From fa9c3798da0f871435c33947b98ab54c60d357da Mon Sep 17 00:00:00 2001 From: kiblik <5609770+kiblik@users.noreply.github.com> Date: Sat, 25 Jan 2025 14:15:59 +0100 Subject: [PATCH] Ruff: Add and fix N999 --- .github/labeler.yml | 2 +- .github/pull_request_template.md | 2 +- .github/release-drafter.yml | 2 +- Dockerfile.django-alpine | 2 +- Dockerfile.django-debian | 2 +- docker/entrypoint-unit-tests-devDocker.sh | 2 +- docker/entrypoint-unit-tests.sh | 4 ++-- docker/extra_settings/README.md | 2 +- .../integrations/social-authentication.md | 2 +- docs/content/en/open_source/archived_docs/jira.md | 2 +- .../en/open_source/archived_docs/usage/features.md | 10 +++++----- .../open_source/contributing/how-to-write-a-parser.md | 2 +- .../en/open_source/installation/configuration.md | 10 +++++----- docs/content/en/open_source/upgrading/1.10.md | 2 +- docs/content/en/open_source/upgrading/1.7.0.md | 2 +- docs/content/en/open_source/upgrading/2.35.md | 2 +- dojo/models.py | 6 +++--- dojo/settings/settings.py | 2 +- dojo/settings/{settings.dist.py => settings_dist.py} | 2 +- dojo/settings/template-local_settings | 4 ++-- dojo/settings/unittests.py | 2 +- readme-docs/CONTRIBUTING.md | 2 +- readme-docs/DOCKER.md | 4 ++-- ruff.toml | 2 +- .../{Import_scanner_test.py => import_scanner_test.py} | 0 unittests/scans/bandit/dd2.json | 2 +- unittests/scans/bandit/many_vulns.json | 2 +- .../gitlab_sast/gl-sast-report-many-vuln_v14.json | 4 ++-- .../gitlab_sast/gl-sast-report-many-vuln_v15.json | 4 ++-- unittests/scans/horusec/horres3.json | 4 ++-- unittests/scans/horusec/version_2.6.3.json | 4 ++-- 31 files changed, 47 insertions(+), 47 deletions(-) rename dojo/settings/{settings.dist.py => settings_dist.py} (99%) rename tests/{Import_scanner_test.py => import_scanner_test.py} (100%) diff --git a/.github/labeler.yml b/.github/labeler.yml index 1e2fbd9bb86..57a9ea1a488 100644 --- a/.github/labeler.yml +++ b/.github/labeler.yml @@ -36,7 +36,7 @@ integration_tests: settings_changes: - changed-files: - any-glob-to-any-file: - - dojo/settings/settings.dist.py + - dojo/settings/settings_dist.py apiv2: - changed-files: diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 06f0b38e458..709b450bd56 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -45,7 +45,7 @@ Moderators: Labels currently accepted for PRs: - maintenance (a.k.a chores) - dependencies - New Migration (when the PR introduces a DB migration) -- settings_changes (when the PR introduces changes or new settings in settings.dist.py) +- settings_changes (when the PR introduces changes or new settings in settings_dist.py) # Contributors: Git Tips ## Rebase on dev branch diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml index f4eed0e81cd..d546cb0d4df 100644 --- a/.github/release-drafter.yml +++ b/.github/release-drafter.yml @@ -8,7 +8,7 @@ categories: - title: '💣 Breaking changes' labels: - 'Breaking Changes' - - title: '🚩 Changes to `settings.dist.py` / `local_settings.py`' + - title: '🚩 Changes to `settings_dist.py` / `local_settings.py`' labels: - 'settings_changes' - title: '🚩 Database migration' diff --git a/Dockerfile.django-alpine b/Dockerfile.django-alpine index cfef58fa32c..b5fcc22b517 100644 --- a/Dockerfile.django-alpine +++ b/Dockerfile.django-alpine @@ -113,7 +113,7 @@ RUN \ chown ${appuser} components/node_modules USER ${uid} ENV \ - # Only variables that are not defined in settings.dist.py + # Only variables that are not defined in settings_dist.py DD_ADMIN_USER=admin \ DD_ADMIN_MAIL=admin@defectdojo.local \ DD_ADMIN_PASSWORD='' \ diff --git a/Dockerfile.django-debian b/Dockerfile.django-debian index 663a75e884d..e53879cc356 100644 --- a/Dockerfile.django-debian +++ b/Dockerfile.django-debian @@ -116,7 +116,7 @@ RUN \ chown ${appuser} components/node_modules USER ${uid} ENV \ - # Only variables that are not defined in settings.dist.py + # Only variables that are not defined in settings_dist.py DD_ADMIN_USER=admin \ DD_ADMIN_MAIL=admin@defectdojo.local \ DD_ADMIN_PASSWORD='' \ diff --git a/docker/entrypoint-unit-tests-devDocker.sh b/docker/entrypoint-unit-tests-devDocker.sh index 2a9f2619cd7..90a01797d70 100755 --- a/docker/entrypoint-unit-tests-devDocker.sh +++ b/docker/entrypoint-unit-tests-devDocker.sh @@ -10,7 +10,7 @@ set -v . /reach_database.sh cd /app -# Unset the database URL so that we can force the DD_TEST_DATABASE_NAME (see django "DATABASES" configuration in settings.dist.py) +# Unset the database URL so that we can force the DD_TEST_DATABASE_NAME (see django "DATABASES" configuration in settings_dist.py) unset DD_DATABASE_URL # Unset the celery broker URL so that we can force the other DD_CELERY_BROKER settings diff --git a/docker/entrypoint-unit-tests.sh b/docker/entrypoint-unit-tests.sh index 8b6ba002ca3..a4d18c491b9 100755 --- a/docker/entrypoint-unit-tests.sh +++ b/docker/entrypoint-unit-tests.sh @@ -11,7 +11,7 @@ . /reach_database.sh cd /app || exit -# Unset the database URL so that we can force the DD_TEST_DATABASE_NAME (see django "DATABASES" configuration in settings.dist.py) +# Unset the database URL so that we can force the DD_TEST_DATABASE_NAME (see django "DATABASES" configuration in settings_dist.py) unset DD_DATABASE_URL # Unset the celery broker URL so that we can force the other DD_CELERY_BROKER settings @@ -20,7 +20,7 @@ unset DD_CELERY_BROKER_URL # TARGET_SETTINGS_FILE=dojo/settings/settings.py # if [ ! -f ${TARGET_SETTINGS_FILE} ]; then # echo "Creating settings.py" -# cp dojo/settings/settings.dist.py dojo/settings/settings.py +# cp dojo/settings/settings_dist.py dojo/settings/settings.py # fi wait_for_database_to_be_reachable diff --git a/docker/extra_settings/README.md b/docker/extra_settings/README.md index b3a8fc0eddb..c8d40233ce8 100644 --- a/docker/extra_settings/README.md +++ b/docker/extra_settings/README.md @@ -8,6 +8,6 @@ For an example, see [template-local_settings](../../dojo/settings/template-local Please note this copy action could fail if you have mounted the full `dojo/` folder, but that is owned by a different user/group. That's why this copy action only happens in docker compose release mode, and not in dev/debug/unit_tests/integration_tests modes. -For advanced usage you can also place a `settings.dist.py` or `settings.py` file. These will also be copied on startup to dojo/settings. +For advanced usage you can also place a `settings_dist.py` or `settings.py` file. These will also be copied on startup to dojo/settings. The files in this `docker/extra_settings` folder are *not* used by the nginx container, as this container needs the settings at build time. diff --git a/docs/content/en/open_source/archived_docs/integrations/social-authentication.md b/docs/content/en/open_source/archived_docs/integrations/social-authentication.md index 640beaeff18..1e6c0bd7906 100644 --- a/docs/content/en/open_source/archived_docs/integrations/social-authentication.md +++ b/docs/content/en/open_source/archived_docs/integrations/social-authentication.md @@ -389,7 +389,7 @@ NOTE: *DD_SAML2_ATTRIBUTES_MAP* in k8s can be referenced as extraConfig (e.g. `D NOTE: *DD_SITE_URL* might also need to be set depending on the choices you make with the metadata.xml provider. (File versus URL). -4. Checkout the SAML section in dojo/`dojo/settings/settings.dist.py` and verfiy if it fits your requirement. If you need help, take a look at the [plugin +4. Checkout the SAML section in dojo/`dojo/settings/settings_dist.py` and verfiy if it fits your requirement. If you need help, take a look at the [plugin documentation](https://djangosaml2.readthedocs.io/contents/setup.html#configuration). 