Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Jira: Add toggle to disable an existing project #11046

Merged
merged 6 commits into from
Oct 11, 2024
Merged

Jira: Add toggle to disable an existing project #11046

merged 6 commits into from
Oct 11, 2024

Conversation

Maffooch
Copy link
Contributor

After a Jira instance has been linked with a Product, it is not possible to unlink the jira instance. While it is possible to set the instance to something different, it is not possible to remove the link altogether

This PR adds a new toggle switch on the jira project form that controls if any new or existing findings can be pushed to jira:
image

[sc-7825]

@github-actions github-actions bot added New Migration Adding a new migration file. Take care when merging. helm labels Oct 10, 2024
@Maffooch Maffooch changed the base branch from master to bugfix October 10, 2024 19:56
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Oct 10, 2024
edited
Loading

DryRun Security Summary

The pull request focuses on improving the integration between the Defect Dojo application and Jira, including the addition of an "enabled" field to the Jira project model, enhanced Jira integration testing, robust Jira configuration validation, and secure Jira credential management.

Expand for full summary

Summary:

The code changes in this pull request primarily focus on improving the integration between the Defect Dojo application and Jira. The key changes include:

  1. Jira Project Enabled/Disabled: The addition of an "enabled" field to the Jira project model allows users to enable or disable the integration with a specific Jira project. This provides more granular control over the integration and can help mitigate security risks by preventing findings from being pushed to Jira when the integration is not needed.

  2. Jira Integration Testing: The changes include updates to the test suite, which add new test cases to validate the behavior of the Jira project integration, including handling cases where the integration is disabled or the Jira project configuration is invalid. This helps ensure the overall security and reliability of the Jira integration functionality.

  3. Jira Configuration Validation: The code demonstrates robust validation of the Jira project configuration, ensuring that the integration is properly set up before attempting to create or update Jira issues. This helps prevent potential issues and security vulnerabilities that could arise from improper Jira integration settings.

  4. Jira Credential Management: While not directly addressed in the code changes, the secure management of Jira credentials (API keys, tokens, etc.) is an important security consideration for the Jira integration. The application should ensure that these credentials are stored and accessed securely to prevent unauthorized access or misuse.

Overall, the changes in this pull request appear to be focused on improving the security and reliability of the Jira integration within the Defect Dojo application. The addition of the "enabled" field, the enhanced test coverage, and the Jira configuration validation are all positive steps towards maintaining a secure and well-designed application.

Files Changed:

  1. dojo/db_migrations/0217_jira_project_enabled.py: This migration adds a new "enabled" field to the "jira_project" model, allowing users to enable or disable the Jira integration for a specific project.

  2. dojo/api_v2/views.py: The changes add the "enabled" field to the JiraProjectViewSet, providing a way to control the Jira integration through the API.

  3. dojo/jira_link/helper.py: This file contains the core functionality for the Jira integration, including validation, issue management, and error handling. The changes demonstrate a well-designed and comprehensive Jira integration.

  4. dojo/forms.py: The changes update the JIRA Project configuration form to handle the new "enabled" field and ensure that the Jira settings are properly inherited from the product.

  5. unittests/dojo_test_case.py, unittests/test_jira_config_engagement.py, and unittests/test_jira_config_engagement_epic.py: These files contain updates to the test suite, adding new test cases to validate the Jira project integration functionality, including handling disabled integrations and invalid configurations.

  6. dojo/models.py: The changes add the "enabled" field to the JIRA_Project model and update the __str__ method to indicate when the connection is disabled.

Code Analysis

We ran 9 analyzers against 9 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@github-actions github-actions bot removed the helm label Oct 10, 2024
@Maffooch Maffooch added the jira label Oct 10, 2024
@github-actions github-actions bot added the apiv2 label Oct 10, 2024
@Maffooch Maffooch changed the title Jira form Jira: Add toggle to disable an existing project Oct 10, 2024
mtesauro
mtesauro approved these changes Oct 10, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

cneill
cneill reviewed Oct 10, 2024
View reviewed changes
Copy link
Contributor

@cneill cneill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small typo, otherwise looks good 👍

dojo/jira_link/helper.py Outdated Show resolved Hide resolved
@Maffooch Maffooch merged commit 58aa6ba into DefectDojo:bugfix Oct 11, 2024
73 checks passed
@Maffooch Maffooch deleted the jira-form branch October 11, 2024 15:03
pedrohdjs pushed a commit to pedrohdjs/django-DefectDojo-sorting that referenced this pull request Oct 21, 2024
@Maffooch @cneill
Jira: Add toggle to disable an existing project (DefectDojo#11046)
7db5f2e 
* Jira: Add toggle to disable an existing project

* Add help text

* Add filter for API

* Add new form element to tests

* update fixtures

* Update dojo/jira_link/helper.py

Co-authored-by: Charles Neill <[email protected]>

---------

Co-authored-by: Charles Neill <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cneill cneill cneill left review comments

@blakeaowens blakeaowens blakeaowens approved these changes

@hblankenship hblankenship hblankenship approved these changes

@mtesauro mtesauro mtesauro approved these changes

@grendel513 grendel513 grendel513 approved these changes

Assignees
No one assigned
Labels
apiv2 enhancement jira New Migration Adding a new migration file. Take care when merging. unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@Maffooch @grendel513 @cneill @mtesauro @hblankenship @blakeaowens