-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ruff: Solve F821 #9751
Ruff: Solve F821 #9751
Conversation
Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.
Note 🟢 Risk threshold not exceeded. Change Summary (click to expand)The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective. Summary: The code changes in this pull request cover a wide range of updates across the DefectDojo application, including improvements to the Flake8 linter configuration, the JIRA integration functionality, the Engagement module, the Celery task management, and various other utility scripts and tests. From an application security perspective, the changes generally demonstrate a security-conscious approach, with measures in place to handle sensitive data, validate user input, and enforce proper access controls. The changes to the Flake8 configuration, the JIRA integration, and the Celery task management are particularly noteworthy, as they address potential security vulnerabilities and improve the overall security posture of the application. However, it's important to thoroughly review the changes to ensure that there are no unintended security implications, such as potential injection vulnerabilities, improper error handling, or insecure configurations. Additionally, the use of hardcoded values and the handling of user-provided input should be carefully examined to identify and address any security risks. Files Changed:
Powered by DryRun Security |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
339ced3
to
615d092
Compare
DryRun Security SummaryThe pull request covers a wide range of updates and improvements to the DefectDojo application, including enhancements to various components, security improvements, and additions and updates to the unit tests, all of which demonstrate a strong focus on maintaining the security and integrity of the application. Expand for full summarySummary: The code changes in this pull request cover a wide range of updates and improvements to the DefectDojo application, including:
From an application security perspective, the changes demonstrate a strong focus on maintaining the security and integrity of the DefectDojo application. Key security-related improvements include:
Overall, the code changes in this pull request appear to be a positive contribution to the security and reliability of the DefectDojo application. The application security engineer reviewing these changes would likely approve the pull request, with the recommendation to continue monitoring the application's security posture and addressing any potential issues that may arise in the future. Files Changed:
Code AnalysisWe ran
Riskiness🟢 Risk threshold not exceeded. |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Conflicts have been resolved. A maintainer will review the pull request shortly. |
Quality Gate passedIssues Measures |
def test_check_for_doc(self): | ||
driver = self.driver | ||
driver.get("https://documentation.defectdojo.com/integrations/import/") | ||
integration_index = integration_text.index("Integrations") + len("Integrations") + 1 | ||
usage_index = integration_text.index("Usage Examples") - len("Models") - 2 | ||
integration_text = integration_text[integration_index:usage_index].lower() | ||
integration_text = integration_text.replace("_", " ").replace("-", " ").replace(".", "").split("\n") | ||
acronyms = [] | ||
for words in integration_text: | ||
acronyms += ["".join(word[0] for word in words.split())] | ||
|
||
missing_docs = [] | ||
for tool in self.tools: | ||
reg = re.compile(".*" + tool.replace("_", " ") + ".*") | ||
if len(list(filter(reg.search, integration_text))) < 1: | ||
if len(list(filter(reg.search, acronyms))) < 1: | ||
missing_docs += [tool] | ||
|
||
if len(missing_docs) > 0: | ||
logger.info("The following scanners are missing documentation") | ||
logger.info("Names must match those listed in /dojo/tools") | ||
logger.info("Documentation can be added here:") | ||
logger.info("https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs\n") | ||
for tool in missing_docs: | ||
logger.info(tool) | ||
assert len(missing_docs) == 0 | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just commenting for other reviewers
This removal is good since there are dedicated tests to ensure parsers have docs that are upstream from this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved
Remove F821 from
lint.ignore
and fix the findings.This excluded quite critical parts. I'm quite surprised, that there have not been any failing unittests or complaining users.