Ruff: Add and fix Q000 #10095
Ruff: Add and fix Q000 #10095
DryRun Security
Details
Authn/Authz Analyzer Findings: 52 detected
⚠️ Potential Authn/Authz Function Used or Modified dojo/api_v2/serializers.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code snippet contains a function called validate_findings_have_same_engagement that checks if a list of Finding objects belong to the same engagement. This function is likely used as part of an authorization mechanism to ensure that users can only modify findings that are associated with the same engagement. The function is called in the context of a POST, PATCH, or PUT request, suggesting that it is part of an application's authentication and authorization logic. |
Filename | dojo/api_v2/serializers.py |
CodeLink | django-DefectDojo/dojo/api_v2/serializers.py Lines 1526 to 1532 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/api_v2/serializers.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains functions related to authentication and authorization. The validate_findings_have_same_engagement function checks if the findings being added belong to the same engagement, which is a form of access control. Additionally, the get_authorized_findings function is used to filter the findings that the user is authorized to edit, which is also an authorization-related functionality. |
Filename | dojo/api_v2/serializers.py |
CodeLink | django-DefectDojo/dojo/api_v2/serializers.py Lines 1512 to 1523 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/api_v2/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The provided code contains a RoleViewSet class that has the IsAuthenticated permission class set. This suggests that the code is handling authentication and authorization, as the IsAuthenticated permission class is used to ensure that only authenticated users can access the corresponding view. |
Filename | dojo/api_v2/views.py |
CodeLink | django-DefectDojo/dojo/api_v2/views.py Lines 206 to 212 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/cred/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains several functions that are related to authentication and authorization. The new_cred , all_cred_product , and edit_cred functions are decorated with user_is_configuration_authorized and user_is_authorized , which are likely custom decorators that handle user authorization and access control. Additionally, the login function appears to handle user authentication by checking the username and password. |
Filename | dojo/cred/views.py |
CodeLink | django-DefectDojo/dojo/cred/views.py Lines 18 to 70 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/cred/queries.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The provided code appears to contain functions related to authorization. The function get_authorized_cred_mappings takes a permission parameter and uses it to retrieve authorized product type roles, product roles, product type groups, and product groups based on the user's roles. This suggests that the code is performing some form of access control or authorization to determine which users are allowed to access certain resources or perform certain actions. |
Filename | dojo/cred/queries.py |
CodeLink | django-DefectDojo/dojo/cred/queries.py Lines 24 to 42 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/cred/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains several functions related to authentication and authorization. The user_is_configuration_authorized and user_is_authorized decorators are used to check if the user has the necessary permissions to access certain views. These functions are part of the authorization mechanisms of the application. |
Filename | dojo/cred/views.py |
CodeLink | django-DefectDojo/dojo/cred/views.py Lines 101 to 138 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/cred/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains two functions, view_cred_product and view_cred_product_engagement , that appear to be related to authentication or authorization. The view_cred_product_engagement function uses the @user_is_authorized decorator, which suggests that it is checking the user's authorization to access certain resources. Additionally, the view_cred_product function checks if the user is logged in by verifying the existence of the user_id in the session. |
Filename | dojo/cred/views.py |
CodeLink | django-DefectDojo/dojo/cred/views.py Lines 145 to 196 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/cred/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains two functions that are likely related to authentication or authorization: 1. edit_cred : This function does not directly contain any authentication or authorization logic, but it is likely part of a larger application that handles credential management, which could involve authentication and authorization.2. view_cred_details : This function contains a decorator @user_is_authorized , which suggests that it is responsible for checking the user's authorization to view the credential details. Additionally, the function get_authorized_cred_mappings is called, which implies that the application has some form of access control mechanism in place. |
Filename | dojo/cred/views.py |
CodeLink | django-DefectDojo/dojo/cred/views.py Lines 74 to 93 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/cred/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains two functions, view_cred_product_engagement and view_cred_engagement_test , which appear to be related to authentication or authorization. The view_cred_engagement_test function has two decorators, @user_is_authorized(Product, Permissions.Test_View, 'tid') and @user_is_authorized(Cred_User, Permissions.Credential_View, 'ttid') , which suggest that these functions are responsible for checking the user's authorization to access certain resources or perform certain actions. |
Filename | dojo/cred/views.py |
CodeLink | django-DefectDojo/dojo/cred/views.py Lines 213 to 247 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/cred/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains two decorator functions, user_is_authorized , which indicate that the functions being decorated are related to authorization and access control. The user_is_authorized decorator checks if the user has the necessary permissions to access the requested resource, which is a common pattern in authentication and authorization logic. |
