-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(trufflehog): add link field and deduplicate issues based on it #10118
feat(trufflehog): add link field and deduplicate issues based on it #10118
Conversation
Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.
Note 🟢 Risk threshold not exceeded. Change Summary (click to expand)The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective. Summary: The code changes in this pull request are focused on enhancing the security and functionality of the DefectDojo application, a popular open-source vulnerability management tool. The changes include updates to the Trufflehog parser, which is responsible for detecting hardcoded secrets and sensitive information in Git repositories, as well as extensive modifications to the Django settings file, which configures various security-related settings, authentication options, and deduplication algorithms for the different vulnerability scanners integrated into the application. The Trufflehog parser changes improve the reporting capabilities by updating the The changes to the Django settings file cover a wide range of security-related configurations, such as enforcing HTTPS, setting HttpOnly and SameSite flags on cookies, controlling the Cross-Origin Opener Policy, and enabling various authentication options, including social authentication and SAML2. The code also introduces a comprehensive deduplication configuration system and fine-tuning of the hashcode calculation used in the deduplication process, which is crucial for maintaining the accuracy and integrity of the vulnerability data in the application. Files Changed:
Powered by DryRun Security |
d72855e
to
f2af82c
Compare
f2af82c
to
2dff9b1
Compare
As I remember, there was an idea to drop django-DefectDojo/dojo/models.py Lines 2258 to 2262 in f66e6db
Just wanted to let you know that it might not be the best idea to store this information in the URL field. |
Thanks @kiblik 🙏 I was thinking that
Instead of this, I understand that
I'm a bit confused on what field we should use to better deduplicate findings. Relying on |
I understand your question but not sure I know what would be the best now. I'm sorry. |
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
Closing as stale. Assuming they made the changes they wanted in local_settings.py |
Description
Resolving part of #10271
Please note that:
link
value)url
value (this to avoid all values being marked as duplicates, as hash calculations would be based on empty values).Checklist
This checklist is for your information.
dev
.dev
.bugfix
branch.