r"^engagement/csv_export$",
views.csv_export, name="engagement_csv_export"),
re_path(r"^engagement/excel_export$",
views.excel_export, name="engagement_excel_export"),
]
⚠️ Potential Sensitive File dojo/finding/urls.py (click for details)
Type Potential Sensitive File
Description When a urls.py file is changed it often means that there have been changes to HTTP routes or endpoints in your Django application. As such, this changes the attack surface of the application and is a marker for risk.
Filename dojo/finding/urls.py
CodeLink

django-DefectDojo/dojo/finding/urls.py

Lines 5 to 192 in edf2af3

urlpatterns = [
# CRUD operations
re_path(
r"^finding/(?P<finding_id>\d+)$",
views.ViewFinding.as_view(),
name="view_finding",
),
re_path(
r"^finding/(?P<finding_id>\d+)/edit$",
views.EditFinding.as_view(),
name="edit_finding",
),
re_path(
r"^finding/(?P<finding_id>\d+)/delete$",
views.DeleteFinding.as_view(),
name="delete_finding",
),
# Listing operations
re_path(
r"^finding$",
views.ListFindings.as_view(),
name="all_findings",
),
re_path(
r"^finding/open$",
views.ListOpenFindings.as_view(),
name="open_findings",
),
re_path(
r"^finding/verified$",
views.ListVerifiedFindings.as_view(),
name="verified_findings",
),
re_path(
r"^finding/closed$",
views.ListClosedFindings.as_view(),
name="closed_findings",
),
re_path(
r"^finding/accepted$",
views.ListAcceptedFindings.as_view(),
name="accepted_findings",
),
re_path(
r"^product/(?P<product_id>\d+)/finding/open$",
views.ListOpenFindings.as_view(),
name="product_open_findings",
),
re_path(
r"^product/(?P<product_id>\d+)/findings$",
views.ListOpenFindings.as_view(),
name="view_product_findings_old",
),
re_path(
r"^product/(?P<product_id>\d+)/finding/verified$",
views.ListVerifiedFindings.as_view(),
name="product_verified_findings",
),
re_path(
r"^product/(?P<product_id>\d+)/finding/out_of_scope$",
views.ListOutOfScopeFindings.as_view(),
name="product_out_of_scope_findings",
),
re_path(
r"^product/(?P<product_id>\d+)/finding/inactive$",
views.ListInactiveFindings.as_view(),
name="product_inactive_findings",
),
re_path(
r"^product/(?P<product_id>\d+)/finding/all$",
views.ListFindings.as_view(),
name="product_all_findings",
),
re_path(
r"^product/(?P<product_id>\d+)/finding/closed$",
views.ListClosedFindings.as_view(),
name="product_closed_findings",
),
re_path(
r"^product/(?P<product_id>\d+)/finding/false_positive$",
views.ListFalsePositiveFindings.as_view(),
name="product_false_positive_findings",
),
re_path(
r"^product/(?P<product_id>\d+)/finding/accepted$",
views.ListAcceptedFindings.as_view(),
name="product_accepted_findings",
),
re_path(
r"^engagement/(?P<engagement_id>\d+)/finding/open$",
views.ListOpenFindings.as_view(),
name="engagement_open_findings",
),
re_path(
r"^engagement/(?P<engagement_id>\d+)/finding/closed$",
views.ListClosedFindings.as_view(),
name="engagement_closed_findings",
),
re_path(
r"^engagement/(?P<engagement_id>\d+)/finding/verified$",
views.ListVerifiedFindings.as_view(),
name="engagement_verified_findings",
),
re_path(
r"^engagement/(?P<engagement_id>\d+)/finding/accepted$",
views.ListAcceptedFindings.as_view(),
name="engagement_accepted_findings",
),
re_path(
r"^engagement/(?P<engagement_id>\d+)/finding/all$",
views.ListFindings.as_view(),
name="engagement_all_findings",
),
# findings
re_path(r"^finding/bulk$", views.finding_bulk_update_all,
name="finding_bulk_update_all"),
re_path(r"^product/(?P<pid>\d+)/finding/bulk_product$", views.finding_bulk_update_all,
