From d5d62965932b1f299f6b73de6d6bc35150de95ea Mon Sep 17 00:00:00 2001 From: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> Date: Mon, 2 Dec 2024 13:00:50 -0600 Subject: [PATCH 01/65] Add next version release notes --- docs/content/en/open_source/upgrading/2.42.md | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 docs/content/en/open_source/upgrading/2.42.md diff --git a/docs/content/en/open_source/upgrading/2.42.md b/docs/content/en/open_source/upgrading/2.42.md new file mode 100644 index 00000000000..c815a7794d3 --- /dev/null +++ b/docs/content/en/open_source/upgrading/2.42.md @@ -0,0 +1,7 @@ +--- +title: 'Upgrading to DefectDojo Version 2.42.x' +toc_hide: true +weight: -20241104 +description: No special instructions. +--- +There are no special instructions for upgrading to 2.42.x. Check the [Release Notes](https://github.com/DefectDojo/django-DefectDojo/releases/tag/2.42.0) for the contents of the release. From 98e438582930b8defbe101e48922ea2f5e9ac77d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 09:25:39 -0600 Subject: [PATCH 02/65] chore(deps): update dependency vite from 6.0.1 to v6.0.2 (docs/package.json) (#11351) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docs/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/package-lock.json b/docs/package-lock.json index 187c86624d8..8098ed3fdea 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -4700,9 +4700,9 @@ "license": "MIT" }, "node_modules/vite": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/vite/-/vite-6.0.1.tgz", - "integrity": "sha512-Ldn6gorLGr4mCdFnmeAOLweJxZ34HjKnDm4HGo6P66IEqTxQb36VEdFJQENKxWjupNfoIjvRUnswjn1hpYEpjQ==", + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/vite/-/vite-6.0.2.tgz", + "integrity": "sha512-XdQ+VsY2tJpBsKGs0wf3U/+azx8BBpYRHFAyKm5VeEZNOJZRB63q7Sc8Iup3k0TrN3KO6QgyzFf+opSbfY1y0g==", "dev": true, "license": "MIT", "dependencies": { From 7937be350c180b8912fb7eb59acfd1ccf0f3730b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 09:25:52 -0600 Subject: [PATCH 03/65] Bump drf-spectacular-sidecar from 2024.11.1 to 2024.12.1 (#11354) Bumps [drf-spectacular-sidecar](https://github.com/tfranzel/drf-spectacular-sidecar) from 2024.11.1 to 2024.12.1. - [Commits](https://github.com/tfranzel/drf-spectacular-sidecar/compare/2024.11.1...2024.12.1) --- updated-dependencies: - dependency-name: drf-spectacular-sidecar dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index f9c0a7d1c3e..f57795fb2a6 100644 --- a/requirements.txt +++ b/requirements.txt @@ -64,7 +64,7 @@ hyperlink==21.0.0 django-test-migrations==1.4.0 djangosaml2==1.9.3 drf-spectacular==0.27.2 -drf-spectacular-sidecar==2024.11.1 +drf-spectacular-sidecar==2024.12.1 django-ratelimit==4.1.0 argon2-cffi==23.1.0 blackduck==1.1.3 From d4a23c0a24b3a77144813bef8431850f95ad10ec Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 09:26:40 -0600 Subject: [PATCH 04/65] Bump nginx from 1.27.2-alpine to 1.27.3-alpine (#11355) Bumps nginx from 1.27.2-alpine to 1.27.3-alpine. --- updated-dependencies: - dependency-name: nginx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.nginx-alpine | 2 +- Dockerfile.nginx-debian | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.nginx-alpine b/Dockerfile.nginx-alpine index 17abb7c3f82..0355ec4c2b4 100644 --- a/Dockerfile.nginx-alpine +++ b/Dockerfile.nginx-alpine @@ -140,7 +140,7 @@ COPY manage.py ./ COPY dojo/ ./dojo/ RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true -FROM nginx:1.27.2-alpine@sha256:74175cf34632e88c6cfe206897cbfe2d2fecf9bf033c40e7f9775a3689e8adc7 +FROM nginx:1.27.3-alpine@sha256:5acf10cd305853dc2271e3c818d342f3aeb3688b1256ab8f035fda04b91ed303 ARG uid=1001 ARG appuser=defectdojo COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/ diff --git a/Dockerfile.nginx-debian b/Dockerfile.nginx-debian index b062e28e10e..aca7191e808 100644 --- a/Dockerfile.nginx-debian +++ b/Dockerfile.nginx-debian @@ -73,7 +73,7 @@ COPY dojo/ ./dojo/ RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true -FROM nginx:1.27.2-alpine@sha256:74175cf34632e88c6cfe206897cbfe2d2fecf9bf033c40e7f9775a3689e8adc7 +FROM nginx:1.27.3-alpine@sha256:5acf10cd305853dc2271e3c818d342f3aeb3688b1256ab8f035fda04b91ed303 ARG uid=1001 ARG appuser=defectdojo COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/ From dea6e3d00c0136ce77b11fc7f0b9ab3b72f0ee4e Mon Sep 17 00:00:00 2001 From: manuelsommer <47991713+manuel-sommer@users.noreply.github.com> Date: Tue, 3 Dec 2024 17:02:50 +0100 Subject: [PATCH 05/65] Add GLSA gentoo vulnid (#9813) * remove psycopg2-binary * :tada: Add GLSA vulnid * :tada: Add GLSA vulnid * update sha sum * sha sum * sha sum --- dojo/settings/.settings.dist.py.sha256sum | 2 +- dojo/settings/settings.dist.py | 1 + dojo/templatetags/display_tags.py | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/dojo/settings/.settings.dist.py.sha256sum b/dojo/settings/.settings.dist.py.sha256sum index 05823783298..2db4c82d7c6 100644 --- a/dojo/settings/.settings.dist.py.sha256sum +++ b/dojo/settings/.settings.dist.py.sha256sum @@ -1 +1 @@ -5172af16b842adfccbedc14bea15ff1da2ee45c10e129e905f156dcdffd27396 +6e88f73d9310e9da23ff2b1c5078ed40a0b604d1cbda42d4f009bc1134330c38 diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 3bc3372c130..8a88b249683 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1772,6 +1772,7 @@ def saml2_attrib_map_format(dict): "CAPEC": "https://capec.mitre.org/data/definitions/&&.html", # e.g. https://capec.mitre.org/data/definitions/157.html "CWE": "https://cwe.mitre.org/data/definitions/&&.html", # e.g. https://cwe.mitre.org/data/definitions/79.html "TEMP": "https://security-tracker.debian.org/tracker/", # e.g. https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF + "GLSA": "https://security.gentoo.org/", # e.g. https://security.gentoo.org/glsa/202409-32 "DSA": "https://security-tracker.debian.org/tracker/", # e.g. https://security-tracker.debian.org/tracker/DSA-5791-1 "RLSA": "https://errata.rockylinux.org/", # e.g. https://errata.rockylinux.org/RLSA-2024:7001 "RLBA": "https://errata.rockylinux.org/", # e.g. https://errata.rockylinux.org/RLBA-2024:6968 diff --git a/dojo/templatetags/display_tags.py b/dojo/templatetags/display_tags.py index df0ed46f538..edcc109ffbf 100644 --- a/dojo/templatetags/display_tags.py +++ b/dojo/templatetags/display_tags.py @@ -777,6 +777,8 @@ def vulnerability_url(vulnerability_id): for key in settings.VULNERABILITY_URLS: if vulnerability_id.upper().startswith(key): + if key == "GLSA": + return settings.VULNERABILITY_URLS[key] + str(vulnerability_id.replace("GLSA-", "glsa/")) if key in ["AVD", "KHV", "C-"]: return settings.VULNERABILITY_URLS[key] + str(vulnerability_id.lower()) if "&&" in settings.VULNERABILITY_URLS[key]: From b21a4046ca85a0b5c93daefbc4972a95cd4a58ff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2024 11:53:48 -0600 Subject: [PATCH 06/65] Bump boto3 from 1.35.71 to 1.35.73 (#11362) Bumps [boto3](https://github.com/boto/boto3) from 1.35.71 to 1.35.73. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.71...1.35.73) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index f57795fb2a6..c90db914837 100644 --- a/requirements.txt +++ b/requirements.txt @@ -69,7 +69,7 @@ django-ratelimit==4.1.0 argon2-cffi==23.1.0 blackduck==1.1.3 pycurl==7.45.3 # Required for Celery Broker AWS (SQS) support -boto3==1.35.71 # Required for Celery Broker AWS (SQS) support +boto3==1.35.73 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==2.2.3 fontawesomefree==6.6.0 From ea283b087e8feb048c0bfefa31c7bb103e8d8688 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 4 Dec 2024 13:22:04 -0600 Subject: [PATCH 07/65] Bump drf-spectacular from 0.27.2 to 0.28.0 (#11352) Bumps [drf-spectacular](https://github.com/tfranzel/drf-spectacular) from 0.27.2 to 0.28.0. - [Release notes](https://github.com/tfranzel/drf-spectacular/releases) - [Changelog](https://github.com/tfranzel/drf-spectacular/blob/master/CHANGELOG.rst) - [Commits](https://github.com/tfranzel/drf-spectacular/compare/0.27.2...0.28.0) --- updated-dependencies: - dependency-name: drf-spectacular dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index c90db914837..64a941b830b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -63,7 +63,7 @@ django-fieldsignals==0.7.0 hyperlink==21.0.0 django-test-migrations==1.4.0 djangosaml2==1.9.3 -drf-spectacular==0.27.2 +drf-spectacular==0.28.0 drf-spectacular-sidecar==2024.12.1 django-ratelimit==4.1.0 argon2-cffi==23.1.0 From 40942b55743fcab1d44b01a39198ec99f38ca0e5 Mon Sep 17 