Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Api v2 jira epic engagment update #11231

Closed
wants to merge 14 commits into from
Closed

Api v2 jira epic engagment update #11231

wants to merge 14 commits into from

Conversation

raouf-haddada
Copy link
Contributor

Title: Update Jira Epic Engagement in API v2

Description:
This pull request includes updates to the Jira Epic engagement functionality in the API v2. The changes aim to improve the integration and handling of Jira Epics within the DefectDojo application.

Changes:

  • Updated the API v2 engagment endpoint to handle Jira related epic.

Engagment Edit view

Edit Engagement DefectDojo

API v2 Engagment endpint
Defect Dojo API v2

Jira Epic Update

  • Title
  • Priority
    Testing - Jira Epic

DefectDojo release bot and others added 14 commits November 4, 2024 18:06
Update versions in application files
6479fea
@rossops
Merge pull request DefectDojo#11190 from DefectDojo/master-into-dev/2…
acb9eaf 
….40.0-2.41.0-dev

Release: Merge back 2.40.0 into dev from: master-into-dev/2.40.0-2.41.0-dev
@dependabot
Bump boto3 from 1.35.53 to 1.35.54 (DefectDojo#11183)
174b022 
Bumps [boto3](https://github.com/boto/boto3) from 1.35.53 to 1.35.54.
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.35.53...1.35.54)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump ruff from 0.7.1 to 0.7.2 (DefectDojo#11184)
cb60da0 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.7.1 to 0.7.2.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.7.1...0.7.2)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump pdfmake from 0.2.14 to 0.2.15 in /components (DefectDojo#11185)
5439fca 
Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.2.14 to 0.2.15.
- [Release notes](https://github.com/bpampuch/pdfmake/releases)
- [Changelog](https://github.com/bpampuch/pdfmake/blob/0.2.15/CHANGELOG.md)
- [Commits](bpampuch/pdfmake@0.2.14...0.2.15)

---
updated-dependencies:
- dependency-name: pdfmake
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@kiblik
Ruff: Add and "fix" S104 (DefectDojo#11067)
ecf08a5
@kiblik
Ruff: Add and fix D411 (DefectDojo#11064)
08cbfda
@manuel-sommer
Ruff: Add and fix multiple flake8-use-pathlib (DefectDojo#11099)
e6447df
@kiblik @mtesauro
Ruff: Add and fix D413 (DefectDojo#11065)
eae8bad 
Co-authored-by: Matt Tesauro <[email protected]>
@kiblik @mtesauro
Ruff: Add and fix S105 (DefectDojo#11068)
1659350 
Co-authored-by: Matt Tesauro <[email protected]>
@dependabot
Bump django from 5.1.2 to 5.1.3 (DefectDojo#11197)
3f5ee0b 
Bumps [django](https://github.com/django/django) from 5.1.2 to 5.1.3.
- [Commits](django/django@5.1.2...5.1.3)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump boto3 from 1.35.54 to 1.35.55 (DefectDojo#11214)
e7f57ae 
Bumps [boto3](https://github.com/boto/boto3) from 1.35.54 to 1.35.55.
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.35.54...1.35.55)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump boto3 from 1.35.55 to 1.35.56 (DefectDojo#11223)
aa57ac6 
Bumps [boto3](https://github.com/boto/boto3) from 1.35.55 to 1.35.56.
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.35.55...1.35.56)

---
updated-dependencies:
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
API: Engagement update jira epic
341ffd9
@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The provided code changes cover a wide range of updates to the DefectDojo application, including documentation, version updates, dependency management, vulnerability parsing, file management, and unit tests, with a focus on improving the functionality, maintainability, and security of the application.

Expand for full summary

Summary:

The provided code changes cover a wide range of updates to the DefectDojo application, including documentation, version updates, dependency management, vulnerability parsing, file management, and unit tests. From an application security perspective, the changes do not appear to introduce any significant security vulnerabilities, but there are a few areas that require closer attention:

  1. Hardcoded IP Addresses: The use of hardcoded IP addresses, such as "0.0.0.0", was noted in the unit tests. While this may be acceptable in a test environment, it's important to ensure that such hardcoded values are not present in the production code, as they can lead to potential security issues.

  2. Dependency Management: The updates to the dependencies, such as Django and boto3, are a positive step towards maintaining the application's security posture. It's crucial to continue monitoring the dependencies for any known vulnerabilities and updating them in a timely manner.

  3. Vulnerability Parsing and Reporting: The changes related to the parsing and reporting of vulnerabilities from various security tools, such as Trivy, Qualys, and WhiteHat Sentinel, are important for effective vulnerability management. It's essential to ensure that the parsing process is secure and does not introduce any unintended vulnerabilities.

  4. File Management: The updates to the file management functionality, such as the use of the pathlib module and the replacement of os.remove() with Path.unlink(), are positive changes that can improve the security and reliability of the file handling processes.

  5. Deduplication: The improvements to the deduplication functionality, which aim to identify and handle duplicate findings, are an important aspect of maintaining the integrity and accuracy of the application's security data.

Overall, the provided code changes appear to be focused on improving the functionality, maintainability, and security of the DefectDojo application. While there are no immediate security concerns, it's important to continue monitoring the application's security posture and address any potential issues that may arise in the future.

Files Changed:

  1. docs/content/en/getting_started/upgrading/2.41.md: This file has been added to provide documentation for upgrading to DefectDojo version 2.41.x.
  2. dojo/__init__.py: The version number has been updated from 2.40.0 to 2.41.0-dev.
  3. components/package.json: The project version has been updated to 2.41.0-dev, and the pdfmake dependency has been updated to ^0.2.15.
  4. components/yarn.lock: The versions of several dependencies, including @foliojs-fork/fontkit, @foliojs-fork/linebreak, @foliojs-fork/pdfkit, and jpeg-exif, have been updated.
  5. dojo/api_v2/prefetch/utils.py: New utility functions have been added to determine the type of relationships between fields in a Django model.
  6. dojo/api_v2/prefetch/prefetcher.py: The code has been updated with new comments explaining the purpose of various functions.
  7. dojo/api_v2/views.py: A new action method update_jira_epic has been added to the EngagementViewSet class.
  8. dojo/api_v2/serializers.py: A new serializer called EngagementUpdateJiraEpicSerializer has been added.
  9. dojo/jira_link/helper.py: The jira_attachment function has been updated to use the pathlib module, and the update_epic function has been updated to allow setting the priority of the Jira issue.
  10. dojo/tools/intsights/parser.py: The _build_finding_description method has been updated with a more detailed docstring.
  11. dojo/tools/contrast/parser.py: The host parameter of the Endpoint object has been updated from "0.0.0.0" to "0.0.0.0".
  12. dojo/models.py: The Check_List.get_status() method has been updated to use the noqa: S105 comment, and the Endpoint.filename() method has been updated to use the pathlib module.
  13. `dojo/tools/trivy_operator/secrets_handler

Code Analysis

We ran 9 analyzers against 26 files and 2 analyzers had findings. 7 analyzers had no findings.

Analyzer Findings
Configured Codepaths Analyzer 7 findings
Sensitive Files Analyzer 2 findings

Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

@raouf-haddada raouf-haddada deleted the api-v2_jira_epic_engagment_update branch November 11, 2024 00:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
apiv2 docs helm integration_tests parser unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@raouf-haddada @rossops @kiblik @manuel-sommer