Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add settings #11446

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

Add settings #11446

wants to merge 1 commit into from

Conversation

FirePanda169
Copy link

@FirePanda169 FirePanda169 commented Dec 20, 2024
edited
Loading

Description

Add settings:

  • DD_DEFAULT_SCM_TYPE - default value for scm_type
  • DD_JIRA_CONNECT_METHOD - import path for jira connect method

DD_DEFAULT_SCM_TYPE makes it a little easier to work with scm-type, since most people use only one scm-type

Test results
...

@github-actions github-actions bot added the settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR label Dec 20, 2024
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Dec 20, 2024
edited
Loading

DryRun Security Summary

The pull request enhances the Dojo application's configuration by introducing new settings for SCM types, Jira connections, and HTTP request timeouts, while also updating the default SCM type handling in the user model.

Expand for full summary

Summary:

The changes in this pull request focus on enhancing the configuration and functionality of the Dojo application, particularly around the handling of SCM (Source Code Management) types and Jira connections. The changes introduce new settings, such as DD_DEFAULT_SCM_TYPE and DD_JIRA_CONNECT_METHOD, as well as a timeout setting for HTTP requests made using the "requests" library.

These changes are likely to provide more flexibility and customization options for the Dojo application, which can be beneficial for the overall user experience and application management. From an application security perspective, the changes do not appear to introduce any obvious security concerns. However, it's important to ensure that any sensitive information, such as Jira connection details, is properly secured and not exposed in the application's settings.

Files Changed:

  1. dojo/settings/settings.dist.py:

    • Two new settings are being added: DD_DEFAULT_SCM_TYPE and DD_JIRA_CONNECT_METHOD.
    • The DD_REQUESTS_TIMEOUT setting is being added to set the timeout for HTTP requests made using the "requests" library.
    • These changes aim to provide more flexibility and configuration options for the Dojo application, particularly around the handling of SCM types and Jira connections.

  2. dojo/models.py:

    • The get_scm_type method in the Dojo_User model is being updated to replace the empty string return value with the settings.DEFAULT_SCM_TYPE value.
    • This change ensures that a default SCM type is returned if no SCM type is set for the product, which can improve the overall functionality and user experience of the application.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Configured Codepaths Analyzer 1 finding

Overall Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

@FirePanda169 FirePanda169 changed the title Add settings: Add settings Dec 20, 2024
@Maffooch
Copy link
Contributor

HI @FirePanda169 I am curious about how much we would gain from short circuiting the SCM search times. If the performance gain is negligible, I am unsure if these settings will be more helpful than they would be confusing

@FirePanda169
Copy link
Author

Hi @Maffooch I checked the response time on loading 10 findings. The time is almost the same. But I don't have records in the DojoMeta model. I don't have a chance to check more thoroughly yet.

@Maffooch
Copy link
Contributor

@FirePanda169 thank you for doing the quick validation! Once you test with some DojoMeta that would trigger the code paths that these new settings are influencing, let me know what the performance savings are

Add settings:
69d6928 
* DD_SEARCH_SCM_TYPE - flag to enable/disable scm_type search
* DD_DEFAULT_SCM_TYPE - default value for scm_type
* DD_JIRA_CONNECT_METHOD - import path for jira connect method
@FirePanda169
Copy link
Author

@Maffooch, the performance gain is really insignificant, in my case it is about 50 ms - the average time of one request. I removed DD_SEARCH_SCM_TYPE.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@FirePanda169 @Maffooch