5. Restart DefectDojo, and you should now see a **Login with SAML** button (default setting of DD_SAML2_LOGIN_BUTTON_TEXT) on the login page. diff --git a/docs/content/en/open_source/archived_docs/jira.md b/docs/content/en/open_source/archived_docs/jira.md index b2dacc43653..2ad1d0469dc 100644 --- a/docs/content/en/open_source/archived_docs/jira.md +++ b/docs/content/en/open_source/archived_docs/jira.md @@ -170,7 +170,7 @@ This can be executed from the uwsgi docker container using: $ docker compose exec uwsgi /bin/bash -c 'python manage.py jira_status_reconciliation' {{< /highlight >}} -DEBUG output can be obtains via `-v 3`, but only after increasing the logging to DEBUG level in your settings.dist.py or local_settings.py file +DEBUG output can be obtains via `-v 3`, but only after increasing the logging to DEBUG level in your settings_dist.py or local_settings.py file {{< highlight bash >}} $ docker compose exec uwsgi /bin/bash -c 'python manage.py jira_status_reconciliation -v 3' diff --git a/docs/content/en/open_source/archived_docs/usage/features.md b/docs/content/en/open_source/archived_docs/usage/features.md index c026a2f3a14..610ebad4b56 100644 --- a/docs/content/en/open_source/archived_docs/usage/features.md +++ b/docs/content/en/open_source/archived_docs/usage/features.md @@ -234,12 +234,12 @@ Note that currently deduplication does not occur across different products. ### Deduplication algorithms The behavior of the deduplication can be configured for each parser in -settings.dist.py (or settings.py after install) by configuring the +settings_dist.py (or settings.py after install) by configuring the `DEDUPLICATION_ALGORITHM_PER_PARSER` variable, or via the env variable (useful for Kubernetes deployments) `DD_DEDUPLICATION_ALGORITHM_PER_PARSER` with a JSON string like ```json {"ScannerName":"algorithm"} ``` -The environment variable will override the settings in `settings.dist.py`, replacing by matching the keys. +The environment variable will override the settings in `settings_dist.py`, replacing by matching the keys. The available algorithms are: @@ -304,11 +304,11 @@ DEDUPE_ALGO_LEGACY (value for `DD_DEDUPLICATION_ALGORITHM_PER_PARSER`: `legacy`) The hash_code computation can be configured for each parser using the parameter `HASHCODE_FIELDS_PER_SCANNER` in -`settings.dist.py`, or via the env variable (useful for Kubernetes deployments) `DD_HASHCODE_FIELDS_PER_SCANNER` with a JSON string like +`settings_dist.py`, or via the env variable (useful for Kubernetes deployments) `DD_HASHCODE_FIELDS_PER_SCANNER` with a JSON string like ```json {"ScannerName":["field1", "field2"]} ``` -The environment variable will override the settings in `settings.dist.py`, replacing by matching the keys. +The environment variable will override the settings in `settings_dist.py`, replacing by matching the keys. The parameter `HASHCODE_ALLOWED_FIELDS` list the fields from finding table that were tested and are known to be working when @@ -384,7 +384,7 @@ Please note the deduplication process is resource intensive and can take a long There is a specific logger that can be activated in order to have details about the deduplication process : switch `dojo.specific-loggers.deduplication` to debug in -`settings.dist.py`. +`settings_dist.py`. ### Deduplication - APIv2 parameters diff --git a/docs/content/en/open_source/contributing/how-to-write-a-parser.md b/docs/content/en/open_source/contributing/how-to-write-a-parser.md index 3ee5622506b..4806d03dda8 