add permission for gitlab.

[Ma1tobiose]

fix for issue. #8434

⚠️ Note on feature completeness ⚠️

We are narrowing the scope of acceptable enhancements to DefectDojo in preparation for v3. Learn more here:
https://github.com/DefectDojo/django-DefectDojo/blob/master/readme-docs/CONTRIBUTING.md

Description

Describe the feature / bug fix implemented by this PR.
If this is a new parser, the parser guide may be worth (re)reading.

Test results

Ideally you extend the test suite in tests/ and dojo/unittests to cover the changed in this PR.
Alternatively, describe what you have and haven't tested.

Documentation

Please update any documentation when needed in the documentation folder)

Checklist

This checklist is for your information.

• Make sure to rebase your PR against the very latest dev.
• Features/Changes should be submitted against the dev.
• Bugfixes should be submitted against the bugfix branch.
• Give a meaningful name to your PR, as it may end up being used in the release notes.
• Your code is flake8 compliant.
• Your code is python 3.11 compliant.
• If this is a new feature and not a bug fix, you've included the proper documentation in the docs at https://github.com/DefectDojo/django-DefectDojo/tree/dev/docs as part of this PR.
• Model changes must include the necessary migrations in the dojo/db_migrations folder.
• Add applicable tests to the unit tests.
• Add the proper label to categorize your PR.

Extra information

Please clear everything below when submitting your pull request, it's here purely for your information.

Moderators: Labels currently accepted for PRs:

• Import Scans (for new scanners/importers)
• enhancement
• performance
• feature
• bugfix
• maintenance (a.k.a chores)
• dependencies
• New Migration (when the PR introduces a DB migration)
• settings_changes (when the PR introduces changes or new settings in settings.dist.py)

Contributors: Git Tips

Rebase on dev branch

If the dev branch has changed since you started working on it, please rebase your work after the current dev.

On your working branch mybranch:

git rebase dev mybranch

In case of conflict:

 git mergetool
 git rebase --continue

When everything's fine on your local branch, force push to your myOrigin remote:

git push myOrigin --force-with-lease

To cancel everything:

git rebase --abort

Squashing commits

git rebase -i origin/dev

• Replace pick by fixup on the commits you want squashed out
• Replace pick by reword on the first commit if you want to change the commit message
• Save the file and quit your editor

Force push to your myOrigin remote:

git push myOrigin --force-with-lease

[dryrunsecurity]

DryRun Security Summary

The pull request updates the configuration files for the DefectDojo application, including an update to the SHA-256 hash value of the .settings.dist.py configuration file template and an update to the GitLab OAuth2 scopes requested by the application.

Expand for full summary

Summary:

The changes in this pull request appear to be focused on updating the configuration files for the DefectDojo application. The changes include an update to the SHA-256 hash value of the .settings.dist.py configuration file template, as well as an update to the GitLab OAuth2 scopes requested by the application.

From a security perspective, the update to the SHA-256 hash value is a routine change to ensure the integrity of the distributed configuration files. The presence of the .sha256sum file suggests that the application or the build process includes a verification step to ensure the integrity of the distributed files, which is a good security practice.

The update to the GitLab OAuth2 scopes requested by the application is also reasonable, as the additional read_api and read_repository scopes are likely needed to support features like automatically importing projects from GitLab and importing code-related vulnerabilities. As long as the application is properly handling and securing the access tokens obtained through the GitLab OAuth2 flow, this change should not introduce any significant security risks.

Files Changed:

1. dojo/settings/.settings.dist.py.sha256sum: The SHA-256 hash value of the .settings.dist.py configuration file template has been updated from 5885fb4d328a6468766c17c54ae2d906511102cd9c79d86273e85fb24c95791b to 0bca5a500428482976edb590b239bbbcf365b568b15ba87bda74e8a16663866d. This change is a routine update to ensure the integrity of the distributed configuration files.

2. dojo/settings/settings.dist.py: The GitLab OAuth2 scope has been updated to include the read_api and read_repository scopes, in addition to the existing read_user and openid scopes. This change is likely to support features like automatically importing projects from GitLab and importing code-related vulnerabilities.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Authn/Authz Analyzer	1 finding

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved

[cneill]

Will need an update to .settings.dist.py.sha256sum before we merge

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.