Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ruff: Add PLC28 and "fix" PLC28 #11774

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

Ruff: Add PLC28 and "fix" PLC28 #11774

wants to merge 1 commit into from

Conversation

kiblik
Copy link
Contributor

@kiblik kiblik commented Feb 9, 2025

Added PLC28* rules and 3 places have been autofixed for unnecessary-dunder-call (PLC2801). For last 2 (__setattr__), I'm not able to find better alternative

@github-actions github-actions bot added the parser label Feb 9, 2025
@kiblik kiblik marked this pull request as ready for review February 9, 2025 14:55
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Feb 9, 2025
edited
Loading

DryRun Security Summary

The pull request makes changes to linting configurations and code files while introducing potential security concerns around linting exclusions, sensitive data logging, and input validation in the endpoint status update functionality.

Expand for full summary

The PR updates Ruff linter configuration, modifies a JFrog Xray API parser utility, and adds linter suppression comments to an endpoint status update view.

Security Findings:

  1. In ruff.toml: Potential security bypass risk due to excluded files/directories from linting, which might circumvent security checks.
  2. In dojo/endpoint/views.py: Sensitive information exposure through logging user mitigation actions and timestamps.
  3. Potential input validation risks in endpoint status bulk update function, though existing authorization checks are in place.

Code Analysis

We ran 9 analyzers against 3 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

@github-actions github-actions bot added the lint label Feb 12, 2025
mtesauro
mtesauro approved these changes Feb 15, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@Maffooch Maffooch Maffooch approved these changes

At least 4 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
lint parser
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@kiblik @mtesauro @dogboat @Maffooch