Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

💄 remove unnecessary content from redhatsatellite findings #10134

Merged
merged 1 commit into from
May 8, 2024
Merged

💄 remove unnecessary content from redhatsatellite findings #10134

merged 1 commit into from
May 8, 2024

Conversation

manuel-sommer
Copy link
Contributor

self descriptive

@github-actions github-actions bot added the parser label May 7, 2024
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented May 7, 2024

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Configured Codepaths Analyzer 0 findings
Sensitive Files Analyzer 0 findings
AppSec Analyzer 0 findings
Authn/Authz Analyzer 0 findings
Secrets Analyzer 0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖.
Note that this summary is auto-generated and not meant to be a definitive list of security issues
but rather a helpful summary from a security perspective.

Summary:

The provided code change in the dojo/tools/redhatsatellite/parser.py file appears to be a bug fix or an improvement to the existing functionality of the RedHatSatelliteParser class. The changes focus on enhancing the presentation of the findings by ensuring that the bugs and module_streams fields are only included in the description of the Finding object if they have non-empty values. This helps to improve the readability and clarity of the Finding object's description.

From a security perspective, the changes do not appear to introduce any new security vulnerabilities. The parser is designed to process the output of the Red Hat Satellite tool, which is likely a trusted and secure source of data. The changes in this patch do not introduce any new attack vectors or security concerns. Additionally, the code follows good programming practices, such as using the join() method to concatenate strings and checking for non-empty values before including them in the description, which can indirectly contribute to the application's security by making the codebase easier to understand and maintain.

Files Changed:

  • dojo/tools/redhatsatellite/parser.py: The changes modify the way the bugs and module_streams fields are handled in the get_findings method of the RedHatSatelliteParser class. Previously, these fields were always included in the description of the Finding object, even if they were empty. The changes ensure that these fields are only included if they have non-empty values, improving the readability and clarity of the Finding object's description.

Powered by DryRun Security

@Maffooch Maffooch merged commit 610c900 into DefectDojo:bugfix May 8, 2024
122 checks passed
@manuel-sommer manuel-sommer deleted the lipstick_rhs branch May 8, 2024 23:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grendel513 grendel513 grendel513 approved these changes

@cneill cneill cneill approved these changes

@Maffooch Maffooch Maffooch approved these changes

@blakeaowens blakeaowens blakeaowens approved these changes

Assignees
No one assigned
Labels
parser
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@manuel-sommer @grendel513 @cneill @Maffooch @blakeaowens