Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Ruff: Add S324 rule #12169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Apr 10, 2025
Merged

Ruff: Add S324 rule #12169

merged 4 commits into from
Apr 10, 2025

Conversation

manuel-sommer
Copy link
Contributor

No description provided.

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Apr 4, 2025
edited
Loading

DryRun Security Summary

Multiple parser files in the dojo/tools directory were updated to add usedforsecurity=False to MD5 hash method calls, marking them as non-cryptographic and improving code clarity for static analysis tools.

Expand for full summary

Summary of Security Findings:

Multiple files in the dojo/tools directory were updated with a consistent pattern of adding usedforsecurity=False to hashlib.md5() method calls. This is a security-conscious annotation indicating MD5 hashes are used for non-cryptographic purposes like deduplication.

Security Vulnerabilities:

No direct security vulnerabilities were found in the reviewed patches. The changes were primarily defensive coding practices that:

  • Explicitly mark MD5 hash usage as non-security critical
  • Provide clarity about hash generation intent
  • Help static analysis tools understand hash purpose

Specific Files Modified:

  • dojo/tools/blackduck/parser.py
  • dojo/tools/bugcrowd/parser.py
  • dojo/tools/bundler_audit/parser.py
  • dojo/tools/cobalt/parser.py
  • dojo/tools/ggshield/parser.py
  • dojo/tools/gitleaks/parser.py
  • dojo/tools/h1/parser.py
  • dojo/tools/huskyci/parser.py
  • dojo/tools/ibm_app/parser.py
  • dojo/tools/immuniweb/parser.py
  • dojo/tools/kiuwan/parser.py
  • dojo/tools/mend/parser.py
  • dojo/tools/neuvector_compliance/parser.py
  • dojo/tools/noseyparker/parser.py
  • dojo/tools/ort/parser.py
  • dojo/tools/retirejs/parser.py
  • dojo/tools/scantist/parser.py
  • dojo/tools/sslyze/parser_xml.py
  • dojo/tools/talisman/parser.py
  • dojo/tools/trufflehog/parser.py
  • dojo/tools/trufflehog3/parser.py
  • dojo/tools/twistlock/parser.py
  • dojo/tools/vcg/parser.py
  • dojo/tools/whitehat_sentinel/parser.py

Additionally, the ruff.toml file was updated to add the security rule S324, indicating an expansion of security linting capabilities.

View PR in the DryRun Dashboard.

Maffooch
Maffooch requested changes Apr 4, 2025
View reviewed changes
Copy link
Contributor

@Maffooch Maffooch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Something like this might be more robust for future contributors in the ruff.toml file under the [lint.per-file-ignores] section:

"dojo/tools/**" = [
    "S324", # https://docs.astral.sh/ruff/rules/hashlib-insecure-hash-function/
]

@github-actions github-actions bot removed the parser label Apr 5, 2025
@manuel-sommer manuel-sommer requested a review from Maffooch April 5, 2025 21:33
@Maffooch Maffooch added this to the 2.45.1 milestone Apr 7, 2025
@kiblik
Copy link
Contributor

kiblik commented Apr 8, 2025

Question is. Do we want to do it easy (as it is proposed right now) or hard (as Ruff page recommends) :)

I'm okay with the current setup. The recommended solution is to add usedforsecurity=False to all md5 calls (in case you are not able, simply replace it with a different hash function).

@manuel-sommer
Copy link
Contributor Author

Let's keep it this way please

@Maffooch Maffooch requested a review from mtesauro as a code owner April 9, 2025 16:53
@Maffooch
Copy link
Contributor

Maffooch commented Apr 9, 2025

The recommended solution is to add usedforsecurity=False to all md5 calls (in case you are not able, simply replace it with a different hash function).

Great suggestion! @manuel-sommer do you have bandwidth to add this?

@github-actions github-actions bot added the parser label Apr 9, 2025
@manuel-sommer
Copy link
Contributor Author

done @Maffooch

@Maffooch Maffooch merged commit ceee38a into DefectDojo:dev Apr 10, 2025
77 checks passed
@manuel-sommer manuel-sommer deleted the ruff_s324 branch April 11, 2025 00:38
Maffooch added a commit that referenced this pull request Apr 21, 2025
@manuel-sommer @Maffooch
Ruff: Add S324 rule (#12169)
410d0b9 
* fix

* fix

* Update ruff.toml

---------

Co-authored-by: Cody Maffucci <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kiblik kiblik kiblik approved these changes

@dogboat dogboat dogboat approved these changes

@hblankenship hblankenship hblankenship approved these changes

@Maffooch Maffooch Maffooch approved these changes

@mtesauro mtesauro Awaiting requested review from mtesauro mtesauro is a code owner

Assignees
No one assigned
Labels
lint parser
Projects
None yet
Milestone
2.45.1
Development

Successfully merging this pull request may close these issues.
5 participants
@manuel-sommer @kiblik @Maffooch @dogboat @hblankenship