Skip to content

Finding Groups: Respect minimum severity and active/verified rules when pushing to JIRA #12475

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mtesauro merged 20 commits into from
Jul 1, 2025

rerecord

9dcf565
Select commit
Loading
Failed to load commit list.
Merged

Finding Groups: Respect minimum severity and active/verified rules when pushing to JIRA #12475

rerecord
9dcf565
Select commit
Loading
Failed to load commit list.
DryRunSecurity / Mass Assignment succeeded Jun 22, 2025 in 1s

DryRun Security

Details

Mass Assignment Analyzer Findings: 1 detected

⚠️ Potential Mass Assignment Vulnerability unittests/dojo_test_case.py (click for details)
Type Potential Mass Assignment Vulnerability
Description The code is potentially vulnerable to Mass Assignment because it uses objects.update(**{field: value}) which allows setting multiple attributes dynamically without explicit validation
Filename unittests/dojo_test_case.py
CodeLink

django-DefectDojo/unittests/dojo_test_case.py

Lines 65 to 90 in 9dcf565

return decorator
def with_system_setting(field, value):
"""Decorator to temporarily set a value in System Settings."""
def decorator(test_func):
@wraps(test_func)
def wrapper(*args, **kwargs):
old_value = getattr(System_Settings.objects.get(), field)
# Set the flag to the specified value
System_Settings.objects.update(**{field: value})
try:
return test_func(*args, **kwargs)
finally:
# Reset the flag to its original state after the test
System_Settings.objects.update(**{field: old_value})
return wrapper
return decorator
class DojoTestUtilsMixin:
def get_test_admin(self, *args, **kwargs):
View more details on DryRunSecurity