Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ruff: Add and "fix" S106 #11193

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

Ruff: Add and "fix" S106 #11193

wants to merge 1 commit into from

Conversation

kiblik
Copy link
Contributor

@kiblik kiblik commented Nov 5, 2024

Add S106 https://docs.astral.sh/ruff/rules/hardcoded-password-func-arg/ and mute it.

For testing the user form, it is fine to hardcode the password

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Nov 5, 2024

DryRun Security Summary

The pull request focuses on improving the security of the password change functionality and the overall code quality through the use of a linter configuration, including the introduction of various password policy validations and the addition of a new security-related linter rule.

Expand for full summary

Summary:

The code changes in this pull request are focused on improving the security of the password change functionality and the overall code quality through the use of a linter configuration.

The changes to the unittests/test_user_validators.py file introduce various password policy validations, such as checking for minimum and maximum length, the presence of numbers, special characters, uppercase and lowercase letters, and non-common passwords. These validations help ensure that users choose strong and secure passwords, reducing the risk of password-related attacks. Additionally, the code checks that the user's current password is correct before allowing a password change and prevents password reuse, further enhancing the security of the password change process.

The changes to the ruff.toml file, which is the configuration file for the Ruff linter, indicate a focus on improving the security of the codebase. The addition of the S106 rule, which is part of the "Flake8 Security" set of rules, suggests that the developers are adding a new security-related check. However, the removal of some other security-related rules should be carefully reviewed to ensure that it does not introduce any security vulnerabilities.

Files Changed:

  1. unittests/test_user_validators.py: This file contains test cases for the ChangePasswordForm form, which is responsible for validating password changes. The changes introduce various password policy validations, such as minimum and maximum length, the presence of numbers, special characters, uppercase and lowercase letters, and non-common passwords. Additionally, the code checks that the user's current password is correct before allowing a password change and prevents password reuse.

  2. ruff.toml: This file is the configuration file for the Ruff linter, which is a Python code linter. The changes include the addition of the S106 rule, which is part of the "Flake8 Security" set of rules, and the removal of several other security-related rules. The addition of the S106 rule is a positive change, as it indicates a focus on improving the security of the codebase. However, the removal of the other security-related rules should be carefully reviewed to ensure that it does not introduce any security vulnerabilities.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Nov 6, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cneill cneill cneill approved these changes

@mtesauro mtesauro mtesauro approved these changes

At least 4 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kiblik @cneill @mtesauro