Filename | dojo/cred/views.py |
CodeLink | django-DefectDojo/dojo/cred/views.py Lines 264 to 298 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/cred/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains functions related to authentication and authorization, specifically the new_cred_product_engagement and new_cred_engagement_test functions. These functions appear to be responsible for managing user credentials, which are a critical component of authentication and authorization mechanisms in web applications. |
Filename | dojo/cred/views.py |
CodeLink | django-DefectDojo/dojo/cred/views.py Lines 457 to 504 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/cred/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains functions related to authentication and authorization. The new_cred_product_engagement function has a decorator @user_is_authorized which indicates that it checks the user's authorization before allowing them to access the function. Additionally, the login function checks the user's credentials (username and password) to authenticate them and redirect them to the login page if authentication fails. |
Filename | dojo/cred/views.py |
CodeLink | django-DefectDojo/dojo/cred/views.py Lines 405 to 453 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/cred/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains several functions that are related to authentication and authorization, such as edit_cred_product , edit_cred_product_engagement , and new_cred_product . These functions use decorators like @user_is_authorized which suggest that they are involved in handling access control and permissions for various entities like Product , Cred_User , and Engagement . Additionally, the code mentions concepts like sessions and tokens, which are commonly associated with authentication and authorization mechanisms in web applications. |
Filename | dojo/cred/views.py |
CodeLink | django-DefectDojo/dojo/cred/views.py Lines 315 to 404 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/cred/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains two functions that are potentially related to authentication or authorization: new_cred_finding and delete_cred_controller . The new_cred_finding function appears to be handling credential-related operations, which could be part of an authentication or authorization flow. The delete_cred_controller function is decorated with @user_is_authorized , which suggests that it is involved in authorization-related functionality. |
Filename | dojo/cred/views.py |
CodeLink | django-DefectDojo/dojo/cred/views.py Lines 559 to 594 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/decorators.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains functions related to authentication or authorization. The Dojo_User model and the get_current_user() function suggest that the code is handling user-related functionality, which could include authentication and authorization processes. |
Filename | dojo/decorators.py |
CodeLink | django-DefectDojo/dojo/decorators.py Lines 16 to 34 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/cred/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains several functions that have decorators such as @user_is_authorized which indicate that these functions are related to authorization and access control. The decorators check the user's permissions before allowing them to perform certain actions, such as deleting credentials, editing products, engagements, tests, and findings. This suggests that these functions are responsible for enforcing authentication and authorization mechanisms within the application. |
Filename | dojo/cred/views.py |
CodeLink | django-DefectDojo/dojo/cred/views.py Lines 661 to 696 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/decorators.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains a function get_current_user() which is likely responsible for retrieving the current user's information, which is typically related to authentication or authorization processes in web applications. |
Filename | dojo/decorators.py |
CodeLink | django-DefectDojo/dojo/decorators.py Lines 39 to 45 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/decorators.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains a function called dojo_ratelimit that appears to be related to rate limiting and user authentication. The function checks if the request is rate limited and performs actions based on the configuration, including checking the username and potentially locking out the user's account. This suggests that the code is handling some aspects of user authentication and authorization. |
Filename | dojo/decorators.py |
CodeLink | django-DefectDojo/dojo/decorators.py Lines 155 to 183 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/endpoint/queries.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The provided code contains functions that appear to be related to authentication and authorization. The get_authorized_endpoints function checks the user's permissions and roles to determine which endpoints the user is authorized to access. The function uses several database queries to retrieve the user's authorized product types, products, and associated roles. This indicates that the code is dealing with access control and authorization mechanisms, which are typically part of authentication and authorization functionalities in web applications. |
Filename | dojo/endpoint/queries.py |
CodeLink | django-DefectDojo/dojo/endpoint/queries.py Lines 33 to 51 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/development_environment/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains two functions that appear to be related to authentication or authorization: @login_required and @user_is_configuration_authorized . The @login_required decorator is used to require the user to be authenticated before accessing the dev_env function, which suggests that this function is related to authentication. The @user_is_configuration_authorized decorator is used to check if the user has the necessary permissions to access the add_dev_env and edit_dev_env functions, which suggests that these functions are related to authorization. |