100644 --- a/docs/content/en/open_source/contributing/how-to-write-a-parser.md +++ b/docs/content/en/open_source/contributing/how-to-write-a-parser.md @@ -36,7 +36,7 @@ $ docker compose build --build-arg uid=1000 |`dojo/tools//parser.py` | The meat. This is where you write your actual parser. The class name must be the Python module name without underscores plus `Parser`. **Example:** When the name of the Python module is `dependency_check`, the class name shall be `DependencyCheckParser` |`unittests/scans//{many_vulns,no_vuln,one_vuln}.json` | Sample files containing meaningful data for unit tests. The minimal set. |`unittests/tools/test__parser.py` | Unit tests of the parser. -|`dojo/settings/settings.dist.py` | If you want to use a modern hashcode based deduplication algorithm +|`dojo/settings/settings_dist.py` | If you want to use a modern hashcode based deduplication algorithm |`doc/content/en/integrations/parsers//.md` | Documentation, what kind of file format is required and how it should be obtained ## Factory contract diff --git a/docs/content/en/open_source/installation/configuration.md b/docs/content/en/open_source/installation/configuration.md index 402689a2164..aabbfe0e497 100644 --- a/docs/content/en/open_source/installation/configuration.md +++ b/docs/content/en/open_source/installation/configuration.md @@ -5,9 +5,9 @@ draft: false weight: 3 --- -## dojo/settings/settings.dist.py +## dojo/settings/settings_dist.py -The main settings are stored in [`dojo/settings/settings.dist.py`](https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/settings/settings.dist.py). It is great to use this file as a reference for what can be configured, but it shouldn\'t be edited directly, because changes will be overwritten when updating DefectDojo. There are several methods to change the default settings: +The main settings are stored in [`dojo/settings/settings_dist.py`](https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/settings/settings_dist.py). It is great to use this file as a reference for what can be configured, but it shouldn\'t be edited directly, because changes will be overwritten when updating DefectDojo. There are several methods to change the default settings: ### Environment variables @@ -19,16 +19,16 @@ When you deploy DefectDojo in a **Kubernetes** cluster, you can set environment ### Environment file (not with Docker Compose or Kubernetes) -`settings.dist.py` reads environment variables from a file whose name is specified in the environment variable `DD_ENV_PATH`. If this variable is not set, the default `.env.prod` is used. The file must be located in the `dojo/settings` directory. +`settings_dist.py` reads environment variables from a file whose name is specified in the environment variable `DD_ENV_PATH`. If this variable is not set, the default `.env.prod` is used. The file must be located in the `dojo/settings` directory. An example can be found in [`template_env`](https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/settings/template-env). ### local_settings.py (not with Kubernetes) `local_settings.py` can contain more complex customizations such as adding MIDDLEWARE or INSTALLED_APP entries. -This file is processed *after* settings.dist.py is processed, so you can modify settings delivered by DefectDojo out of the box. +This file is processed *after* settings_dist.py is processed, so you can modify settings delivered by DefectDojo out of the box. The file must be located in the `dojo/settings` directory. Environment variables in this file must not have the `DD_` prefix. -If the file is missing feel free to create it. Do not edit `settings.dist.py` directly. +If the file is missing feel free to