authorized users improvements#15065
Open
valentijnscholten wants to merge 5 commits into
Open
Conversation
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
valentijnscholten
force-pushed
the
authorized-users-improvements
branch
from
5ee9a4e to
bbcbf81
Compare
- add a Django system check (dojo.E001, Tags.security) that fails loud if any auth-filter key the OS looks up is unregistered (silent fallback / allow-all); CRITICAL_AUTH_FILTERS is drift-guarded by the registry unit test - add a scoped/no-access/superuser coverage matrix across the product-scoped object filters (engagements, tests, findings, endpoints, products, ...) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Maffooch
approved these changes
Jun 23, 2026
…lter list Remove the @register(Tags.security) _check_auth_filters_wired system check and its hardcoded CRITICAL_AUTH_FILTERS tuple. A hardcoded predefined list of critical methods just rots and drifts from reality. The dynamic test_all_looked_up_keys_are_registered guard (scans the tree for get_auth_filter() lookups and asserts each is registered) covers the same 'silent fallback' risk without any hardcoded list, so keep that and drop the list-matching test. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
dogboat
approved these changes
Jun 24, 2026
Jino-T
approved these changes
Jun 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
authorized users improvements