Filename | dojo/development_environment/views.py |
CodeLink | django-DefectDojo/dojo/development_environment/views.py Lines 20 to 98 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/endpoint/queries.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The provided code contains several functions related to authentication and authorization. The get_authorized_endpoint_status function checks the user's permissions and roles to determine if they are authorized to access a specific endpoint. The function uses various database queries, such as Product_Type_Member , Product_Member , Product_Type_Group , and Product_Group , to check the user's membership in different product types and products, as well as their assigned roles. These types of functions are typically part of an application's authentication and authorization mechanisms. |
Filename | dojo/endpoint/queries.py |
CodeLink | django-DefectDojo/dojo/endpoint/queries.py Lines 81 to 99 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/endpoint/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains a function called user_has_permission_or_403() which is likely responsible for checking if the user has the necessary permissions to view a particular product. This is a common pattern for implementing authorization in web applications. |
Filename | dojo/endpoint/views.py |
CodeLink | django-DefectDojo/dojo/endpoint/views.py Lines 72 to 87 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/endpoint/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains the function get_authorized_endpoints() , which suggests that the code is performing some form of authorization or access control. This function is likely responsible for determining which endpoints a user is allowed to view based on their permissions. |
Filename | dojo/endpoint/views.py |
CodeLink | django-DefectDojo/dojo/endpoint/views.py Lines 47 to 53 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/endpoint/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains several functions that are decorated with the @user_is_authorized decorator, which indicates that these functions are related to authorization and access control. The @user_is_authorized decorator likely checks if the user making the request is authorized to perform the requested action on the given Endpoint object. |
Filename | dojo/endpoint/views.py |
CodeLink | django-DefectDojo/dojo/endpoint/views.py Lines 156 to 196 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/endpoint/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains a conditional check that checks whether the user is authorized to perform a certain action, and if not, an error message is added to the response. This suggests that the code is handling some form of authorization. |
Filename | dojo/endpoint/views.py |
CodeLink | django-DefectDojo/dojo/endpoint/views.py Lines 374 to 386 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/endpoint/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains several functions that are related to authentication and authorization, such as delete_endpoint , add_endpoint , and add_product_endpoint . These functions use various mechanisms to enforce access control restrictions, such as checking user permissions and validating user input. Additionally, the code uses the user_is_authorized decorator, which suggests that it is handling authentication and authorization-related functionality. |
Filename | dojo/endpoint/views.py |
CodeLink | django-DefectDojo/dojo/endpoint/views.py Lines 200 to 292 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/endpoint/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains a function that checks if the user is authorized to perform a certain action. Specifically, the add_error_message_to_response function is called when the user is not authorized to update certain endpoints. This suggests that the code contains some form of authorization mechanism. |
Filename | dojo/endpoint/views.py |
CodeLink | django-DefectDojo/dojo/endpoint/views.py Lines 394 to 400 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/engagement/queries.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains functions related to authentication and authorization. The get_authorized_engagements function checks the user's permissions and roles to determine which engagements the user is authorized to access. The function uses various Django ORM queries to filter the Product_Type_Member , Product_Member , Product_Type_Group , and Product_Group models to determine the user's authorized product types and products. |
Filename | dojo/engagement/queries.py |
CodeLink | django-DefectDojo/dojo/engagement/queries.py Lines 19 to 37 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/endpoint/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains a reference to request.user , which suggests that it is handling user-related information and may be involved in authentication or authorization processes. The mitigated_by and mitigated_time attributes also indicate that the code is dealing with user-specific data, which is often associated with authentication or authorization functions. |
Filename | dojo/endpoint/views.py |
CodeLink | django-DefectDojo/dojo/endpoint/views.py Lines 433 to 439 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/endpoint/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains a function called @user_is_authorized which is likely an authorization function that checks if the user has the necessary permissions to access the endpoint_status_bulk_update function. This function is typically used to enforce access control restrictions, which is a key aspect of authentication and authorization in web applications. |
Filename | dojo/endpoint/views.py |
CodeLink | django-DefectDojo/dojo/endpoint/views.py Lines 406 to 427 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/engagement/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains functions related to authentication and authorization, such as get_authorized_engagements and get_authorized_users , which are likely used to control access to certain resources or functionality based on user permissions. |