create it. Do not edit `settings_dist.py` directly. An example can be found in [`dojo/settings/template-local_settings`](https://github.com/DefectDojo/django-DefectDojo/blob/master/dojo/settings/template-local_settings). diff --git a/docs/content/en/open_source/upgrading/1.10.md b/docs/content/en/open_source/upgrading/1.10.md index d1626518474..c22da5bfee9 100644 --- a/docs/content/en/open_source/upgrading/1.10.md +++ b/docs/content/en/open_source/upgrading/1.10.md @@ -25,7 +25,7 @@ exclude_search: true and - A quickfix is to rename your own / customized - `settings.py` or `settings.dist.py` to + `settings.py` or `settings\_dist.py` to `local\_settings.py`. Details of that PR: - Major JIRA integration refactoring, for which you should at least diff --git a/docs/content/en/open_source/upgrading/1.7.0.md b/docs/content/en/open_source/upgrading/1.7.0.md index 40f653acc75..329c66100c2 100644 --- a/docs/content/en/open_source/upgrading/1.7.0.md +++ b/docs/content/en/open_source/upgrading/1.7.0.md @@ -110,7 +110,7 @@ after CELERY\_TASK\_IGNORE\_RESULT line: Save your modified settings file. For reference the modified file should look like the new 1.5.0 -\[settings\]() +\[settings\]() file, minus the environmental configurations. As an alternative this file can be used and the enviromental configurations from you environment can be copied into this file. diff --git a/docs/content/en/open_source/upgrading/2.35.md b/docs/content/en/open_source/upgrading/2.35.md index 3dec987e04e..9372ed87da9 100644 --- a/docs/content/en/open_source/upgrading/2.35.md +++ b/docs/content/en/open_source/upgrading/2.35.md @@ -6,7 +6,7 @@ description: Integrity checker announced exclude_search: true --- -From 2.35.0, DefectDojo will perform an integrity check of the `settings.dist.py` file to ensure it has not been modified. If the user changed this file (in the past or even now) the DefectDojo instance will not start until those changes have been reverted. +From 2.35.0, DefectDojo will perform an integrity check of the `settings_dist.py` file to ensure it has not been modified. If the user changed this file (in the past or even now) the DefectDojo instance will not start until those changes have been reverted. Any customization of variables needs to be done via environmental variables or in 'local_settings.py'. For more information check [Configuration documentation page](https://documentation.defectdojo.com/getting_started/configuration/). diff --git a/dojo/models.py b/dojo/models.py index 67f30ee20ab..e076ff7713b 100644 --- a/dojo/models.py +++ b/dojo/models.py @@ -2180,7 +2180,7 @@ def deduplication_algorithm(self): deduplicationLogger.debug(f"using DEDUPLICATION_ALGORITHM_PER_PARSER for scan_type: {self.scan_type}") deduplicationAlgorithm = settings.DEDUPLICATION_ALGORITHM_PER_PARSER[self.scan_type] else: - deduplicationLogger.debug("Section DEDUPLICATION_ALGORITHM_PER_PARSER not found in settings.dist.py") + deduplicationLogger.debug("Section DEDUPLICATION_ALGORITHM_PER_PARSER not found in settings_dist.py") deduplicationLogger.debug(f"DEDUPLICATION_ALGORITHM_PER_PARSER is: {deduplicationAlgorithm}") return deduplicationAlgorithm @@ -2199,7 +2199,7 @@ def hash_code_fields(self): else: deduplicationLogger.warning(f"test_type name {self.test_type.name} and scan_type {self.scan_type} not found in HASHCODE_FIELDS_PER_SCANNER") else: - deduplicationLogger.debug("Section HASHCODE_FIELDS_PER_SCANNER not found in settings.dist.py") + deduplicationLogger.debug("Section HASHCODE_FIELDS_PER_SCANNER not found in settings_dist.py") deduplicationLogger.debug(f"HASHCODE_FIELDS_PER_SCANNER is: {hashCodeFields}") return hashCodeFields @@ -2216,7 +2216,7 @@ def