Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ruff: Add and fix S105 #11068

Merged
merged 2 commits into from
Nov 5, 2024
Merged

Ruff: Add and fix S105 #11068

merged 2 commits into from
Nov 5, 2024

Conversation

kiblik
Copy link
Contributor

@kiblik kiblik commented Oct 14, 2024

Add rule S105 and "fix" it

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Oct 14, 2024
edited
Loading

DryRun Security Summary

The pull request includes various security-related improvements, such as enhancing the Ruff linter configuration, improving the TrivySecretsHandler class, enhancing the Trivy parser in the Dojo application security tool, and a minor update to the Check_List model in the dojo/models.py file.

Expand for full summary

Summary:

The code changes in this pull request cover various security-related improvements across multiple files in the application. The key changes include:

  1. Enhancements to the Ruff linter configuration to detect hardcoded passwords, with a reasonable exception for test files.
  2. Improvements to the TrivySecretsHandler class, which is responsible for handling the detection and reporting of secrets found in the application's codebase.
  3. Enhancements to the Trivy parser in the Dojo application security tool, allowing for more comprehensive and detailed security reporting of vulnerabilities, misconfigurations, secrets, and license information in Docker images.
  4. A minor update to the Check_List model in the dojo/models.py file, using a code comment to suppress a security warning related to the use of a hardcoded string.

Overall, these changes demonstrate a focus on improving the security posture of the application by enhancing the detection and reporting of security-related issues. The changes appear to be well-considered and follow good application security practices.

Files Changed:

  1. ruff.toml: The changes to this file include the addition of the S105 rule to the select list, which checks for the presence of hardcoded passwords, and the addition of a per-file-ignores section that excludes the S105 rule for the unittests/** directory.
  2. dojo/tools/trivy_operator/secrets_handler.py: The changes in this file are focused on improving the handling of secret detection and reporting, including mapping Trivy severities, generating detailed descriptions for detected secrets, and creating corresponding Finding objects.
  3. dojo/tools/trivy/parser.py: The changes in this file enhance the Trivy parser in the Dojo application security tool, allowing for more comprehensive parsing and reporting of vulnerabilities, misconfigurations, secrets, and license information from Trivy scans.
  4. dojo/models.py: The change in this file is a minor update to the get_status method in the Check_List model, using a code comment to suppress a security warning related to the use of a hardcoded string.

Code Analysis

We ran 9 analyzers against 4 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@kiblik kiblik closed this Oct 14, 2024
@kiblik kiblik reopened this Oct 14, 2024
@kiblik kiblik marked this pull request as draft October 14, 2024 18:13
@kiblik kiblik closed this Oct 16, 2024
@kiblik kiblik reopened this Oct 16, 2024
@kiblik kiblik closed this Oct 16, 2024
@kiblik kiblik reopened this Oct 16, 2024
@kiblik kiblik marked this pull request as ready for review October 17, 2024 09:33
mtesauro
mtesauro approved these changes Oct 27, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Nov 1, 2024

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Nov 3, 2024

Conflicts have been resolved. A maintainer will review the pull request shortly.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Nov 5, 2024

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Nov 5, 2024

Conflicts have been resolved. A maintainer will review the pull request shortly.

@mtesauro mtesauro merged commit 1659350 into DefectDojo:dev Nov 5, 2024
73 checks passed
@kiblik kiblik deleted the ruff_S105 branch November 5, 2024 07:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Maffooch Maffooch Maffooch approved these changes

@mtesauro mtesauro mtesauro approved these changes

@cneill cneill cneill approved these changes

@grendel513 grendel513 grendel513 approved these changes

Assignees
No one assigned
Labels
parser
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kiblik @grendel513 @cneill @mtesauro @Maffooch