Filename | dojo/engagement/views.py |
CodeLink | django-DefectDojo/dojo/engagement/views.py Lines 113 to 164 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/engagement/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains functions related to authorization, specifically get_authorized_products() and get_authorized_engagements() . These functions appear to be used to filter the list of products and engagements that the user is authorized to view, which is a common authorization-related functionality in web applications. |
Filename | dojo/engagement/views.py |
CodeLink | django-DefectDojo/dojo/engagement/views.py Lines 187 to 213 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/engagement/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains two functions that are related to authentication and authorization: engagements_all and edit_engagement . The engagements_all function uses the get_authorized_engagements function, which likely checks the user's permissions to access certain engagements. The edit_engagement function uses the @user_is_authorized decorator, which is likely a custom decorator that checks if the user is authorized to edit the engagement. |
Filename | dojo/engagement/views.py |
CodeLink | django-DefectDojo/dojo/engagement/views.py Lines 243 to 281 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/engagement/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains a function called user_is_authorized which suggests that it is related to authorization and access control. This function is used as a decorator for the copy_engagement function, which means that the copy_engagement function is only accessible to users who have the necessary permissions. |
Filename | dojo/engagement/views.py |
CodeLink | django-DefectDojo/dojo/engagement/views.py Lines 378 to 429 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/engagement/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains a function called 'user_has_permission_or_403' which appears to be related to authorization. This function checks if the user has the necessary permissions to perform an action, and if not, it raises a 403 Forbidden error. This suggests that the code is handling authorization-related functionality. |
Filename | dojo/engagement/views.py |
CodeLink | django-DefectDojo/dojo/engagement/views.py Lines 537 to 543 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/engagement/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains a function called user_has_permission_or_403 which is likely an authorization function that checks if the user has the necessary permissions to access the engagement_or_product object. This function is part of the authorization flow to ensure that the user is allowed to perform the requested action. |
Filename | dojo/engagement/views.py |
CodeLink | django-DefectDojo/dojo/engagement/views.py Lines 727 to 733 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/engagement/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code appears to contain a function that processes a credentials form, which is typically used for authentication or authorization purposes. The function checks the 'cred_user' field from the form data, which suggests it may be handling user credentials or permissions. |
Filename | dojo/engagement/views.py |
CodeLink | django-DefectDojo/dojo/engagement/views.py Lines 1019 to 1025 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/engagement/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains a decorator @user_is_authorized which suggests that the complete_checklist function is related to authorization and access control. The decorator likely checks if the user making the request is authorized to perform the action on the Engagement object. |
Filename | dojo/engagement/views.py |
CodeLink | django-DefectDojo/dojo/engagement/views.py Lines 1142 to 1148 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/engagement/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains two functions, close_eng and reopen_eng , that are decorated with @user_is_authorized . This decorator is likely used to check if the user is authorized to perform certain actions, such as closing or reopening an engagement. These functions are related to authentication and authorization, as they ensure that the user has the necessary permissions to perform the requested actions. |
Filename | dojo/engagement/views.py |
CodeLink | django-DefectDojo/dojo/engagement/views.py Lines 1111 to 1137 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/engagement/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains a function called add_risk_acceptance that is decorated with @user_is_authorized , which suggests that it is related to authorization and access control. This function likely checks if the user is authorized to perform certain actions within the application. |
Filename | dojo/engagement/views.py |
CodeLink | django-DefectDojo/dojo/engagement/views.py Lines 1173 to 1198 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/engagement/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code snippet contains a function named complete_checklist which appears to be handling a request related to a checklist. This function could potentially be involved in authentication or authorization mechanisms, as it is likely checking the user's permissions or access rights before allowing them to complete the checklist. The presence of the request parameter and the handling of the POST method suggest that this function is part of the application's access control system. |
Filename | dojo/engagement/views.py |
CodeLink | django-DefectDojo/dojo/engagement/views.py Lines 1155 to 1161 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/engagement/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains two functions, view_risk_acceptance and edit_risk_acceptance , which are decorated with @user_is_authorized . This decorator is likely used to handle authorization and access control for the associated views. Additionally, the add_risk_acceptance function contains code that checks whether the user is authorized to perform the action before proceeding, which suggests that it is also related to authentication and authorization. |