hash_code_allows_null_cwe(self): deduplicationLogger.debug(f"using HASHCODE_ALLOWS_NULL_CWE for scan_type: {self.scan_type}") hashCodeAllowsNullCwe = settings.HASHCODE_ALLOWS_NULL_CWE[self.scan_type] else: - deduplicationLogger.debug("Section HASHCODE_ALLOWS_NULL_CWE not found in settings.dist.py") + deduplicationLogger.debug("Section HASHCODE_ALLOWS_NULL_CWE not found in settings_dist.py") deduplicationLogger.debug(f"HASHCODE_ALLOWS_NULL_CWE is: {hashCodeAllowsNullCwe}") return hashCodeAllowsNullCwe diff --git a/dojo/settings/settings.py b/dojo/settings/settings.py index 9a961ca8029..58eb9852cea 100644 --- a/dojo/settings/settings.py +++ b/dojo/settings/settings.py @@ -5,6 +5,6 @@ # how to tune the configuration to your needs. include( - "settings.dist.py", + "settings_dist.py", optional("local_settings.py"), ) diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings_dist.py similarity index 99% rename from dojo/settings/settings.dist.py rename to dojo/settings/settings_dist.py index ecb67768183..dd250d4c7b8 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings_dist.py @@ -1,5 +1,5 @@ ######################################################################################################### -# It is not recommended to edit file 'settings.dist.py', for production deployments. # +# It is not recommended to edit file 'settings_dist.py', for production deployments. # # Any customization of variables need to be done via environmental variables or in 'local_settings.py'. # # For more information check https://documentation.defectdojo.com/getting_started/configuration/ # ######################################################################################################### diff --git a/dojo/settings/template-local_settings b/dojo/settings/template-local_settings index 337027bff92..077345283c1 100644 --- a/dojo/settings/template-local_settings +++ b/dojo/settings/template-local_settings @@ -1,5 +1,5 @@ # local_settings.py -# this file will be included by settings.py *after* loading settings.dist.py +# this file will be included by settings.py *after* loading settings_dist.py # this example configures the django debug toolbar and sets some loglevels to DEBUG @@ -7,7 +7,7 @@ from django.urls import re_path from django.conf.urls import include # UPDATE: Adding debug_toolbar to to INSTALLED_APPS here prevents the nginx container from generating the correct static files -# So add debug_toolbar to INSTALLED_APPS in settings.dist.py and rebuild to get started with the debug_toolbar. +# So add debug_toolbar to INSTALLED_APPS in settings_dist.py and rebuild to get started with the debug_toolbar. # Thje middleware and other config can remain in this file (local_settings.py) to avoid chance of conflicts on upgrades. INSTALLED_APPS += ( # 'debug_toolbar', diff --git a/dojo/settings/unittests.py b/dojo/settings/unittests.py index f788b717a5d..8f64d745a20 100644 --- a/dojo/settings/unittests.py +++ b/dojo/settings/unittests.py @@ -1,6 +1,6 @@ # In order to run the unit tests, it is required to create a settings file # first; -# Do so by copying the file dojo/settings/settings.dist.py to +# Do so by copying the file dojo/settings/settings_dist.py to # dojo/settings/settings.py; Otherwise, the following import will not work from .settings import * # noqa: F403 diff --git a/readme-docs/CONTRIBUTING.md b/readme-docs/CONTRIBUTING.md index 3beb9dd62d5..1fe7a91c078 100644 --- a/readme-docs/CONTRIBUTING.md +++ b/readme-docs/CONTRIBUTING.md @@ -91,7 +91,7 @@ DefectDojo. 