Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ruff: Add and fix S110 (+ merge all S1 rules) #11256

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from

Ruff: Add and fix S110 (+ merge all S1 rules)

9cc8523
Select commit
Loading
Failed to load commit list.
Open

Ruff: Add and fix S110 (+ merge all S1 rules) #11256

Ruff: Add and fix S110 (+ merge all S1 rules)
9cc8523
Select commit
Loading
Failed to load commit list.
DryRunSecurity / Authn/Authz Analyzer succeeded Nov 27, 2024 in 7s

DryRun Security

Details

Authn/Authz Analyzer Findings: 2 detected

⚠️ Potential Authn/Authz Function Used or Modified dojo/benchmark/views.py (click for details)
Type Potential Authn/Authz Function Used or Modified
Description "This code introduces a new authorization-related function, user_is_authorized, which appears to be a custom decorator that checks user permissions before allowing access to certain operations. While the specific implementation is not shown, the presence of this new authorization-related function triggers the need for a security review, as it introduces new logic that could impact access control and user permissions." }
Filename dojo/benchmark/views.py
CodeLink

django-DefectDojo/dojo/benchmark/views.py

Lines 36 to 42 in 9cc8523

benchmark_product.product = product
benchmark_product.control = requirement
requirements.append(benchmark_product)
Benchmark_Product.objects.bulk_create(requirements)
@user_is_authorized(Product, Permissions.Benchmark_Edit, "pid")
⚠️ Potential Authn/Authz Function Used or Modified dojo/cred/views.py (click for details)
Type Potential Authn/Authz Function Used or Modified
Description "This code defines a function delete_cred_controller that performs an authorization check using the user_is_authorized decorator. This decorator is likely part of a custom authorization system that validates the user's permissions to delete the credential based on the Permissions.Credential_Delete check. As this involves a custom authorization mechanism, it is considered a sensitive authentication or authorization function and should be reviewed." }
Filename dojo/cred/views.py
CodeLink

django-DefectDojo/dojo/cred/views.py

Lines 584 to 590 in 9cc8523

@user_is_authorized(Cred_User, Permissions.Credential_Delete, "ttid")
def delete_cred_controller(request, destination_url, id, ttid):
cred = Cred_Mapping.objects.filter(pk=ttid).first()
if request.method == "POST":
tform = CredMappingForm(request.POST, instance=cred)
message = ""
View more details on DryRunSecurity