Filename | dojo/engagement/views.py |
CodeLink | django-DefectDojo/dojo/engagement/views.py Lines 1232 to 1273 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/engagement/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains a decorator @user_is_authorized which suggests that the reinstate_risk_acceptance function is related to authorization and access control. This decorator likely checks if the user has the necessary permissions to perform the requested action on the Engagement object. |
Filename | dojo/engagement/views.py |
CodeLink | django-DefectDojo/dojo/engagement/views.py Lines 1444 to 1450 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/engagement/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains a function expire_risk_acceptance that has a decorator @user_is_authorized . This decorator suggests that the function is related to authorization, as it checks whether the user is authorized to perform a specific action (expiring a risk acceptance) based on the user's permissions. |
Filename | dojo/engagement/views.py |
CodeLink | django-DefectDojo/dojo/engagement/views.py Lines 1414 to 1439 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/engagement/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains a function delete_risk_acceptance that is decorated with @user_is_authorized . This decorator suggests that the function is responsible for checking the user's authorization to perform the requested action, which is typically a function related to authentication and authorization. |
Filename | dojo/engagement/views.py |
CodeLink | django-DefectDojo/dojo/engagement/views.py Lines 1457 to 1463 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/engagement/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains a decorator @user_is_authorized which suggests that the upload_threatmodel function is related to authorization and enforcing access control. The decorator likely checks if the user making the request is authorized to perform the action based on their permissions or role. |
Filename | dojo/engagement/views.py |
CodeLink | django-DefectDojo/dojo/engagement/views.py Lines 1497 to 1503 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/engagement/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains a function called download_risk_acceptance that is decorated with @user_is_authorized , which suggests that this function is related to authorization and access control. The user_is_authorized decorator is likely checking if the user making the request is authorized to access the specified engagement before allowing them to download the risk acceptance document. |
Filename | dojo/engagement/views.py |
CodeLink | django-DefectDojo/dojo/engagement/views.py Lines 1467 to 1478 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/engagement/views.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains two functions related to authentication or authorization: upload_threatmodel and view_threatmodel . The upload_threatmodel function appears to handle the upload of a threat model file, which could be considered a sensitive operation that requires authorization. The view_threatmodel function is decorated with the @user_is_authorized decorator, which suggests that it is an authorization-related function that checks if the user is authorized to view the threat model. |
Filename | dojo/engagement/views.py |
CodeLink | django-DefectDojo/dojo/engagement/views.py Lines 1506 to 1543 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/finding/helper.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The provided code contains a function called update_finding_status that checks if the user can edit mitigated data using the can_edit_mitigated_data function, which suggests that this function is related to authorization and access control. |
Filename | dojo/finding/helper.py |
CodeLink | django-DefectDojo/dojo/finding/helper.py Lines 94 to 104 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/finding/helper.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains a function called reset_duplicate_before_delete which is likely related to authentication or authorization. The function is used to update the duplicate and duplicate_finding fields of a Finding object, which could be part of an access control mechanism in the application. |
Filename | dojo/finding/helper.py |
CodeLink | django-DefectDojo/dojo/finding/helper.py Lines 448 to 454 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/finding/queries.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The code contains functions related to authorization, specifically the get_authorized_groups function. This function takes a permission parameter and a user parameter (which can be None ), and it retrieves the authorized groups based on the user's role and the requested permission. The function uses various Django models, such as Product_Type_Member , Product_Member , Product_Type_Group , and Product_Group , to determine the authorized groups for the user. This type of functionality is typically associated with authorization mechanisms in web applications. |
Filename | dojo/finding/queries.py |
CodeLink | django-DefectDojo/dojo/finding/queries.py Lines 16 to 34 in edf2af3 |
⚠️ Potential Authn/Authz Function Used or Modified dojo/finding/queries.py (click for details)
Type | Potential Authn/Authz Function Used or Modified |
Description | The provided Python code contains several functions that are related to authentication and authorization. The get_authorized_vulnerability_ids function is used to determine which vulnerability IDs a user is authorized to access based on their assigned roles and product/product type memberships. This function relies on various models such as Product_Type_Member , Product_Member , Product_Type_Group , and Product_Group to perform the necessary access control checks. The presence of these models and the overall structure of the function suggest that it is part of an authentication and authorization system within the web application. |
Filename | dojo/finding/queries.py |
CodeLink | django-DefectDojo/dojo/finding/queries.py Lines 131 to 149 in edf2af3 |