00:00:00 2001 From: kiblik <5609770+kiblik@users.noreply.github.com> Date: Wed, 4 Dec 2024 21:09:16 +0100 Subject: [PATCH 08/65] Ruff: Enable and fix RUF027 (#11332) --- dojo/finding/views.py | 2 +- ruff.toml | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/dojo/finding/views.py b/dojo/finding/views.py index a5d6824329c..1eaf935a15f 100644 --- a/dojo/finding/views.py +++ b/dojo/finding/views.py @@ -3010,7 +3010,7 @@ def finding_bulk_update_all(request, pid=None): success_count += 1 for error_message, error_count in error_counts.items(): - add_error_message_to_response("{error_count} finding groups could not be pushed to JIRA: {error_message}") + add_error_message_to_response(f"{error_count} finding groups could not be pushed to JIRA: {error_message}") if success_count > 0: add_success_message_to_response(f"{success_count} finding groups pushed to JIRA successfully") diff --git a/ruff.toml b/ruff.toml index e9008490a55..bdcb8d1cdb0 100644 --- a/ruff.toml +++ b/ruff.toml @@ -96,7 +96,6 @@ ignore = [ "RUF010", "RUF012", "RUF015", - "RUF027", "D205", "D211", # `one-blank-line-before-class` (D203) and `no-blank-line-before-class` (D211) are incompatible. "D212", # `multi-line-summary-first-line` (D212) and `multi-line-summary-second-line` (D213) are incompatible. From fb173d07e36d9dcf4e53c4308878f4d457be7d66 Mon Sep 17 00:00:00 2001 From: kiblik <5609770+kiblik@users.noreply.github.com> Date: Wed, 4 Dec 2024 21:09:35 +0100 Subject: [PATCH 09/65] Ruff: Enable and fix RUF010 (#11331) --- dojo/endpoint/utils.py | 4 +- dojo/endpoint/views.py | 2 +- dojo/jira_link/views.py | 2 +- dojo/models.py | 2 +- dojo/product/helpers.py | 2 +- dojo/reports/views.py | 12 ++--- dojo/tools/api_bugcrowd/importer.py | 2 +- dojo/tools/api_bugcrowd/parser.py | 2 +- dojo/tools/blackduck/parser.py | 8 ++-- .../tools/blackduck_binary_analysis/parser.py | 44 +++++++++---------- dojo/tools/cyclonedx/xml_parser.py | 2 +- dojo/tools/gosec/parser.py | 2 +- dojo/tools/sarif/parser.py | 4 +- dojo/tools/tenable/xml_format.py | 4 +- dojo/tools/veracode/json_parser.py | 4 +- dojo/user/views.py | 2 +- ruff.toml | 1 - tests/base_test_class.py | 2 +- unittests/test_deduplication_logic.py | 10 ++--- .../test_false_positive_history_logic.py | 10 ++--- unittests/test_rest_framework.py | 4 +- 21 files changed, 62 insertions(+), 63 deletions(-) diff --git a/dojo/endpoint/utils.py b/dojo/endpoint/utils.py index 0d584ff6c6c..f5f01ee4e30 100644 --- a/dojo/endpoint/utils.py +++ b/dojo/endpoint/utils.py @@ -208,8 +208,8 @@ def err_log(message, html_log, endpoint_html_log, endpoint): to_be_deleted.update(ep_ids[1:]) if change: message = "Merging Endpoints {} into '{}'".format( - [f"{str(x)} (id={x.pk})" for x in ep[1:]], - f"{str(ep[0])} (id={ep[0].pk})") + [f"{x} (id={x.pk})" for x in ep[1:]], + f"{ep[0]} (id={ep[0].pk})") html_log.append(message) logger.info(message) Endpoint_Status_model.objects\ diff --git a/dojo/endpoint/views.py b/dojo/endpoint/views.py index f7807e9b5ad..bf85092a129 100644 --- a/dojo/endpoint/views.py +++ b/dojo/endpoint/views.py @@ -503,7 +503,7 @@ def import_endpoint_meta(request, pid): endpoint_meta_import(file, product, create_endpoints, create_tags, create_dojo_meta, origin="UI", request=request) except Exception as e: logger.exception(e) - add_error_message_to_response(f"An exception error occurred during the report import:{str(e)}") + add_error_message_to_response(f"An exception error occurred during the report import:{e}") return HttpResponseRedirect(reverse("endpoint") + "?product=" + pid) add_breadcrumb(title="Endpoint Meta Importer", top_level=False, request=request) diff --git a/dojo/jira_link/views.py b/dojo/jira_link/views.py index 84d33e6ffdd..372b48fbfbe 100644 --- a/dojo/jira_link/views.py +++ b/dojo/jira_link/views.py @@ -552,7 +552,7 @@ def post(self, request, tid=None): url=request.build_absolute_uri(reverse("jira"))) return HttpResponseRedirect(reverse("jira")) except Exception as e: - add_error_message_to_response(f"Unable to delete JIRA Instance, probably because it is used by JIRA Issues: {str(e)}") + add_error_message_to_response(f"Unable to delete JIRA Instance, probably because it is used by JIRA Issues: {e}") rels = ["Previewing the relationships has been