Skip to content

fix(parsers): DeprecationWarning: Testing an element's truth ... #13828

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
rossops merged 1 commit into from
Dec 8, 2025
Merged

fix(parsers): DeprecationWarning: Testing an element's truth ... #13828

rossops merged 1 commit into from
Dec 8, 2025
+18 −17

Conversation

@kiblik
Copy link
Contributor

@kiblik kiblik commented Dec 5, 2025

I noticed quite a few DeprecationWarning in the test logs.

/app/dojo/tools/dependency_check/parser.py:108: DeprecationWarning: Testing an element's truth value will always return True in future versions.  Use specific 'len(elem)' or 'elem is not None' test instead.
/app/dojo/tools/dependency_check/parser.py:111: DeprecationWarning: Testing an element's truth value will always return True in future versions.  Use specific 'len(elem)' or 'elem is not None' test instead.
/app/dojo/tools/dependency_check/parser.py:169: DeprecationWarning: Testing an element's truth value will always return True in future versions.  Use specific 'len(elem)' or 'elem is not None' test instead.
/app/dojo/tools/dependency_check/parser.py:184: DeprecationWarning: Testing an element's truth value will always return True in future versions.  Use specific 'len(elem)' or 'elem is not None' test instead.
/app/dojo/tools/dependency_check/parser.py:202: DeprecationWarning: Testing an element's truth value will always return True in future versions.  Use specific 'len(elem)' or 'elem is not None' test instead.
/app/dojo/tools/dependency_check/parser.py:207: DeprecationWarning: Testing an element's truth value will always return True in future versions.  Use specific 'len(elem)' or 'elem is not None' test instead.
/app/dojo/tools/dependency_check/parser.py:283: DeprecationWarning: Testing an element's truth value will always return True in future versions.  Use specific 'len(elem)' or 'elem is not None' test instead.
/app/dojo/tools/dependency_check/parser.py:435: DeprecationWarning: Testing an element's truth value will always return True in future versions.  Use specific 'len(elem)' or 'elem is not None' test instead.
/app/dojo/tools/dependency_check/parser.py:444: DeprecationWarning: Testing an element's truth value will always return True in future versions.  Use specific 'len(elem)' or 'elem is not None' test instead.
/app/dojo/tools/dependency_check/parser.py:459: DeprecationWarning: Testing an element's truth value will always return True in future versions.  Use specific 'len(elem)' or 'elem is not None' test instead.
/app/dojo/tools/dependency_check/parser.py:482: DeprecationWarning: Testing an element's truth value will always return True in future versions.  Use specific 'len(elem)' or 'elem is not None' test instead.
/app/dojo/tools/dependency_check/parser.py:90: DeprecationWarning: Testing an element's truth value will always return True in future versions.  Use specific 'len(elem)' or 'elem is not None' test instead.
/app/dojo/tools/fortify/xml_parser.py:118: DeprecationWarning: Testing an element's truth value will always return True in future versions.  Use specific 'len(elem)' or 'elem is not None' test instead.
/app/dojo/tools/fortify/xml_parser.py:122: DeprecationWarning: Testing an element's truth value will always return True in future versions.  Use specific 'len(elem)' or 'elem is not None' test instead.
/app/dojo/tools/fortify/xml_parser.py:89: DeprecationWarning: Testing an element's truth value will always return True in future versions.  Use specific 'len(elem)' or 'elem is not None' test instead.
/app/dojo/tools/nmap/parser.py:99: DeprecationWarning: Testing an element's truth value will always return True in future versions.  Use specific 'len(elem)' or 'elem is not None' test instead.

@github-actions github-actions bot added the parser label Dec 5, 2025
@kiblik
fix(parsers): DeprecationWarning: Testing an element's truth ...
32e4e0f 
Signed-off-by: kiblik <5609770+kiblik@users.noreply.github.com>
@kiblik kiblik force-pushed the xml_DeprecationWarning branch from e851f86 to 32e4e0f Compare December 5, 2025 18:18
@dryrunsecurity
Copy link

dryrunsecurity bot commented Dec 5, 2025

DryRun Security

This pull request modifies the Dependency Check XML parser to add defensive if node is not None checks that prevent crashes but can silently skip entire sections (e.g., missing ), causing incomplete and potentially misleading reports without logging or error alerts. This lack of notification or error reporting increases the risk of unnoticed missing data in security assessments.

Incomplete Data Processing in Parser in dojo/tools/dependency_check/parser.py
Vulnerability Incomplete Data Processing in Parser
Description The parser for Dependency Check XML reports now includes if node is not None checks to prevent crashes. However, these checks, particularly for critical elements like <dependencies>, lead to silent skipping of entire sections of the report if the corresponding XML elements are missing. There is no logging or error reporting mechanism to alert the user that parts of the report were not processed, resulting in an incomplete and potentially misleading security assessment.

django-DefectDojo/dojo/tools/dependency_check/parser.py

Lines 435 to 438 in 32e4e0f

if dependencies is not None:
for dependency in dependencies.findall(namespace + "dependency"):
vulnerabilities = dependency.find(
namespace + "vulnerabilities",

All finding details can be found in the DryRun Security Dashboard.

@valentijnscholten valentijnscholten added this to the 2.54.0 milestone Dec 5, 2025
mtesauro
mtesauro approved these changes Dec 6, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@rossops rossops merged commit 4799f38 into DefectDojo:dev Dec 8, 2025
277 of 279 checks passed
@kiblik kiblik deleted the xml_DeprecationWarning branch December 8, 2025 15:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@valentijnscholten valentijnscholten valentijnscholten approved these changes

@rossops rossops rossops approved these changes

@Maffooch Maffooch Maffooch approved these changes

@Jino-T Jino-T Awaiting requested review from Jino-T

@blakeaowens blakeaowens Awaiting requested review from blakeaowens

Assignees

No one assigned

Labels

parser

Projects

None yet

Milestone

2.54.0

Development

Successfully merging this pull request may close these issues.

5 participants

@kiblik @mtesauro @valentijnscholten @rossops @Maffooch