Skip to content

🐛 fix typo in settings.disty.py, #10529#10534

Merged
mtesauro merged 1 commit intoDefectDojo:bugfixfrom
manuel-sommer:issue_10529
Jul 12, 2024
Merged

🐛 fix typo in settings.disty.py, #10529#10534
mtesauro merged 1 commit intoDefectDojo:bugfixfrom
manuel-sommer:issue_10529

Conversation

@manuel-sommer
Copy link
Copy Markdown
Contributor

@manuel-sommer manuel-sommer commented Jul 8, 2024

see #10529

@github-actions github-actions Bot added the settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR label Jul 8, 2024
@dryrunsecurity
Copy link
Copy Markdown

dryrunsecurity Bot commented Jul 8, 2024
edited
Loading

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Server-Side Request Forgery Analyzer 0 findings
Configured Codepaths Analyzer 0 findings
IDOR Analyzer 0 findings
Sensitive Files Analyzer 0 findings
Authn/Authz Analyzer 0 findings
Secrets Analyzer 0 findings
SQL Injection Analyzer 0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request involve updates to two files related to the configuration of the DefectDojo application. The first change updates the SHA-256 hash value for the .settings.dist.py configuration file, which is likely used to verify the integrity of the file. The second change updates the list of acceptable file types that can be uploaded to the application, correcting a typo in the .xslx extension and adding the .xlsx extension.

From an application security perspective, these changes do not introduce any obvious security vulnerabilities. However, it is important to ensure that any changes to configuration files, especially those that involve sensitive information or security-related settings, are thoroughly reviewed and tested to prevent the introduction of unintended security risks.

Additionally, the maintenance of the list of acceptable file types is an important security consideration, as it helps to mitigate the risks associated with file uploads, such as remote code execution or other types of attacks. It is recommended to periodically review and update this list as necessary to address any new threats or vulnerabilities that may arise.

Files Changed:

  1. dojo/settings/.settings.dist.py.sha256sum: This file contains a SHA-256 hash value that is used to verify the integrity of the .settings.dist.py configuration file. The patch updates the hash value from 7b3bb14160f3ffce537d75895ee18cb0a561232fa964bae88b4861f7d289b176 to cc2980f490e627893c98386347a15352f883afa4b8908d8e67b0dc126ec70f06, indicating that the .settings.dist.py file has been modified.

  2. dojo/settings/settings.dist.py: This file contains the configuration settings for the DefectDojo application. The patch updates the DD_FILE_UPLOAD_TYPES setting to include the .xlsx file extension, which was previously listed as .xslx. The .xslx extension has also been corrected to .xlsx.

Powered by DryRun Security

@mtesauro
Copy link
Copy Markdown
Contributor

mtesauro commented Jul 8, 2024

Closing and re-opening to try to make Flake8 happy.

@mtesauro mtesauro closed this Jul 8, 2024
@mtesauro mtesauro reopened this Jul 8, 2024
@mtesauro
Copy link
Copy Markdown
Contributor

mtesauro commented Jul 8, 2024

@manuel-sommer Not sure what's up with flake8-your-pr since we have a PR in bugfix to remove the need for that test now that we have ruff running.

Anyway, don't worry about making it happy for this PR.

mtesauro
mtesauro approved these changes Jul 8, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@MarMoriMem
Copy link
Copy Markdown

MarMoriMem commented Jul 9, 2024

Approved

chalkyfuller
chalkyfuller approved these changes Jul 9, 2024
View reviewed changes
Copy link
Copy Markdown

@chalkyfuller chalkyfuller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@manuel-sommer
Copy link
Copy Markdown
Contributor Author

manuel-sommer commented Jul 12, 2024

Please don't forget to merge ;-)

@mtesauro mtesauro merged commit 820f3f7 into DefectDojo:bugfix Jul 12, 2024
@manuel-sommer manuel-sommer deleted the issue_10529 branch July 15, 2024 19:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@Maffooch Maffooch Maffooch approved these changes

+4 more reviewers

@grendel513 grendel513 grendel513 approved these changes

@cneill cneill cneill approved these changes

@chalkyfuller chalkyfuller chalkyfuller approved these changes

@MarMoriMem MarMoriMem MarMoriMem approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@manuel-sommer @mtesauro @MarMoriMem @grendel513 @cneill @chalkyfuller @Maffooch