Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add RLBA to vulnid #11271

Merged
merged 4 commits into from
Nov 22, 2024
Merged

add RLBA to vulnid #11271

merged 4 commits into from
Nov 22, 2024

Conversation

manuel-sommer
Copy link
Contributor

No description provided.

@github-actions github-actions bot added the settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR label Nov 15, 2024
Copy link

dryrunsecurity bot commented Nov 15, 2024

DryRun Security Summary

The pull request updates the configuration files for the DefectDojo application, including changes to vulnerability URL mappings, file upload types, and extensive options for deduplicating findings from different security scanners, all of which are aimed at improving the security-related features and functionality of the application.

Expand for full summary

Summary:

The code changes in this pull request are focused on updating the configuration files for the DefectDojo application, which is an important tool for managing and tracking security vulnerabilities. The changes include updates to the .settings.dist.py.sha256sum file, which is used to verify the integrity of the settings.dist.py configuration file, as well as direct modifications to the settings.dist.py file itself.

The changes to the settings.dist.py file are primarily related to adding new vulnerability URL mappings and updating the list of acceptable file types for file uploads. These changes are security-related features that enhance the application's ability to provide users with direct access to vulnerability details and prevent the upload of malicious files. Additionally, the code includes extensive configuration options for deduplicating findings from different security scanners, which is a crucial security feature for accurately tracking and managing security vulnerabilities.

Files Changed:

  1. dojo/settings/.settings.dist.py.sha256sum: The checksum value for the settings.dist.py file has been updated, indicating that the file has been modified. This is a routine change to ensure the integrity of the configuration file.

  2. dojo/settings/settings.dist.py: The changes in this file include:

    • Adding new mappings for various vulnerability identifiers (e.g., CVE, GHSA, OSV, PYSEC, SNYK, RUSTSEC, etc.) to their corresponding vulnerability information URLs.
    • Updating the FILE_UPLOAD_TYPES setting, which is a list of acceptable file types that can be uploaded to the application.
    • Extensive configuration options for deduplicating findings from different security scanners and customizing the hashcode generation used in the deduplication process.

These changes are focused on enhancing the security-related features and configurations of the DefectDojo application, which is an important tool for managing and tracking security vulnerabilities.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit f52f49d into DefectDojo:bugfix Nov 22, 2024
73 checks passed
@manuel-sommer manuel-sommer deleted the add_rlba branch November 22, 2024 05:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants