Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ruff: Add PLR02 and fix PLR0202 #11712

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

Ruff: Add PLR02 and fix PLR0202 #11712

wants to merge 1 commit into from

Conversation

kiblik
Copy link
Contributor

@kiblik kiblik commented Feb 2, 2025

Merge PLR02* rules and fix no-classmethod-decorator (PLR0202)

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Feb 2, 2025

DryRun Security Summary

The pull request primarily involves non-security-critical changes to the Ruff linter configuration and the MonthYearWidget class in dojo/forms.py, focusing on linting rule management and widget label handling modifications.

Expand for full summary

Summary:

The code changes in this pull request are primarily focused on the configuration of the Ruff linter and modifications to the MonthYearWidget class in the dojo/forms.py file. From an application security perspective, the changes do not directly introduce any security vulnerabilities.

The Ruff linter configuration changes involve removing specific linting rules, configuring automatic fixes, and managing the list of ignored rules. While these changes do not have a direct impact on security, it's important to ensure that the linter configuration is regularly reviewed and updated to address any emerging security concerns or best practices. Additionally, the team should consider incorporating security-specific linting rules or tools to enhance the overall security posture of the codebase.

The changes to the dojo/forms.py file are focused on the MonthYearWidget class and do not appear to have any direct security implications. However, it's crucial to review the entire dojo/forms.py file to ensure that all form classes properly validate and sanitize user input, handle permissions and access control, and implement appropriate security measures such as CSRF protection.

Files Changed:

  1. ruff.toml:

    • The changes remove several specific linting rules from the select list, suggesting that the team has decided to exclude these rules from the linting process.
    • The ignore list includes a few rules that are commonly disabled, such as E501 (line length) and E722 (bare except).
    • The fixable and unfixable settings indicate that the team has configured Ruff to automatically fix any issues that can be automatically resolved, while leaving some issues that require manual intervention.

  2. dojo/forms.py:

    • The changes convert the id_for_label method in the MonthYearWidget class from a regular method to a class method.
    • The id_for_label method has been updated to return the id_ value with the _month suffix, likely to ensure that the label for the month select box is correctly associated with the month field.
    • The id_for_label method has been removed from the __init__ method and is now defined as a class method.
    • The file contains various form classes used throughout the Defect Dojo application, which handle user input and require proper input validation, sanitization, permissions and access control, error handling, and CSRF protection to maintain the application's security posture.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kiblik