Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ruff: Fix Ruff FURB189 on bugfix #11290

Merged
merged 7 commits into from
Nov 22, 2024
Merged

Conversation

manuel-sommer
Copy link
Contributor

No description provided.

@manuel-sommer manuel-sommer changed the title Ruff: Fix FURB189 on bugfix Ruff: Fix Ruff FURB189 on bugfix Nov 19, 2024
@github-actions github-actions bot added the apiv2 label Nov 19, 2024
Copy link

dryrunsecurity bot commented Nov 19, 2024

DryRun Security Summary

The pull request contains routine updates to the serializer classes in the Defect Dojo application's API, including changes to the RequestResponseDict and RequestResponseSerializerField classes to improve the handling and validation of request/response data, which can help prevent potential security issues related to improper input validation.

Expand for full summary

Summary:

The code changes in this pull request appear to be a routine update to the serializer classes in the Defect Dojo application's API. The key changes include updating the RequestResponseDict class to inherit from collections.UserList instead of list, and improving the error handling and robustness of the RequestResponseSerializerField class when handling invalid JSON input.

From an application security perspective, these changes do not introduce any significant security concerns. Serializers play an important role in handling and validating the data sent to and from the API, which is a critical security consideration. The updates made in this pull request seem to improve the overall handling and validation of request/response data, which can help prevent potential security issues related to improper input validation.

Files Changed:

  • dojo/api_v2/serializers.py: This file contains the serializer classes for the Defect Dojo application's API. The key changes include:
    1. The RequestResponseDict class has been updated to inherit from collections.UserList instead of list, likely improving the handling of request/response data.
    2. The RequestResponseSerializerField class has been updated to handle invalid JSON input more robustly, with better error messages.

Overall, these changes appear to be routine updates to the serializer classes, focusing on improving the handling of request/response data and input validation. There are no obvious security-related concerns in the changes provided.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Configured Codepaths Analyzer 7 findings

Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

dojo/api_v2/serializers.py Outdated Show resolved Hide resolved
Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
@manuel-sommer manuel-sommer requested a review from cneill November 19, 2024 19:35
cneill
cneill previously approved these changes Nov 21, 2024
@cneill cneill dismissed their stale review November 21, 2024 17:43

Creating merge conflict

dojo/api_v2/serializers.py Outdated Show resolved Hide resolved
dojo/api_v2/serializers.py Outdated Show resolved Hide resolved
dojo/api_v2/serializers.py Outdated Show resolved Hide resolved
manuel-sommer and others added 4 commits November 21, 2024 20:20
Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com>
@manuel-sommer manuel-sommer requested a review from cneill November 21, 2024 19:26
@Maffooch Maffooch merged commit 1111ff6 into DefectDojo:bugfix Nov 22, 2024
72 of 73 checks passed
@manuel-sommer manuel-sommer deleted the fix_furb189 branch November 22, 2024 05:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants