Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ruff: Add and fix PLR6201 #11717

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

Ruff: Add and fix PLR6201 #11717

wants to merge 1 commit into from

Conversation

kiblik
Copy link
Contributor

@kiblik kiblik commented Feb 2, 2025

Add rule literal-membership (PLR6201) and fix it

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Feb 2, 2025
edited
Loading

DryRun Security Summary

The pull request implements comprehensive improvements to DefectDojo's security tool parsers and integrations, focusing on enhanced severity handling, input validation, deduplication mechanisms, and performance optimizations across multiple files in the codebase.

Expand for full summary

Summary:

The code changes in this pull request cover various improvements and updates to the parsers and integrations for different security tools and scanners in the DefectDojo application. The changes focus on enhancing the handling of security findings, improving the performance and reliability of the parsers, and ensuring consistent data representation across the application.

Key areas of improvement include:

  1. Severity Handling: The code changes often involve updating the handling of severity levels, ensuring that they are normalized to a consistent set of values (e.g., "Info", "Low", "Medium", "High", "Critical") and that unexpected or invalid severity values are handled gracefully.

  2. Input Validation and Normalization: The parsers are updated to handle different input formats and edge cases more robustly, such as handling missing or invalid data, and ensuring that user-provided input is properly sanitized.

  3. Deduplication and Tracking: The code introduces or improves mechanisms for deduplicating findings and tracking unique identifiers (e.g., CVE IDs, CWE IDs) to maintain the integrity and accuracy of the security data.

  4. Performance Optimizations: Several changes involve replacing list comparisons with set comparisons, which can improve the performance of the parsers and related functionality.

Overall, the changes in this pull request appear to be focused on enhancing the security capabilities and reliability of the DefectDojo application, without introducing any obvious security vulnerabilities. The attention to input validation, data normalization, and performance optimization are all positive steps from an application security perspective.

Files Changed:

The changes in this pull request span multiple files across the DefectDojo codebase, with the majority of the changes focused on the various tool-specific parsers located in the dojo/tools/ directory. The key files and changes are:

  1. dojo/api_v2/views.py: Updates the metadata action in the FindingViewSet class to use a set instead of a list for HTTP method checks.
  2. dojo/engagement/signals.py: Handles the creation of notifications when an engagement is closed (set to "Cancelled" or "Completed").
  3. dojo/benchmark/views.py: Includes changes related to the management and scoring of security benchmarks for products.
  4. dojo/api_v2/serializers.py: Introduces various improvements to the validation and handling of serialized data, such as user and group management.
  5. dojo/engagement/views.py: Optimizes the performance of the get_filtered_engagements and get_engagements functions.
  6. dojo/jira_link/helper.py: Updates the handling of JIRA authentication errors.
  7. dojo/management/commands/jira_status_reconciliation.py: Handles the reconciliation of finding status between DefectDojo and Jira.
  8. dojo/jira_link/views.py: Improves the handling of JIRA webhook events.
  9. dojo/product/views.py: Optimizes the identify_view function by using a set comparison.
  10. dojo/notifications/helper.py: Enhances the handling of webhook notifications.
  11. dojo/templatetags/display_tags.py: Optimizes the vulnerability_url function.
  12. dojo/tags_signals.py: Improves the handling of product tags and their inheritance across different models.
  13. dojo/tools/ directory: Contains various updates and improvements to the parsers for different security tools, such as SonarQube, Acunetix, AWS Security Hub, Fortify, CodeChecker, and more.

Code Analysis

We ran 9 analyzers against 30 files and 2 analyzers had findings. 7 analyzers had no findings.

Analyzer Findings
Authn/Authz Analyzer 2 findings
IDOR Analyzer 2 findings

Overall Riskiness

🟡 Please give this pull request extra attention during review.

View PR in the DryRun Dashboard.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 6, 2025

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 6, 2025

Conflicts have been resolved. A maintainer will review the pull request shortly.

mtesauro
mtesauro approved these changes Feb 7, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@Maffooch Maffooch Maffooch approved these changes

At least 4 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
apiv2 parser ui unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kiblik @mtesauro @Maffooch