Ruff: Add and "fix" S104

[kiblik]

Add rule S104 and mute false positives
https://docs.astral.sh/ruff/rules/hardcoded-bind-all-interfaces/

[dryrunsecurity]

DryRun Security Summary

The provided code changes focus on improving the security-related components of the application, including the Ruff linter configuration, test cases for the ContrastParser class, and the ContrastParser implementation, although the changes do not directly impact the security of the application.

Expand for full summary

Summary:

The provided code changes cover various updates to the application's security-related components, including the Ruff linter configuration, test cases for the ContrastParser class, and the ContrastParser implementation itself. While the changes do not directly impact the security of the application, they highlight areas that the application security engineer should review to ensure the overall security posture of the application.

The key areas of focus are:

1. Ruff Linter Configuration: The changes to the ruff.toml file suggest an effort to improve code quality and security by enforcing the use of proper exception types and disabling specific Ruff rules. This is a positive step towards maintaining a secure codebase.

2. Hardcoded IP Addresses: The use of hardcoded IP addresses, such as "0.0.0.0", in the test cases and the ContrastParser implementation is a potential security concern that should be addressed. While the use of these addresses may be justified in certain cases, it's important to ensure that they are not accidentally introduced into the production environment.

3. Parsing Functionality: The updates to the test cases for the ContrastParser class demonstrate a focus on ensuring the reliability and accuracy of the security scanning process. This is a crucial aspect of the application security engineering process, as it helps identify and address potential security vulnerabilities.

Files Changed:

1. ruff.toml: The changes to the Ruff linter configuration include the addition of the S104 rule, which checks for the use of raise statements with string arguments, and the exclusion of several Ruff-specific rules. These changes aim to improve code quality and security.

2. unittests/test_copy_model.py: The changes in this file include the addition of a # noqa: S104 comment to suppress a security warning related to the use of a hardcoded IP address in a test case. This should be reviewed to ensure that the use of the hardcoded IP address is justified.

3. dojo/tools/contrast/parser.py: The changes in this file update the host parameter of the Endpoint object created for each finding, also with a # noqa: S104 comment. This should be reviewed to ensure that the use of the hardcoded IP address is intentional and properly configured.

4. unittests/tools/test_contrast_parser.py: The changes in this file include test cases that validate the parsing functionality of the ContrastParser class, including the handling of security findings and their associated endpoints. This is an important aspect of the application security engineering process.

Code Analysis

We ran 9 analyzers against 4 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.