Skip to content

Ruff: Add PLC1901 to dojo/models #13178

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
valentijnscholten merged 2 commits into from
Sep 19, 2025

update

4783658
Select commit
Loading
Failed to load commit list.
Merged

Ruff: Add PLC1901 to dojo/models #13178

update
4783658
Select commit
Loading
Failed to load commit list.
DryRunSecurity / General Security Analyzer succeeded Sep 15, 2025 in 2s

DryRun Security

Details

General Security Analyzer Findings: 1 detected

⚠️ Potential Type Confusion (None vs. Empty String) dojo/models.py (click for details)
Type Potential Type Confusion (None vs. Empty String)
Description The clean method now explicitly converts empty string values for protocol, userinfo, path, query, and fragment to None. This change in type from an empty string to None can lead to TypeError exceptions in downstream code that expects a string and does not handle None values, potentially causing a denial of service.
Filename dojo/models.py
CodeLink

django-DefectDojo/dojo/models.py

Lines 1826 to 1841 in 4783658

errors = []
null_char_list = ["0x00", "\x00"]
db_type = connection.vendor
if self.protocol is not None:
if not re.match(r"^[A-Za-z][A-Za-z0-9\.\-\+]+$", self.protocol): # https://tools.ietf.org/html/rfc3986#section-3.1
errors.append(ValidationError(f'Protocol "{self.protocol}" has invalid format'))
if not self.protocol:
self.protocol = None
if self.userinfo is not None:
if not re.match(r"^[A-Za-z0-9\.\-_~%\!\$&\'\(\)\*\+,;=:]+$", self.userinfo): # https://tools.ietf.org/html/rfc3986#section-3.2.1
errors.append(ValidationError(f'Userinfo "{self.userinfo}" has invalid format'))
if not self.userinfo:
self.userinfo = None
if self.host:
View more details on DryRunSecurity