Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add GLSA gentoo vulnid #9813

Merged
merged 10 commits into from
Dec 3, 2024
Merged

Conversation

manuel-sommer
Copy link
Contributor

@manuel-sommer manuel-sommer commented Mar 22, 2024

Add GLSA gentoo vulnid and logic to resolve it.

Copy link

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Sensitive Functions Analyzer 0 findings
Configured Sensitive Files Analyzer 0 findings
Sensitive Files Analyzer 1 findings

Note

🟢 Risk threshold not exceeded.

Tip

Get answers to your security questions. Add a comment in this PR starting with @DryRunSecurity. For example...

@dryrunsecurity What are common security issues with web application cookies?

Powered by DryRun Security

@manuel-sommer manuel-sommer deleted the remove_psycopg2 branch March 27, 2024 08:22
@manuel-sommer manuel-sommer restored the remove_psycopg2 branch November 16, 2024 17:52
@manuel-sommer manuel-sommer reopened this Nov 16, 2024
Copy link

dryrunsecurity bot commented Nov 16, 2024

DryRun Security Summary

The pull request primarily focuses on updates to the configuration files and vulnerability URL handling in the DefectDojo application, improving the functionality and usability of the application, particularly in the area of vulnerability management and reporting, without introducing any obvious security vulnerabilities.

Expand for full summary

Summary:

The code changes in this pull request are primarily focused on updates to the configuration files and vulnerability URL handling in the DefectDojo application. The changes do not introduce any obvious security vulnerabilities, but they are important for ensuring the proper handling and display of vulnerability information to users.

The key changes include:

  1. Update to the SHA-256 hash value of the dojo/settings/.settings.dist.py configuration file, indicating that the contents of the file have been modified.
  2. Additions to the vulnerability_url function in the display_tags.py file to handle different types of vulnerability IDs and their corresponding URL formats, such as "GLSA", "AVD", "KHV", and "C-" prefixes.
  3. Addition of a new vulnerability URL mapping for the "GLSA" (Gentoo Linux Security Advisories) vulnerability identifier in the dojo/settings/settings.dist.py configuration file.

These changes are primarily focused on improving the functionality and usability of the DefectDojo application, particularly in the area of vulnerability management and reporting. From an application security perspective, these changes do not introduce any immediate security concerns, but it is important to ensure that the new vulnerability URL mappings and handling are implemented correctly and securely.

Files Changed:

  1. dojo/settings/.settings.dist.py.sha256sum: This file contains the SHA-256 hash of the dojo/settings/.settings.dist.py configuration file. The code change updates the hash value, indicating that the contents of the configuration file have been modified.
  2. dojo/templatetags/display_tags.py: The changes in this file update the vulnerability_url function to handle different types of vulnerability IDs and their corresponding URL formats.
  3. dojo/settings/settings.dist.py: This file is a configuration file for the DefectDojo application, and the changes introduce a new vulnerability URL mapping for the "GLSA" (Gentoo Linux Security Advisories) vulnerability identifier.

Code Analysis

We ran 9 analyzers against 3 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Configured Codepaths Analyzer 3 findings

Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

@manuel-sommer manuel-sommer marked this pull request as draft November 16, 2024 17:54
@github-actions github-actions bot added the settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR label Nov 16, 2024
@manuel-sommer manuel-sommer changed the title Remove psycopg2-binary Add GLSA gentoo vulnid Nov 16, 2024
@github-actions github-actions bot added the ui label Nov 16, 2024
@manuel-sommer manuel-sommer marked this pull request as ready for review November 16, 2024 20:50
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@manuel-sommer
Copy link
Contributor Author

could we merge this please @mtesauro ?

@Maffooch Maffooch merged commit dea6e3d into DefectDojo:dev Dec 3, 2024
72 of 73 checks passed
@manuel-sommer manuel-sommer deleted the remove_psycopg2 branch December 3, 2024 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR ui
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants