Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release: Merge back 2.36.2 into dev from: master-into-dev/2.36.2-2.37.0-dev #10548

Merged
merged 8 commits into from
Jul 9, 2024
Merged

Release: Merge back 2.36.2 into dev from: master-into-dev/2.36.2-2.37.0-dev #10548

merged 8 commits into from
Jul 9, 2024

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Jul 9, 2024

Release triggered by Maffooch

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jul 9, 2024
edited
Loading

DryRun Security Summary

The provided code changes include updates to the Helm chart for the DefectDojo application, a minor version update to the postgresql Helm chart dependency, and a refactoring of the filter_queryset method to get_queryset in several of the ViewSet classes, which improves the security and performance of the API.

Expand for full summary

Summary:

The provided code changes include updates to the Helm chart for the DefectDojo application, a minor version update to the postgresql Helm chart dependency, and a refactoring of the filter_queryset method to get_queryset in several of the ViewSet classes in the dojo/api_v2/views.py file.

From an application security perspective, these changes do not appear to introduce any significant security risks. The Helm chart update is a routine version bump, and the minor version update to the postgresql Helm chart dependency is unlikely to contain critical security vulnerabilities. The refactoring of the filter_queryset method to get_queryset is a positive change, as it improves the security and performance of the API by moving the filtering logic to the database level, reducing the risk of SQL injection vulnerabilities.

However, it is always important to review the release notes or commit history for the DefectDojo project to ensure there are no security fixes or improvements included in these updates. Additionally, regularly updating the Helm chart and the underlying DefectDojo application to the latest stable version is recommended to ensure you have the most up-to-date security patches and features.

Files Changed:

  1. helm/defectdojo/Chart.yaml: This file has been updated to change the version field from 1.6.139-dev to 1.6.140-dev, indicating a new version of the Helm chart. The rest of the contents remain the same.

  2. helm/defectdojo/Chart.lock: The version of the postgresql Helm chart dependency has been updated from 15.5.14 to 15.5.15, which is a minor version update.

  3. dojo/api_v2/views.py: The filter_queryset method has been replaced with get_queryset in several of the ViewSet classes, and the permission classes have been updated in some of the ViewSets to use the appropriate permissions for the actions being performed.

Code Analysis

We ran 7 analyzers against 3 files and 1 analyzer had findings. 6 analyzers had no findings.

Analyzer Findings
Authn/Authz Analyzer 19 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

Update helm lock file
bee37de 
Signed-off-by: DefectDojo <defectdojo-project@owasp.org>
@Maffooch Maffooch closed this Jul 9, 2024
@Maffooch Maffooch reopened this Jul 9, 2024
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Jul 9, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@Maffooch Maffooch merged commit 0a51a29 into dev Jul 9, 2024
123 checks passed
@Maffooch Maffooch deleted the master-into-dev/2.36.2-2.37.0-dev branch July 9, 2024 17:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
apiv2 helm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Maffooch @blakeaowens