Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ruff: Add and fix PTH122 #11255

Merged
merged 3 commits into from
Nov 15, 2024
Merged

Ruff: Add and fix PTH122 #11255

merged 3 commits into from
Nov 15, 2024

Conversation

manuel-sommer
Copy link
Contributor

No description provided.

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Nov 13, 2024
edited
Loading

DryRun Security Summary

The pull request covers changes to several files, including updates to the Ruff linter configuration, improvements to file handling and validation, and enhancements to the deduplication functionality, all aimed at improving the overall functionality and security of the DefectDojo application.

Expand for full summary

Summary:

The code changes in this pull request cover several files and focus on improving the overall functionality and security of the DefectDojo application. The changes include updates to the Ruff linter configuration, improvements to file handling and validation in the dojo/utils.py and dojo/forms.py files, and enhancements to the deduplication functionality in the dojo/models.py file.

While the specific changes do not directly address any known security vulnerabilities, they demonstrate the team's commitment to maintaining a secure and well-functioning application. The updates to the Ruff linter configuration, the use of the pathlib module for more robust file handling, and the improvements to the deduplication process all contribute to a more secure and maintainable codebase.

However, it's important to note that the overall security of the application should be regularly reviewed and assessed, as there may be other potential security risks that need to be addressed. This includes, but is not limited to, proper input validation and sanitization, secure file handling, access control and authorization, and the secure storage and transmission of sensitive data.

Files Changed:

  1. ruff.toml: This file contains the configuration for the Ruff linter, a Python code linter. The changes include the addition of a new lint rule, "PTH122", and the removal of the "PTH124" lint rule. While these changes are not directly related to security vulnerabilities, the inclusion of security-related lint rules in the Ruff configuration suggests that the team is aware of common security pitfalls in Python development.

  2. dojo/utils.py: The changes in this file involve the use of the pathlib.Path module to extract file extensions and generate file responses, instead of using the os.path module. These changes improve the reliability and robustness of the file handling functionality, but do not introduce any significant security concerns.

  3. dojo/forms.py: The changes in this file focus on improving the file validation and extension checking when uploading files in the UploadThreatForm and the ManageFileFormSet. These changes help to prevent the upload of potentially malicious files, which is a positive step towards improving the overall security of the application.

  4. dojo/models.py: The changes in this file are related to improving the deduplication functionality for findings in the DefectDojo application. The updates to the UniqueUploadNameProvider class and the compute_hash_code() method can help ensure that the deduplication process is more accurate and reliable, which can have a positive impact on the application's security and usability.

Code Analysis

We ran 9 analyzers against 4 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Configured Codepaths Analyzer 5 findings

Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

cneill
cneill reviewed Nov 13, 2024
View reviewed changes
Copy link
Contributor

@cneill cneill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just some quick cleanup, otherwise looks good

dojo/utils.py Outdated Show resolved Hide resolved
dojo/utils.py Outdated Show resolved Hide resolved
@manuel-sommer @cneill
Update dojo/utils.py
b28d75c 
Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
@manuel-sommer manuel-sommer requested a review from cneill November 13, 2024 18:10
@manuel-sommer @cneill
Update dojo/utils.py
5334988 
Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
mtesauro
mtesauro approved these changes Nov 14, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit 5d85275 into DefectDojo:dev Nov 15, 2024
72 of 73 checks passed
@manuel-sommer manuel-sommer deleted the ruff_pth122 branch November 15, 2024 23:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Maffooch Maffooch Maffooch approved these changes

@mtesauro mtesauro mtesauro approved these changes

@cneill cneill cneill approved these changes

@grendel513 grendel513 grendel513 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@manuel-sommer @grendel513 @cneill @mtesauro @Maffooch