Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Async Delete: Race condition bolstering #11549

Open
wants to merge 1 commit into
base: bugfix
Choose a base branch
from
Open

Async Delete: Race condition bolstering #11549

wants to merge 1 commit into from
+13 −3

Conversation

Maffooch
Copy link
Contributor

Adding some potential guardrails for race conditions related to async delete

[sc-8961]

@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The pull request aims to improve the reliability of DefectDojo's object deletion process by updating the delete() methods of Engagement, Test, and Finding models to use the suppress() function, ensuring the application continues to function correctly when related objects are deleted asynchronously.

Expand for full summary

Summary:

The changes in this pull request are focused on improving the handling of deletion and related object deletion within the DefectDojo application. The key changes involve updating the delete() methods of the Engagement, Test, and Finding models to use the suppress() function to handle potential issues caused by asynchronous deletion of related objects. This includes wrapping calls to the calculate_grade() function in suppress() blocks to ensure that the application can continue to function correctly even when related objects, such as Product or Engagement, no longer exist.

These changes are likely aimed at improving the reliability and robustness of the application when dealing with the deletion of findings, tests, and engagements, particularly in scenarios where related objects may have been deleted asynchronously or in a separate task. From an application security perspective, these changes do not appear to introduce any new security risks, but rather focus on improving the overall stability and reliability of the application, which can indirectly improve security by ensuring that the application continues to function correctly even in the face of potential issues with related objects.

Files Changed:

  • dojo/models.py: This file contains the updates to the delete() methods of the Engagement, Test, and Finding models. The changes involve using the suppress() function to handle potential issues caused by asynchronous deletion of related objects, such as Product and Engagement. The updates are focused on improving the reliability and robustness of the application when dealing with the deletion of findings, tests, and engagements.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Maffooch