Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ruff: Fix #11090 #11093

Merged
merged 3 commits into from
Oct 19, 2024
Merged

Ruff: Fix #11090 #11093

merged 3 commits into from
Oct 19, 2024

Conversation

kiblik
Copy link
Contributor

@kiblik kiblik commented Oct 18, 2024
edited
Loading

Fix for #11090

Resolve

  • "warning: TRY302 has been remapped to TRY203." by removal from the list
  • FURB156 with autofix

@dependabot
Bump ruff from 0.6.9 to 0.7.0
894b9d5 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.6.9 to 0.7.0.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.6.9...0.7.0)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Oct 18, 2024
edited
Loading

DryRun Security Summary

The changes in this pull request involve updates to various dependencies and configuration files used in the DefectDojo application, including a minor version update to the boto3 library, changes to the ruff.toml configuration file, an update to the version of the ruff package, and the addition of a comprehensive test suite for the AppCheckWebApplicationScannerParser class.

Expand for full summary

Summary:

The changes in this pull request involve updates to various dependencies and configuration files used in the DefectDojo application. These changes include:

  1. An update to the boto3 library in the requirements.txt file, which is used for Celery Broker AWS (SQS) support. This is a minor version update and is unlikely to introduce any significant security implications.

  2. Changes to the ruff.toml configuration file, which is used to configure the Ruff linter. The changes involve the removal of a specific linting rule, and while this may not have a direct impact on security, it's important to review the overall linting configuration to ensure it aligns with the project's security requirements.

  3. An update to the version of the ruff package in the requirements-lint.txt file. This is a routine dependency update and does not appear to introduce any immediate security concerns, but it's recommended to review the release notes and change logs to understand any potential security-related changes.

  4. The addition of a comprehensive test suite for the AppCheckWebApplicationScannerParser class, which is used to parse the output of the AppCheck web application scanner. This demonstrates a well-designed and thoroughly tested application security parser, which is an important component of a secure software development lifecycle.

Files Changed:

  1. requirements.txt: The boto3 library was updated from version 1.35.42 to 1.35.43. This is a minor version update and is unlikely to introduce any significant security implications.

  2. ruff.toml: The changes involve the removal of the "TRY302" rule from the list of selected rules in the select section. While this may not have a direct impact on security, it's important to review the overall linting configuration to ensure it aligns with the project's security requirements.

  3. requirements-lint.txt: The version of the ruff package was updated from 0.6.9 to 0.7.0. This is a routine dependency update and does not appear to introduce any immediate security concerns, but it's recommended to review the release notes and change logs to understand any potential security-related changes.

  4. unittests/tools/test_appcheck_web_application_scanner_parser.py: This file contains a comprehensive test suite for the AppCheckWebApplicationScannerParser class, which is used to parse the output of the AppCheck web application scanner. The test suite covers various scenarios, including parsing scan results with different types of vulnerabilities, handling duplicate findings, and testing related utility functions.

Code Analysis

We ran 9 analyzers against 4 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Sensitive Files Analyzer 1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

dependabot bot and others added 2 commits October 18, 2024 17:22
@dependabot @kiblik
Bump boto3 from 1.35.42 to 1.35.43 (DefectDojo#11091)
6a13d2f 
Bumps [boto3](https://github.com/boto/boto3) from 1.35.42 to 1.35.43.
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.35.42...1.35.43)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@kiblik
Ruff: Fix DefectDojo#11090
02e5504
mtesauro
mtesauro approved these changes Oct 19, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit e24aa1b into DefectDojo:dev Oct 19, 2024
73 checks passed
@kiblik kiblik deleted the fix_ruff_v03 branch October 19, 2024 20:47
pedrohdjs pushed a commit to pedrohdjs/django-DefectDojo-sorting that referenced this pull request Oct 21, 2024
@kiblik @dependabot
Ruff: Fix DefectDojo#11090 (DefectDojo#11093)
e3d4df3 
* Bump ruff from 0.6.9 to 0.7.0

Bumps [ruff](https://github.com/astral-sh/ruff) from 0.6.9 to 0.7.0.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.6.9...0.7.0)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Bump boto3 from 1.35.42 to 1.35.43 (DefectDojo#11091)

Bumps [boto3](https://github.com/boto/boto3) from 1.35.42 to 1.35.43.
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.35.42...1.35.43)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Ruff: Fix DefectDojo#11090

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Maffooch Maffooch Maffooch approved these changes

@mtesauro mtesauro mtesauro approved these changes

@cneill cneill cneill approved these changes

@grendel513 grendel513 grendel513 approved these changes

Assignees
No one assigned
Labels
unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kiblik @grendel513 @cneill @mtesauro @Maffooch