name="finding_bulk_update_all_product"),
# re_path(r'^test/(?P<tid>\d+)/bulk', views.finding_bulk_update_all,
# name='finding_bulk_update_all_test'),
re_path(r"^finding/(?P<fid>\d+)/touch$",
views.touch_finding, name="touch_finding"),
re_path(r"^finding/(?P<fid>\d+)/simple_risk_accept$",
views.simple_risk_accept, name="simple_risk_accept_finding"),
re_path(r"^finding/(?P<fid>\d+)/simple_risk_unaccept$",
views.risk_unaccept, name="risk_unaccept_finding"),
re_path(r"^finding/(?P<fid>\d+)/request_review$",
views.request_finding_review, name="request_finding_review"),
re_path(r"^finding/(?P<fid>\d+)/review$",
views.clear_finding_review, name="clear_finding_review"),
re_path(r"^finding/(?P<fid>\d+)/copy$",
views.copy_finding, name="copy_finding"),
re_path(r"^finding/(?P<fid>\d+)/apply_cwe$",
views.apply_template_cwe, name="apply_template_cwe"),
re_path(r"^finding/(?P<fid>\d+)/mktemplate$", views.mktemplate,
name="mktemplate"),
re_path(r"^finding/(?P<fid>\d+)/find_template_to_apply$", views.find_template_to_apply,
name="find_template_to_apply"),
re_path(r"^finding/(?P<tid>\d+)/(?P<fid>\d+)/choose_finding_template_options$", views.choose_finding_template_options,
name="choose_finding_template_options"),
re_path(r"^finding/(?P<fid>\d+)/(?P<tid>\d+)/apply_template_to_finding$",
views.apply_template_to_finding, name="apply_template_to_finding"),
re_path(r"^finding/(?P<fid>\d+)/close$", views.close_finding,
name="close_finding"),
re_path(r"^finding/(?P<fid>\d+)/defect_review$",
views.defect_finding_review, name="defect_finding_review"),
re_path(r"^finding/(?P<fid>\d+)/open$", views.reopen_finding,
name="reopen_finding"),
re_path(r"^finding/image/(?P<token>[^/]+)$", views.download_finding_pic,
name="download_finding_pic"),
re_path(r"^finding/(?P<fid>\d+)/merge$",
views.merge_finding_product, name="merge_finding"),
re_path(r"^product/(?P<pid>\d+)/merge$", views.merge_finding_product,
name="merge_finding_product"),
re_path(r"^finding/(?P<duplicate_id>\d+)/duplicate/(?P<original_id>\d+)$",
views.mark_finding_duplicate, name="mark_finding_duplicate"),
re_path(r"^finding/(?P<duplicate_id>\d+)/duplicate/reset$",
views.reset_finding_duplicate_status, name="reset_finding_duplicate_status"),
re_path(r"^finding/(?P<finding_id>\d+)/original/(?P<new_original_id>\d+)$",
views.set_finding_as_original, name="set_finding_as_original"),
re_path(r"^finding/(?P<fid>\d+)/remediation_date$", views.remediation_date,
name="remediation_date"),
# stub findings
re_path(r"^stub_finding/(?P<tid>\d+)/add$",
views.add_stub_finding, name="add_stub_finding"),
re_path(r"^stub_finding/(?P<fid>\d+)/promote$",
views.promote_to_finding, name="promote_to_finding"),
re_path(r"^stub_finding/(?P<fid>\d+)/delete$",
views.delete_stub_finding, name="delete_stub_finding"),
# template findings
re_path(r"^template$", views.templates,
name="templates"),
re_path(r"^template/add$", views.add_template,
name="add_template"),
re_path(r"^template/(?P<tid>\d+)/edit$",
views.edit_template, name="edit_template"),
re_path(r"^template/(?P<tid>\d+)/delete$",
views.delete_template, name="delete_template"),
re_path(r"^template/export$",
views.export_templates_to_json, name="export_template"),
re_path(r"^finding/(?P<fid>\d+)/jira/unlink$", views.unlink_jira, name="finding_unlink_jira"),
re_path(r"^finding/(?P<fid>\d+)/jira/push$", views.push_to_jira, name="finding_push_to_jira"),
# re_path(r'^finding/(?P<fid>\d+)/jira/push', views.finding_link_to_jira, name='finding_link_to_jira'),
]
View more details on DryRunSecurity