Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jira: Transition based on Name or ID #9543

Closed
wants to merge 2 commits into from

Update settings.dist.py

5ed0525
Select commit
Loading
Failed to load commit list.
Closed

Jira: Transition based on Name or ID #9543

Update settings.dist.py
5ed0525
Select commit
Loading
Failed to load commit list.
DryRunSecurity / Sensitive Functions Analyzer succeeded Feb 14, 2024 in 0s

DryRun Security

Details

Potentially Sensitive Functions: 3 detected

⚠️ Sensitive Function dojo/jira_link/helper.py (click for details)
Type Sensitive Function
Description This function retrieves the ID of a Jira transition based on its name, which is relevant to the authorization process.
File Name dojo/jira_link/helper.py
Function Name jira_get_transition_id
Code Link

django-DefectDojo/dojo/jira_link/helper.py

Lines 6 to 15 in 5ed0525

import requests
from django.conf import settings
from django.template import TemplateDoesNotExist
from django.template.loader import render_to_string
from django.utils import timezone
from jira import JIRA
from jira.exceptions import JIRAError
from dojo.models import Finding, Finding_Group, Risk_Acceptance, Stub_Finding, Test, Engagement, Product, \
JIRA_Issue, JIRA_Project, System_Settings, Notes, JIRA_Instance, User
from requests.auth import HTTPBasicAuth
⚠️ Sensitive Function dojo/jira_link/helper.py (click for details)
Type Sensitive Function
Description This function transitions a Jira issue, which is relevant to the authorization process.
File Name dojo/jira_link/helper.py
Function Name push_status_to_jira
Code Link

django-DefectDojo/dojo/jira_link/helper.py

Lines 63 to 86 in 5ed0525

jira_project = get_jira_project(instance)
# caller explicitly stated true or false (False is different from None!)
if push_to_jira_parameter is not None:
return push_to_jira_parameter
# push_to_jira was not specified, so look at push_all_issues in JIRA_Project
return jira_project.push_all_issues
def is_push_all_issues(instance):
if not is_jira_configured_and_enabled(instance):
return False
jira_project = get_jira_project(instance)
if jira_project:
return jira_project.push_all_issues
# checks if a finding can be pushed to JIRA
# optionally provides a form with the new data for the finding
# any finding that already has a JIRA issue can be pushed again to JIRA
# returns True/False, error_message, error_code
def can_be_pushed_to_jira(obj, form=None):
⚠️ Sensitive Function dojo/settings/settings.dist.py (click for details)
Type Sensitive Function
Description This function retrieves the ID of a Jira transition based on its name, which is relevant to the authorization process.
File Name dojo/settings/settings.dist.py
Function Name jira_get_transition_id
Code Link

django-DefectDojo/dojo/settings/settings.dist.py

Lines 7 to 16 in 5ed0525

from netaddr import IPNetwork, IPSet
import json
import logging
import warnings
logger = logging.getLogger(__name__)
# See https://documentation.defectdojo.com/getting_started/configuration/ for options
# how to tune the configuration to your needs.
View more details on DryRunSecurity