Ruff: Add and "fix" S106

[kiblik]

Add S106 https://docs.astral.sh/ruff/rules/hardcoded-password-func-arg/ and mute it.

For testing the user form, it is fine to hardcode the password

[dryrunsecurity]

DryRun Security Summary

The code changes in this pull request focus on improving the security and quality of the application's codebase, including updates to the Ruff linter configuration to introduce security-related rules and new unit tests for the password validation functionality in the Django application.

Expand for full summary

Summary:

The code changes in this pull request focus on improving the security and quality of the application's codebase. The changes are primarily related to the configuration file for the Ruff linter, a Python linter, and the unit tests for the password validation functionality in the Django application.

The Ruff linter configuration changes introduce several security-related rules, such as checks for the use of the input() function and other potential security vulnerabilities. These changes suggest that the security team is actively working to identify and address potential security issues in the codebase.

The unit test changes for the ChangePasswordForm in the Django application cover various password validation policies, including minimum and maximum password length, character requirements, and preventing the reuse of previous passwords. These tests ensure that the password change functionality is secure and behaves as expected, addressing common password-related security concerns.

Overall, the code changes in this pull request demonstrate a strong focus on improving the security and quality of the application, which is a positive sign for the application's security posture.

Files Changed:

1. ruff.toml:

   • The changes update the Ruff linter configuration, adding several security-related rules, such as S106 (use of input() function), S2 (hardcoded passwords), and other rules covering a range of potential security vulnerabilities.
   • The ignore and lint.per-file-ignores sections are also updated to exclude certain rules or apply them selectively, which should be reviewed to ensure that the exclusions are justified and do not introduce any unintended security implications.

2. unittests/test_user_validators.py:

   • The changes introduce new test cases for the ChangePasswordForm in the Django application, covering various password validation policies, such as minimum and maximum password length, character requirements, and preventing the reuse of previous passwords.
   • These test cases ensure that the password change functionality is secure and behaves as expected, addressing common password-related security concerns.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.