disabled.", ""] display_preview = get_setting("DELETE_PREVIEW") diff --git a/dojo/models.py b/dojo/models.py index fe48896daa6..99074a9cf3b 100644 --- a/dojo/models.py +++ b/dojo/models.py @@ -1619,7 +1619,7 @@ class Meta: ] def __str__(self): - return f"'{str(self.finding)}' on '{str(self.endpoint)}'" + return f"'{self.finding}' on '{self.endpoint}'" def copy(self, finding=None): copy = self diff --git a/dojo/product/helpers.py b/dojo/product/helpers.py index 13c512c9c90..d8285cfb92b 100644 --- a/dojo/product/helpers.py +++ b/dojo/product/helpers.py @@ -54,5 +54,5 @@ def propagate_tags_on_product_sync(product): def propagate_tags_on_object_list(object_list): for obj in object_list: if obj and obj.id is not None: - logger.debug(f"\tPropagating tags to {str(type(obj))} - {str(obj)}") + logger.debug(f"\tPropagating tags to {type(obj)} - {obj}") obj.save() diff --git a/dojo/reports/views.py b/dojo/reports/views.py index f258db9db2f..061476efe1b 100644 --- a/dojo/reports/views.py +++ b/dojo/reports/views.py @@ -876,7 +876,7 @@ def get(self, request): num_endpoints = 0 for endpoint in finding.endpoints.all(): num_endpoints += 1 - endpoint_value += f"{str(endpoint)}; " + endpoint_value += f"{endpoint}; " endpoint_value = endpoint_value.removesuffix("; ") if len(endpoint_value) > EXCEL_CHAR_LIMIT: endpoint_value = endpoint_value[:EXCEL_CHAR_LIMIT - 3] + "..." @@ -889,7 +889,7 @@ def get(self, request): if num_vulnerability_ids > 5: vulnerability_ids_value += "..." break - vulnerability_ids_value += f"{str(vulnerability_id)}; " + vulnerability_ids_value += f"{vulnerability_id}; " if finding.cve and vulnerability_ids_value.find(finding.cve) < 0: vulnerability_ids_value += finding.cve vulnerability_ids_value = vulnerability_ids_value.removesuffix("; ") @@ -902,7 +902,7 @@ def get(self, request): if num_tags > 5: tags_value += "..." break - tags_value += f"{str(tag)}; " + tags_value += f"{tag}; " tags_value = tags_value.removesuffix("; ") fields.append(tags_value) @@ -1025,7 +1025,7 @@ def get(self, request): num_endpoints = 0 for endpoint in finding.endpoints.all(): num_endpoints += 1 - endpoint_value += f"{str(endpoint)}; \n" + endpoint_value += f"{endpoint}; \n" endpoint_value = endpoint_value.removesuffix("; \n") if len(endpoint_value) > EXCEL_CHAR_LIMIT: endpoint_value = endpoint_value[:EXCEL_CHAR_LIMIT - 3] + "..." @@ -1039,7 +1039,7 @@ def get(self, request): if num_vulnerability_ids > 5: vulnerability_ids_value += "..." break - vulnerability_ids_value += f"{str(vulnerability_id)}; \n" + vulnerability_ids_value += f"{vulnerability_id}; \n" if finding.cve and vulnerability_ids_value.find(finding.cve) < 0: vulnerability_ids_value += finding.cve vulnerability_ids_value = vulnerability_ids_value.removesuffix("; \n") @@ -1048,7 +1048,7 @@ def get(self, request): # tags tags_value = "" for tag in finding.tags.all(): - tags_value += f"{str(tag)}; \n" + tags_value += f"{tag}; \n" tags_value = tags_value.removesuffix("; \n") worksheet.cell(row=row_num, column=col_num, value=tags_value) col_num += 1 diff --git a/dojo/tools/api_bugcrowd/importer.py b/dojo/tools/api_bugcrowd/importer.py index e47dba8a409..d83d1edf3cd 100644 --- a/dojo/tools/api_bugcrowd/importer.py +++ b/dojo/tools/api_bugcrowd/importer.py @@ -16,7 +16,7 @@ class BugcrowdApiImporter: def get_findings(self, test): client, config = self.prepare_client(test) logger.debug( - f"Fetching submissions program {str(config.service_key_1)} and target {str(config.service_key_2)}", + f"Fetching submissions program {config.service_key_1} and target {config.service_key_2}", ) submissions_paged = client.get_findings( diff --git a/dojo/tools/api_bugcrowd/parser.py b/dojo/tools/api_bugcrowd/parser.py index da06880fd27..1bb5a28bd37 100644 --- a/dojo/tools/api_bugcrowd/parser.py +++ b/dojo/tools/api_bugcrowd/parser.py @@ -155,7 +155,7 @@ def get_findings(self, file, test): finding.unsaved_endpoints = [bug_endpoint] except Exception as e: logger.error( - f"{str(bug_endpoint)} bug url from bugcrowd failed to parse to endpoint, error= {e}", + f"{bug_endpoint} bug url from bugcrowd failed to parse to endpoint, error= {e}", ) except ValidationError: logger.error( diff --git a/dojo/tools/blackduck/parser.py b/dojo/tools/blackduck/parser.py index a6a127fcdb3..30954bc8d87 