Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ruff: Fix for bump to 0.9.6 #11759 #11768

Merged
merged 7 commits into from
Feb 16, 2025
Merged

Ruff: Fix for bump to 0.9.6 #11759 #11768

merged 7 commits into from
Feb 16, 2025

Conversation

manuel-sommer
Copy link
Contributor

@manuel-sommer manuel-sommer commented Feb 7, 2025
edited
Loading

Fix for #11759
#11793

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Feb 7, 2025
edited
Loading

DryRun Security Summary

The pull request modifies logging methods from logger.exception() to logger.error() across three DefectDojo files, which reduces logged diagnostic information and could impact troubleshooting capabilities without introducing direct security vulnerabilities.

Expand for full summary

This PR updates multiple files with logging method changes from logger.exception() to logger.error() in DefectDojo, affecting exception handling in three different files and updating a linter dependency.

Security Findings:

  1. In dojo/api_v2/exception_handler.py: Switching from exception() to error() reduces logged diagnostic information, potentially making troubleshooting and security investigations more difficult.
  2. In dojo/product/views.py: Logging method change reduces error logging verbosity, which could slightly decrease error tracking capabilities.
  3. In dojo/jira_link/helper.py: Changing logging method reduces detailed error information, potentially hiding full exception context during troubleshooting.

These changes do not introduce direct security vulnerabilities but may impact error tracking and diagnostic capabilities.

Code Analysis

We ran 9 analyzers against 4 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Configured Codepaths Analyzer 6 findings

Overall Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

@github-actions github-actions bot removed the unittests label Feb 7, 2025
@manuel-sommer manuel-sommer mentioned this pull request Feb 7, 2025
Closed
@kiblik
Copy link
Contributor

kiblik commented Feb 7, 2025

I would also add an increment of the ruff version in requirements-lint.txt, to help dependabot detect that the issue is fixed and broken PR can be closed.

@manuel-sommer
Copy link
Contributor Author

Ready to review @kiblik

mtesauro
mtesauro approved these changes Feb 10, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@manuel-sommer manuel-sommer changed the title Ruff: Fix for bump to 0.9.5 #11759 Ruff: Fix for bump to 0.9.6 #11759 Feb 11, 2025
@dogboat
Copy link
Contributor

dogboat commented Feb 11, 2025

This has some failing tests -- could we rerun those? Thanks!

@manuel-sommer manuel-sommer reopened this Feb 11, 2025
@manuel-sommer manuel-sommer changed the title Ruff: Fix for bump to 0.9.6 #11759 Ruff: Fix for bump to 0.9.5 #11759 Feb 11, 2025
@manuel-sommer
Copy link
Contributor Author

I have no clue why this fails @dogboat I already have retriggered the tests

@dogboat
Copy link
Contributor

dogboat commented Feb 11, 2025

@manuel-sommer Thanks, and sorry for the trouble. We're tracking this down.

@manuel-sommer manuel-sommer changed the title Ruff: Fix for bump to 0.9.5 #11759 Ruff: Fix for bump to 0.9.6 #11759 Feb 11, 2025
@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@mtesauro
Copy link
Contributor

@manuel-sommer This will likely need to be rebased as the 2.43.2 release fixed the issue which was causing the tests to fail.

@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@manuel-sommer manuel-sommer reopened this Feb 16, 2025
@manuel-sommer
Copy link
Contributor Author

Ready to go @mtesauro

@mtesauro mtesauro merged commit 7f7a210 into DefectDojo:dev Feb 16, 2025
132 of 135 checks passed
@manuel-sommer manuel-sommer deleted the fix_11759 branch February 17, 2025 07:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@kiblik kiblik kiblik approved these changes

@dogboat dogboat dogboat approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
apiv2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@manuel-sommer @kiblik @dogboat @mtesauro @Maffooch