Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(tests): Run unittests with --parallel #10408

Closed
wants to merge 5 commits into from
Closed

feat(tests): Run unittests with --parallel #10408

wants to merge 5 commits into from

Conversation

kiblik
Copy link
Contributor

@kiblik kiblik commented Jun 15, 2024
edited
Loading

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jun 15, 2024
edited
Loading

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Configured Codepaths Analyzer 0 findings
IDOR Analyzer 0 findings
Sensitive Files Analyzer 1 finding
Server-Side Request Forgery Analyzer 0 findings
SQL Injection Analyzer 0 findings
Authn/Authz Analyzer 0 findings
Secrets Analyzer 0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The changes in this pull request cover various updates and improvements to the DefectDojo application, a web-based tool for managing the software vulnerability lifecycle. The changes include updates to the project dependencies, improvements to the unit testing process, and enhancements to the handling of ZAP (Zed Attack Proxy) scan data.

Overall, the changes do not introduce any obvious security concerns. The updates to the project dependencies and the unit testing process are focused on improving the reliability and efficiency of the application, while the changes related to the handling of ZAP scan data are aimed at ensuring the security and integrity of the application's security management functionality.

However, as an application security engineer, it's important to thoroughly review the entire codebase and deployment process to ensure that best practices for application security are being followed. This includes reviewing the handling of sensitive information, such as database connection details and API documentation, and ensuring that the unit tests cover security-related aspects of the application.

Files Changed:

  1. requirements.txt: The changes include the addition of a new dependency, tblib==3.0.0, which is a Python library for serializing tracebacks. This update does not appear to introduce any significant security concerns.
  2. unittests/dojo_test_case.py: The changes introduce a new SerializeZapSample class that inherits from the SerializeMixin class, which is likely used for serializing and deserializing test data related to ZAP scans.
  3. docker/entrypoint-unit-tests-devDocker.sh: The changes include the addition of the --parallel and --shuffle options to the unit test command, which can improve the efficiency of the testing process. The script also includes some sensitive information, such as database connection details, which should be properly secured.
  4. docker/entrypoint-unit-tests.sh: The changes remove a commented-out line for running unit tests in parallel and add the --parallel option to the unit test command, which can also improve the efficiency of the testing process.
  5. unittests/test_apiv2_scan_import_options.py: The changes are focused on testing the API endpoint that handles the import of ZAP scan results, which is an important security-related functionality of the application.
  6. unittests/test_importers_importer.py: The changes involve the creation of a new SerializedTestImporterUtils class that inherits from the SerializeMixin class, which suggests that the tests may involve serializing and deserializing data.
  7. unittests/test_rest_framework.py: The changes update the ImportScanTest and ReimportScanTest classes to inherit from the SerializeZapSample class, which provides functionality related to serializing and deserializing ZAP scan samples.

Powered by DryRun Security
@kiblik kiblik force-pushed the unittests_parallel branch 2 times, most recently from 10c5d44 to 07dd2bd Compare June 18, 2024 11:22
@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.
@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 2, 2024

This pull request has conflicts, please resolve those before we can evaluate the pull request.
@kiblik kiblik mentioned this pull request Jul 2, 2024
Merged
@kiblik
Copy link
Contributor Author

kiblik commented Jul 8, 2024

Implemented in #10503
@kiblik kiblik closed this Jul 8, 2024
@kiblik kiblik deleted the unittests_parallel branch July 8, 2024 21:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
conflicts-detected docker unittests
1 participant
@kiblik