Release 2.39.0: Merge Bugfix into Dev

[Maffooch]

No description provided.

[dryrunsecurity]

DryRun Security Summary

The pull request includes several improvements and bug fixes related to the security analysis functionality of the application, including enhancements to the SSH Audit and Trivy parsers, as well as improved unit test coverage and configuration file integrity checks.

Expand for full summary

Summary:

The code changes in this pull request cover several improvements and bug fixes related to the security analysis functionality of the application. The changes span across various components, including the SSH Audit parser, Trivy parser, and associated unit tests.

The key highlights from a security perspective are:

1. SSH Audit Parser Enhancements: The changes to the SSHAuditParser class improve the tracking and management of identified vulnerabilities by associating the CVE information with the findings. This allows the security team to better understand the potential impact and prioritize the remediation efforts.

2. Trivy Parser Improvements: The changes to the TrivyParser class enhance the parser's ability to handle different versions and formats of the Trivy JSON report. This includes improved handling of null cluster names, extraction of various types of findings (vulnerabilities, misconfigurations, secrets, licenses), and consistent formatting of the findings' descriptions.

3. Unit Test Coverage: The changes include the addition of new unit tests for the SSHAuditParser and TrivyParser classes, which help ensure the correctness and reliability of these security-critical components.

4. Configuration File Integrity: The changes to the .settings.dist.py.sha256sum file update the SHA-256 hash value to verify the integrity of the corresponding configuration file. This is a common security practice to prevent unauthorized modifications to the application's configuration.

Overall, the changes in this pull request focus on improving the security analysis capabilities of the application, enhancing the tracking and management of identified vulnerabilities, and ensuring the robustness and reliability of the security-related components. These improvements are crucial for maintaining the overall security posture of the application.

Files Changed:

1. dojo/tools/ssh_audit/parser.py: The changes to the SSHAuditParser class improve the tracking of CVE information associated with the findings.
2. dojo/settings/settings.dist.py: The changes add a new vulnerability URL mapping for the "ALSA" vulnerability ID prefix.
3. dojo/settings/.settings.dist.py.sha256sum: The changes update the SHA-256 hash value of the .settings.dist.py configuration file.
4. dojo/api_v2/serializers.py: The changes to the FindingTemplateSerializer class enhance the handling of vulnerability IDs and tags.
5. unittests/tools/test_ssh_audit_parser.py: The changes add a new test case to ensure the correct parsing of CVE information by the SSHAuditParser.
6. unittests/tools/test_trivy_parser.py: The changes add a new test case to verify the parser's handling of a specific Trivy JSON report.
7. dojo/tools/trivy/parser.py: The changes improve the TrivyParser's ability to handle different Trivy report formats and extract more detailed security-relevant information.

Code Analysis

We ran 9 analyzers against 8 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Configured Codepaths Analyzer	1 finding

Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.