100644 --- a/dojo/tools/blackduck/parser.py +++ b/dojo/tools/blackduck/parser.py @@ -89,10 +89,10 @@ def format_title(self, i): return f"{i.vuln_id} - {component_title}" def format_description(self, i): - description = f"Published on: {str(i.published_date)}\n\n" - description += f"Updated on: {str(i.updated_date)}\n\n" - description += f"Base score: {str(i.base_score)}\n\n" - description += f"Exploitability: {str(i.exploitability)}\n\n" + description = f"Published on: {i.published_date}\n\n" + description += f"Updated on: {i.updated_date}\n\n" + description += f"Base score: {i.base_score}\n\n" + description += f"Exploitability: {i.exploitability}\n\n" description += f"Description: {i.description}\n" return description diff --git a/dojo/tools/blackduck_binary_analysis/parser.py b/dojo/tools/blackduck_binary_analysis/parser.py index 77f9647fc6f..b0ccd0b9642 100644 --- a/dojo/tools/blackduck_binary_analysis/parser.py +++ b/dojo/tools/blackduck_binary_analysis/parser.py @@ -115,30 +115,30 @@ def format_title(self, i): return title def format_description(self, i): - description = f"CSV Result: {str(i.report_name)}\n" - description += f"Vulnerable Component: {str(i.component)}\n" - description += f"Vulnerable Component Version in Use: {str(i.version)}\n" - description += f"Vulnerable Component Latest Version: {str(i.latest_version)}\n" - description += f"Matching Type: {str(i.matching_type)}\n" - description += f"Object Name: {str(i.object_name)}\n" - description += f"Object Extraction Path: {str(i.object_full_path)}\n" - description += f"Object Compilation Date: {str(i.object_compilation_date)}\n" - description += f"Object SHA1: {str(i.object_sha1)}\n" - description += f"CVE: {str(i.cve)}\n" - description += f"CVE Publication Date: {str(i.cve_publication_date)}\n" - description += f"Distribution Package: {str(i.distribution_package)}\n" - description += f"Missing Exploit Mitigations: {str(i.missing_exploit_mitigations)}\n" - description += f"BDSA: {str(i.bdsa)}\n" - description += f"Summary:\n{str(i.summary)}\n" - description += f"Note Type:\n{str(i.note_type)}\n" - description += f"Note Reason:\n{str(i.note_reason)}\n" - description += f"Triage Vectors:\n{str(i.triage_vectors)}\n" - description += f"Unresolving Triage Vectors:\n{str(i.triage_vectors)}\n" + description = f"CSV Result: {i.report_name}\n" + description += f"Vulnerable Component: {i.component}\n" + description += f"Vulnerable Component Version in Use: {i.version}\n" + description += f"Vulnerable Component Latest Version: {i.latest_version}\n" + description += f"Matching Type: {i.matching_type}\n" + description += f"Object Name: {i.object_name}\n" + description += f"Object Extraction Path: {i.object_full_path}\n" + description += f"Object Compilation Date: {i.object_compilation_date}\n" + description += f"Object SHA1: {i.object_sha1}\n" + description += f"CVE: {i.cve}\n" + description += f"CVE Publication Date: {i.cve_publication_date}\n" + description += f"Distribution Package: {i.distribution_package}\n" + description += f"Missing Exploit Mitigations: {i.missing_exploit_mitigations}\n" + description += f"BDSA: {i.bdsa}\n" + description += f"Summary:\n{i.summary}\n" + description += f"Note Type:\n{i.note_type}\n" + description += f"Note Reason:\n{i.note_reason}\n" + description += f"Triage Vectors:\n{i.triage_vectors}\n" + description += f"Unresolving Triage Vectors:\n{i.triage_vectors}\n" return description def format_mitigation(self, i): - return f"Upgrade {str(i.component)} to latest version: {str(i.latest_version)}.\n" + return f"Upgrade {i.component} to latest version: {i.latest_version}.