Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Ruff: Add PTH123, merge PTH, fix in /dojo #12025

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 25, 2025
Merged

Ruff: Add PTH123, merge PTH, fix in /dojo #12025

merged 1 commit into from
Mar 25, 2025

Conversation

kiblik
Copy link
Contributor

@kiblik kiblik commented Mar 16, 2025

Add rule builtin-open (PTH123),
merge it
and fix /dojo.

It is still problematic in /unittests, but I would prefer not to change that many files in one PR.

@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

A code review revealed multiple file updates using pathlib.Path, with identified potential path traversal and manipulation risks in specific files that require input validation and path construction corrections.

Expand for full summary

PR Summary:
Multiple files updated to use pathlib.Path for file handling, replacing traditional open() function with more robust path manipulation methods across various components of the application.

Security Findings:

  • Potential Path Traversal Risk in dojo/engagement/views.py:

    • Typo in path construction: "risk_acceptance.path.name" looks like a literal string
    • Could lead to file not found error or expose unintended file path
    • Requires correction to properly access risk_acceptance.path.name

  • Potential Path Manipulation Concern in dojo/utils.py:

    • Typo in .m.mkdir() method call which might cause runtime errors
    • No explicit validation of input file names or paths
    • Recommends adding input validation for file paths

  • Temporary Linting Rule Ignore in ruff.toml:

    • Added PTH123 ignore in unit tests
    • Suggests existing path-handling issues in test files
    • Potential underlying path-related security considerations

No other direct security vulnerabilities were identified in the provided patches.

View PR in the DryRun Dashboard.

@kiblik kiblik marked this pull request as draft March 16, 2025 12:13
@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

1 similar comment
@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@kiblik kiblik marked this pull request as ready for review March 21, 2025 20:18
@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

mtesauro
mtesauro approved these changes Mar 24, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit ed8d4f0 into DefectDojo:dev Mar 25, 2025
77 checks passed
@kiblik kiblik deleted the ruff/PTH123 branch March 25, 2025 21:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@hblankenship hblankenship hblankenship approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
apiv2 integration_tests lint parser
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kiblik @mtesauro @dogboat @hblankenship @Maffooch