Skip to content

Add a note about Mock classes not considered for security issues #18730

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 10, 2023
Merged

Add a note about Mock classes not considered for security issues #18730

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions contributing/code/security.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ email for confirmation):
production (including the web profiler or anything enabled when ``APP_DEBUG``
is set to ``true`` or ``APP_ENV`` set to anything but ``prod``);

* Any security issues found in classes provided to help fo testing that should
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Any security issues found in classes provided to help fo testing that should
* Any security issues found in classes provided for testing that should

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed while merging. Thanks.

never be used in production (like for instance mock classes that contain
``Mock`` in their name);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest mentioning the Test namespace as well inside those braces.

Copy link
Member

@javiereguiluz javiereguiluz Aug 10, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added while merging. See ea432f9 Thanks.


* Any fix that can be classified as **security hardening** like route
enumeration, login throttling bypasses, denial of service attacks, timing
attacks, or lack of ``SensitiveParameter`` attributes.
Expand Down