\n" def format_impact(self, i): impact = "The use of vulnerable third-party open source software in applications can have numerous negative impacts:\n\n" @@ -150,7 +150,7 @@ def format_impact(self, i): return impact def format_references(self, i): - references = f"BDSA: {str(i.bdsa)}\n" - references += f"NIST CVE Details: {str(i.vulnerability_url)}\n" + references = f"BDSA: {i.bdsa}\n" + references += f"NIST CVE Details: {i.vulnerability_url}\n" return references diff --git a/dojo/tools/cyclonedx/xml_parser.py b/dojo/tools/cyclonedx/xml_parser.py index 70682c0c6a8..55aa4995356 100644 --- a/dojo/tools/cyclonedx/xml_parser.py +++ b/dojo/tools/cyclonedx/xml_parser.py @@ -104,7 +104,7 @@ def manage_vulnerability_legacy( [ f"**Ref:** {ref}", f"**Id:** {vuln_id}", - f"**Severity:** {str(severity)}", + f"**Severity:** {severity}", ], ) if component_name is None: diff --git a/dojo/tools/gosec/parser.py b/dojo/tools/gosec/parser.py index 20ccbcae062..d7e32f46a85 100644 --- a/dojo/tools/gosec/parser.py +++ b/dojo/tools/gosec/parser.py @@ -34,7 +34,7 @@ def get_findings(self, filename, test): # Finding details information findingdetail += f"Filename: {filename}\n\n" - findingdetail += f"Line number: {str(line)}\n\n" + findingdetail += f"Line number: {line}\n\n" findingdetail += f"Issue Confidence: {scanner_confidence}\n\n" findingdetail += "Code:\n\n" findingdetail += "```{}```".format(item["code"]) diff --git a/dojo/tools/sarif/parser.py b/dojo/tools/sarif/parser.py index aa3d878ffb4..a2436e1c856 100644 --- a/dojo/tools/sarif/parser.py +++ b/dojo/tools/sarif/parser.py @@ -241,10 +241,10 @@ def get_codeFlowsDescription(codeFlows): snippet = "" if "startLine" in region: - start_line = f":L{str(region.get('startLine'))}" + start_line = f":L{region.get('startLine')}" if "startColumn" in region: - start_column = f":C{str(region.get('startColumn'))}" + start_column = f":C{region.get('startColumn')}" if "snippet" in region: snippet = f"\t-\t{region.get('snippet').get('text')}" diff --git a/dojo/tools/tenable/xml_format.py b/dojo/tools/tenable/xml_format.py index ae63151ec5a..045a17e0c37 100644 --- a/dojo/tools/tenable/xml_format.py +++ b/dojo/tools/tenable/xml_format.py @@ -112,8 +112,8 @@ def get_findings(self, filename: str, test: Test) -> list: item.find("plugin_output"), ) if plugin_output_element_text is not None: - plugin_output = f"Plugin Output: {ip}{str(f':{port}' if port is not None else '')}" - plugin_output += f"\n```\n{str(plugin_output_element_text)}\n```\n\n" + plugin_output = f"Plugin Output: {ip}{f':{port}' if port is not None else ''}" + plugin_output += f"\n```\n{plugin_output_element_text}\n```\n\n" description += plugin_output # Determine the severity diff --git a/dojo/tools/veracode/json_parser.py b/dojo/tools/veracode/json_parser.py index b873ada3531..fe5c2ccddd2 100644 --- a/dojo/tools/veracode/json_parser.py +++ b/dojo/tools/veracode/json_parser.py @@ -129,7 +129,7 @@ def create_finding_from_details(self, finding_details, scan_type, policy_violate if uncleaned_cvss.startswith(("CVSS:3.1/", "CVSS:3.0/")): finding.cvssv3 = CVSS3(str(uncleaned_cvss)).clean_vector(output_prefix=True) elif not uncleaned_cvss.startswith("CVSS"): - finding.cvssv3 = CVSS3(f"CVSS:3.1/{str(uncleaned_cvss)}").clean_vector(output_prefix=True) + finding.cvssv3 = CVSS3(f"CVSS:3.1/{uncleaned_cvss}").clean_vector(output_prefix=True) elif isinstance(uncleaned_cvss, float | int): finding.cvssv3_score = float(uncleaned_cvss) # Fill in extra info based on the scan type @@ -238,7 +238,7 @@ def add_sca_details(self, finding, finding_details, backup_title=None) -> Findin # See if the CVSS has already been set. If not, use the one here if not finding.cvssv3: if cvss_vector := cve_dict.get("cvss3", {}).get("vector"): - finding.cvssv3 = CVSS3(f"CVSS:3.1/{str(cvss_vector)}").clean_vector(output_prefix=True) + finding.cvssv3 = CVSS3(f"CVSS:3.1/{cvss_vector}").clean_vector(output_prefix=True) # Put the product ID in the metadata if product_id := finding_details.get("product_id"): finding.description += f"**Product ID**: {product_id}\n" diff --git a/dojo/user/views.py b/dojo/user/views.py index 0f8914e4adf..44ba788253b 100644 --- a/dojo/user/views.py +++ b/dojo/user/views.py @@ -647,7 +647,7 @@ def clean(self): connection.open() connection.close() except Exception as e: - logger.error(f"SMTP Server Connection Failure: {str(e)}") + logger.error(f"SMTP Server Connection Failure: {e}") msg = "SMTP server is not configured correctly..." raise ValidationError(msg) diff --git a/ruff.toml b/ruff.toml index bdcb8d1cdb0..24f642c22cc 100644 --- a/ruff.toml +++ b/ruff.toml @@ -93,7 +93,6 @@ ignore = [ "SIM115", "SIM116", "SIM117", - "RUF010", "RUF012", "RUF015", "D205", diff --git a/tests/base_test_class.py b/tests/base_test_class.py index c4b056503a6..2e1f6477358 100644 --- a/tests/base_test_class.py +++ b/tests/base_test_class.py @@ -338,7 +338,7 @@ def enable_github(self): def set_block_execution(self, block_execution=True): # we set the admin user (ourselves) to have block_execution checked # this will force dedupe to happen synchronously, among other things like notifications, rules, ... - logger.info(f"setting block execution to: {str(block_execution)}") + logger.info(f"setting block execution to: {block_execution}") driver = self.driver driver.get(self.base_url + "profile") if ( diff --git a/unittests/test_deduplication_logic.py b/unittests/test_deduplication_logic.py index ef1d91a0d53..319c0761312 100644 --- a/unittests/test_deduplication_logic.py +++ b/unittests/test_deduplication_logic.py @@ -1158,12 +1158,12 @@ def log_findings(self, findings): else: logger.debug("\t\t" + "findings:") for finding in findings: - logger.debug(f"\t\t\t{str(finding.id):4.4}" + ': "' + f"{finding.title:20.20}" + '": ' + f"{finding.severity:5.5}" + ": act: " + f"{str(finding.active):5.5}" - + ": ver: " + f"{str(finding.verified):5.5}" + ": mit: " + f"{str(finding.is_mitigated):5.5}" - + ": dup: " + f"{str(finding.duplicate):5.5}" + ": dup_id: " - + (f"{str(finding.duplicate_finding.id):4.4}" if finding.duplicate_finding else "None") + ": hash_code: " + str(finding.hash_code) + logger.debug(f"\t\t\t{finding.id!s:4.4}" + ': "' + f"{finding.title:20.20}" + '": ' + f"{finding.severity:5.5}" + ": act: " + f"{finding.active!s:5.5}" + + ": ver: " + f"{finding.verified!s:5.5}" + ": mit: " + f"{finding.is_mitigated!s:5.5}" + + ": dup: " + f"{finding.duplicate!s:5.5}" + ": dup_id: " + + (f"{finding.duplicate_finding.id!s:4.4}" if finding.duplicate_finding else "None") + ": hash_code: " + str(finding.hash_code) + ": eps: " + str(finding.endpoints.count()) + ": notes: " + str([n.id for n in finding.notes.all()]) - + ": uid: " + f"{str(finding.unique_id_from_tool):5.5}" + (" fp" if finding.false_p else ""), + + ": uid: " + f"{finding.unique_id_from_tool!s:5.5}" + (" fp" if finding.false_p else ""), ) logger.debug("\t\tendpoints") diff --git a/unittests/test_false_positive_history_logic.py b/unittests/test_false_positive_history_logic.py index c4d939fbc42..04fca655b58 100644 --- a/unittests/test_false_positive_history_logic.py +++ b/unittests/test_false_positive_history_logic.py @@ -1678,12 +1678,12 @@ def log_findings(self, findings): else: logger.debug("\t\t" + "findings:") for finding in findings: - logger.debug(f"\t\t\t{str(finding.id):4.4}" + ': "' + f"{finding.title:20.20}" + '": ' + f"{finding.severity:5.5}" + ": act: " + f"{str(finding.active):5.5}" - + ": ver: " + f"{str(finding.verified):5.5}" + ": mit: " + f"{str(finding.is_mitigated):5.5}" - + ": dup: " + f"{str(finding.duplicate):5.5}" + ": dup_id: " - + (f"{str(finding.duplicate_finding.id):4.4}" if finding.duplicate_finding else "None") + ": hash_code: " + str(finding.hash_code) + logger.debug(f"\t\t\t{finding.id!s:4.4}" + ': "' + f"{finding.title:20.20}" + '": ' + f"{finding.severity:5.5}" + ": act: " + f"{finding.active!s:5.5}" + + ": ver: " + f"{finding.verified!s:5.5}" + ": mit: " + f"{finding.is_mitigated!s:5.5}" + + ": dup: " + f"{finding.duplicate!s:5.5}" + ": dup_id: " + + (f"{finding.duplicate_finding.id!s:4.4}" if finding.duplicate_finding else "None") + ": hash_code: " + str(finding.hash_code) + ": eps: " + str(finding.endpoints.count()) + ": notes: " + str([n.id for n in finding.notes.all()]) - + ": uid: " + f"{str(finding.unique_id_from_tool):5.5}" + (" fp" if finding.false_p else ""), + + ": uid: " + f"{finding.unique_id_from_tool!s:5.5}" + (" fp" if finding.false_p else ""), ) logger.debug("\t\tendpoints") diff --git a/unittests/test_rest_framework.py b/unittests/test_rest_framework.py index 5a600315536..fa30780c922 100644 --- a/unittests/test_rest_framework.py +++ b/unittests/test_rest_framework.py @@ -1119,7 +1119,7 @@ def test_request_response_post_and_download(self): # Test the creation for level in self.url_levels: length = FileUpload.objects.count() - with open(f"{str(self.path)}/scans/acunetix/one_finding.xml", encoding="utf-8") as testfile: + with open(f"{self.path}/scans/acunetix/one_finding.xml", encoding="utf-8") as testfile: payload = { "title": level, "file": testfile, @@ -1131,7 +1131,7 @@ def