Skip to content

🎉 Add DSA vulnid#11238

Merged
mtesauro merged 5 commits intoDefectDojo:bugfixfrom
manuel-sommer:add_dsa
Nov 12, 2024
Merged

🎉 Add DSA vulnid#11238
mtesauro merged 5 commits intoDefectDojo:bugfixfrom
manuel-sommer:add_dsa

Conversation

@manuel-sommer
Copy link
Copy Markdown
Contributor

@manuel-sommer manuel-sommer commented Nov 11, 2024

No description provided.

@github-actions github-actions Bot added the settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR label Nov 11, 2024
@dryrunsecurity
Copy link
Copy Markdown

dryrunsecurity Bot commented Nov 11, 2024
edited
Loading

DryRun Security Summary

The pull request primarily focuses on updating the settings and configuration for the DefectDojo application, including adding a new URL mapping for the "DSA" vulnerability type and updating the list of acceptable file types, which are relatively minor changes that do not introduce obvious security concerns.

Expand for full summary

Summary:

The code changes in this pull request primarily focus on updating the settings and configuration for the DefectDojo application, which is an open-source vulnerability management tool. The key changes include adding a new URL mapping for the "DSA" vulnerability type and updating the list of acceptable file types that can be uploaded to the application.

From an application security perspective, these changes are relatively minor and do not introduce any obvious security concerns. The addition of the new URL mapping for the "DSA" vulnerability type is a reasonable update to provide more context and information about the vulnerability. The update to the list of acceptable file types is also a common configuration change to control the types of files that can be uploaded to the application, which helps mitigate the risk of arbitrary file uploads.

Additionally, the code change includes an update to the SHA-256 checksum file for the settings.dist.py configuration file. While the use of checksums alone does not provide comprehensive security for configuration files, it is a common practice to ensure the integrity of the configuration file. However, it is important to review the actual changes to the settings.dist.py file to ensure that they do not introduce any security vulnerabilities or expose sensitive information.

Files Changed:

  1. dojo/settings/settings.dist.py: This file has been updated to include a new URL mapping for the "DSA" vulnerability type and to update the list of acceptable file types that can be uploaded to the application.
  2. dojo/settings/.settings.dist.py.sha256sum: This file has been updated to include a new SHA-256 checksum value for the settings.dist.py configuration file.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Nov 11, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Nov 12, 2024

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Nov 12, 2024

Conflicts have been resolved. A maintainer will review the pull request shortly.

@mtesauro mtesauro merged commit 7abf301 into DefectDojo:bugfix Nov 12, 2024
@manuel-sommer manuel-sommer deleted the add_dsa branch November 12, 2024 20:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@rossops rossops rossops approved these changes

+3 more reviewers

@grendel513 grendel513 grendel513 approved these changes

@cneill cneill cneill approved these changes

@hblankenship hblankenship hblankenship approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@manuel-sommer @grendel513 @cneill @mtesauro @rossops @hblankenship