Add a note about Mock classes not considered for security issues

fabpot · fabpot · commit 4a6e6a7a21ca · 2023-08-10T11:06:16.000+02:00
diff --git a/contributing/code/security.rst b/contributing/code/security.rst
@@ -21,6 +21,10 @@ email for confirmation):
   production (including the web profiler or anything enabled when ``APP_DEBUG``
   is set to ``true`` or ``APP_ENV`` set to anything but ``prod``);
 
+* Any security issues found in classes provided to help fo testing that should
+  never be used in production (like for instance mock classes that contain
+  ``Mock`` in their name);
+
 * Any fix that can be classified as **security hardening** like route
   enumeration, login throttling bypasses, denial of service attacks, timing
   attacks, or lack of ``SensitiveParameter`` attributes.