0. In dev branch, the code should be python 3.11 compliant. -[dojo_settings]: /dojo/settings/settings.dist.py "DefectDojo settings file" +[dojo_settings]: /dojo/settings/settings_dist.py "DefectDojo settings file" [pep8]: https://www.python.org/dev/peps/pep-0008/ "PEP8" [flake8 built-in commit hooks]: https://flake8.pycqa.org/en/latest/user/using-hooks.html#built-in-hook-integration diff --git a/readme-docs/DOCKER.md b/readme-docs/DOCKER.md index a85d9f55f26..4452905436a 100644 --- a/readme-docs/DOCKER.md +++ b/readme-docs/DOCKER.md @@ -141,14 +141,14 @@ docker exec -it django-defectdojo-uwsgi-1 ./manage.py changepassword admin ``` # Logging -For docker compose release mode the log level is INFO. In the other modes the log level is DEBUG. Logging is configured in `settings.dist.py` and can be tuned using a `local_settings.py`, see [template for local_settings.py](dojo/settings/template-local_settings). For example the deduplication logger can be set to DEBUG in a local_settings.py file: +For docker compose release mode the log level is INFO. In the other modes the log level is DEBUG. Logging is configured in `settings_dist.py` and can be tuned using a `local_settings.py`, see [template for local_settings.py](dojo/settings/template-local_settings). For example the deduplication logger can be set to DEBUG in a local_settings.py file: ``` LOGGING['loggers']['dojo.specific-loggers.deduplication']['level'] = 'DEBUG' ``` -Or you can modify `settings.dist.py` directly, but this adds the risk of having conflicts when `settings.dist.py` gets updated upstream. +Or you can modify `settings_dist.py` directly, but this adds the risk of having conflicts when `settings_dist.py` gets updated upstream. ``` 'dojo.specific-loggers.deduplication': { diff --git a/ruff.toml b/ruff.toml index e81866ef214..36a779fe49c 100644 --- a/ruff.toml +++ b/ruff.toml @@ -37,7 +37,7 @@ select = [ "W", "C90", "I", - "N804", "N811", "N814", "N818", + "N804", "N811", "N814", "N818", "N999", "D2", "D3", "D402", "D403", "D405", "D406", "D407", "D408", "D409", "D410", "D411", "D412", "D413", "D416", "UP", "YTT", diff --git a/tests/Import_scanner_test.py b/tests/import_scanner_test.py similarity index 100% rename from tests/Import_scanner_test.py rename to tests/import_scanner_test.py diff --git a/unittests/scans/bandit/dd2.json b/unittests/scans/bandit/dd2.json index 59488004353..47c9714d6ff 100644 --- a/unittests/scans/bandit/dd2.json +++ b/unittests/scans/bandit/dd2.json @@ -3530,7 +3530,7 @@ "loc": 4, "nosec": 0 }, - "dojo/settings/settings.dist.py": { + "dojo/settings/settings_dist.py": { "CONFIDENCE.HIGH": 0.0, "CONFIDENCE.LOW": 0.0, "CONFIDENCE.MEDIUM": 0.0, diff --git a/unittests/scans/bandit/many_vulns.json b/unittests/scans/bandit/many_vulns.json index 6db9d9b86e7..a8a3ec27d32 100644 --- a/unittests/scans/bandit/many_vulns.json +++ b/unittests/scans/bandit/many_vulns.json @@ -2294,7 +2294,7 @@ "loc": 0, "nosec": 0 }, - "dojo/settings\\settings.dist.py": { + "dojo/settings\\settings_dist.py": { "CONFIDENCE.HIGH": 0.0, "CONFIDENCE.LOW": 0.0, "CONFIDENCE.MEDIUM": 0.0, diff --git a/unittests/scans/gitlab_sast/gl-sast-report-many-vuln_v14.json b/unittests/scans/gitlab_sast/gl-sast-report-many-vuln_v14.json index 32b01fe016c..0f9c84627b8 100644 --- a/unittests/scans/gitlab_sast/gl-sast-report-many-vuln_v14.json +++ b/unittests/scans/gitlab_sast/gl-sast-report-many-vuln_v14.json @@ -90,7 +90,7 @@ "name": "Password in URL", "message": "Password in URL", "description": "Password in URL detected; please remove and revoke it if this is a leak.", - "cve": "dojo/settings/settings.dist.py:ac48da3029b35c40a4126d516386d226bbe00c27f9d6b44834458c29ef9d8779:Password in URL", + "cve": "dojo/settings/settings_dist.py:ac48da3029b35c40a4126d516386d226bbe00c27f9d6b44834458c29ef9d8779:Password in URL", "severity": "Critical", "confidence": "Unknown", "scanner": { @@ -98,7 +98,7 @@ "name": "TruffleHog" }, "location": { - "file": "dojo/settings/settings.dist.py", + "file": "dojo/settings/settings_dist.py", "start_line": 155, "end_line": 155, "dependency": { diff --git a/unittests/scans/gitlab_sast/gl-sast-report-many-vuln_v15.json b/unittests/scans/gitlab_sast/gl-sast-report-many-vuln_v15.json index d436e275820..764e2cc1959 100644 --- a/unittests/scans/gitlab_sast/gl-sast-report-many-vuln_v15.json +++ b/unittests/scans/gitlab_sast/gl-sast-report-many-vuln_v15.json @@ -67,10 +67,10 @@ { "name": "Password in URL", "description": "Password in URL detected; please remove and revoke it if this is a leak.", - "cve": "dojo/settings/settings.dist.py:ac48da3029b35c40a4126d516386d226bbe00c27f9d6b44834458c29ef9d8779:Password in URL", + "cve": "dojo/settings/settings_dist.py:ac48da3029b35c40a4126d516386d226bbe00c27f9d6b44834458c29ef9d8779:Password in URL", "severity": "Critical", "location": { - "file": "dojo/settings/settings.dist.py", + "file": "dojo/settings/settings_dist.py", "start_line": 155, "end_line": 155, "dependency": { diff --git a/unittests/scans/horusec/horres3.json b/unittests/scans/horusec/horres3.json index 2e33335fd36..9f4cde7337e 100644 --- a/unittests/scans/horusec/horres3.json +++ b/unittests/scans/horusec/horres3.json @@ -355,7 +355,7 @@ "line": "291", "column": "45", "confidence": "MEDIUM", - "file": "dojo/settings/settings.dist.py", + "file": "dojo/settings/settings_dist.py", "code": "# Parse database connection url strings like psql://user:pass@127.0.0.1:8458/db", "details": "Password found in a hardcoded URL\nA password was found in a hardcoded URL, this can lead to not only the leak of this password but also a failure point to some more sophisticated CSRF and SSRF attacks. Check CWE-352 (https://cwe.mitre.org/data/definitions/352.html) and CWE-918 (https://cwe.mitre.org/data/definitions/918.html) for more details.", "securityTool": "HorusecEngine", @@ -403,7 +403,7 @@ "line": "254", "column": "0", "confidence": "MEDIUM", - "file": "dojo/settings/settings.dist.py", + "file": "dojo/settings/settings_dist.py", "code": "SECRET_KEY = env('DD_SECRET_KEY')", "details": "Potential Hard-coded credential\nThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. For more information checkout the CWE-798 (https://cwe.mitre.org/data/definitions/798.html) advisory.", "securityTool": "HorusecEngine", diff --git a/unittests/scans/horusec/version_2.6.3.json b/unittests/scans/horusec/version_2.6.3.json index 3256646587d..017d9c4c78a 100644 --- a/unittests/scans/horusec/version_2.6.3.json +++ b/unittests/scans/horusec/version_2.6.3.json @@ -139,7 +139,7 @@ "line": "291", "column": "45", "confidence": "MEDIUM", - "file": "dojo/settings/settings.dist.py", + "file": "dojo/settings/settings_dist.py", "code": "# Parse database connection url strings like psql://user:pass@127.0.0.1:8458/db", "details": "Password found in a hardcoded URL\nA password was found in a hardcoded URL, this can lead to not only the leak of this password but also a failure point to some more sophisticated CSRF and SSRF attacks. Check CWE-352 (https://cwe.mitre.org/data/definitions/352.html) and CWE-918 (https://cwe.mitre.org/data/definitions/918.html) for more details.", "securityTool": "HorusecEngine", @@ -403,7 +403,7 @@ "line": "254", "column": "0", "confidence": "MEDIUM", - "file": "dojo/settings/settings.dist.py", + "file": "dojo/settings/settings_dist.py", "code": "SECRET_KEY = env('DD_SECRET_KEY')", "details": "Potential Hard-coded credential\nThe software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. For more information checkout the CWE-798 (https://cwe.mitre.org/data/definitions/798.html) advisory.", "securityTool": "HorusecEngine",