Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ruff: Add and autofix B006 #11951

Merged
merged 2 commits into from
Mar 11, 2025
Merged

Ruff: Add and autofix B006 #11951

merged 2 commits into from
Mar 11, 2025

Conversation

kiblik
Copy link
Contributor

@kiblik kiblik commented Mar 5, 2025

Add rule mutable-argument-default (B006) and use autofix

mtesauro
mtesauro approved these changes Mar 8, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Mar 11, 2025
edited
Loading

DryRun Security Summary

The PR addresses potential security risks by updating type handling and replacing mutable default arguments with None across multiple files, and adding a Ruff linting rule to prevent similar issues in the future.

Expand for full summary

The PR updates type handling and default parameter initialization across multiple files, focusing on replacing mutable default arguments with None and adding explicit initialization checks. Security findings include:

  1. Mutable Default Argument Vulnerability: Multiple files (base_importer.py, options.py, jira_link/helper.py, models.py, tags_signals.py, unittests/dojo_test_case.py) were modified to prevent potential state-related security risks from shared mutable default list arguments. This could previously lead to unexpected behavior and potential unintended modifications across function calls.

  2. Ruff Configuration Update: Added "B006" linting rule in ruff.toml to automatically detect and prevent mutable default argument usage, which can help catch potential security-related coding patterns early in development.

No direct critical security vulnerabilities were introduced by these changes.

View PR in the DryRun Dashboard.

@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@mtesauro mtesauro merged commit 4de10f8 into DefectDojo:dev Mar 11, 2025
77 checks passed
@kiblik kiblik deleted the ruff/B006 branch March 12, 2025 06:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro

@dogboat dogboat

@hblankenship hblankenship

@Maffooch Maffooch

Assignees
No one assigned
Labels
lint unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@kiblik @mtesauro @dogboat @hblankenship @Maffooch