test_request_response_post_and_download(self): self.url_levels[level] = response.data.get("id") # Test the download - file_data = Path(f"{str(self.path)}/scans/acunetix/one_finding.xml").read_text(encoding="utf-8") + file_data = Path(f"{self.path}/scans/acunetix/one_finding.xml").read_text(encoding="utf-8") for level, file_id in self.url_levels.items(): response = self.client.get(f"/api/v2/{level}/files/download/{file_id}/") self.assertEqual(200, response.status_code) From 64f4da701e754c7611100d4d66caefd1f5860a3d Mon Sep 17 00:00:00 2001 From: valentijnscholten Date: Wed, 4 Dec 2024 21:10:07 +0100 Subject: [PATCH 10/65] Update 2.36.md to fix typo's in version number (#11319) --- docs/content/en/open_source/upgrading/2.36.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/en/open_source/upgrading/2.36.md b/docs/content/en/open_source/upgrading/2.36.md index ceaa8c77d14..86671001e0d 100644 --- a/docs/content/en/open_source/upgrading/2.36.md +++ b/docs/content/en/open_source/upgrading/2.36.md @@ -5,7 +5,7 @@ weight: -20240603 description: Breaking Change for HELM deployments with PostgreSQL --- -Previous HELM deployments (HELM chart `<=1.6.136`, DefectDojo `<=2.35.4`) used a pinned version of PostgreSQL in versions `11.x`. These are incompatible with Django in version `4.2` (used from DefectDojo version `3.36.0`; HELM chart `1.6.137`). Because of this, it is necessary to upgrade PostgreSQL to version `12.x` or higher. DefectDojo in version `3.36.1` (HELM chart `1.6.138`) uses this new version of PostgreSQL. +Previous HELM deployments (HELM chart `<=1.6.136`, DefectDojo `<=2.35.4`) used a pinned version of PostgreSQL in versions `11.x`. These are incompatible with Django in version `4.2` (used from DefectDojo version `2.36.0`; HELM chart `1.6.137`). Because of this, it is necessary to upgrade PostgreSQL to version `12.x` or higher. DefectDojo in version `2.36.1` (HELM chart `1.6.138`) uses this new version of PostgreSQL. Unfortunately, an upgrade of PostgreSQL is not enough because PostgreSQL does not support automatic migration of data structures in the filesystem. Because of this, migration is needed. There are different ways (many of them similar to migration between different database backends (e.g. from MySQL to PostgreSQL)). Please find inspiration and the best fitting way for you in: From b201a19cfe7b45dcf1051ba7e9ced1cb811f505e Mon Sep 17 00:00:00 2001 From: kiblik <5609770+kiblik@users.noreply.github.com> Date: Wed, 4 Dec 2024 21:10:24 +0100 Subject: [PATCH 11/65] fix(ruff): Fix RUF039 for v0.8.0 (#11326) --- dojo/management/commands/rename_mend_findings.py | 4 ++-- dojo/tools/appcheck_web_application_scanner/engines/base.py | 2 +- dojo/tools/burp_enterprise/parser.py | 2 +- dojo/tools/burp_graphql/parser.py | 2 +- dojo/tools/microfocus_webinspect/parser.py | 2 +- dojo/tools/nexpose/parser.py | 2 +- dojo/tools/npm_audit/parser.py | 2 +- dojo/tools/qualys_webapp/parser.py | 2 +- dojo/tools/sarif/parser.py | 2 +- dojo/tools/sonarqube/soprasteria_helper.py | 2 +- dojo/tools/trivy_operator/uniform_vulnid.py | 4 ++-- dojo/tools/veracode/xml_parser.py | 2 +- dojo/tools/wapiti/parser.py | 2 +- dojo/user/validators.py | 4 ++-- requirements-lint.txt | 2 +- tests/Import_scanner_test.py | 6 +++--- 16 files changed, 21 insertions(+), 21 deletions(-) diff --git a/dojo/management/commands/rename_mend_findings.py b/dojo/management/commands/rename_mend_findings.py index 1620e5ce93b..f99f35a8027 100644 --- a/dojo/management/commands/rename_mend_findings.py +++ b/dojo/management/commands/rename_mend_findings.py @@ -33,8 +33,8 @@ def rename_mend_finding(): logger.info("######## Updating Hashcodes - deduplication is done in the background upon finding save ########") for finding in findings: logger.info("Updating Mend Finding with id: %d", finding.id) - lib_name_begin = re.search("\\*\\*Library Filename\\*\\* : ", finding.description).span(0)[1] - lib_name_end = re.search("\\*\\*Library Description\\*\\*", finding.description).span(0)[0] + lib_name_begin = re.search(r"\*\*Library Filename\*\* : ", finding.description).span(0)[1] + lib_name_end = re.search(r"\*\*Library Description\*\*", finding.description).span(0)[0] lib_name = finding.description[lib_name_begin:lib_name_end - 1] if finding.cve is None: finding.title = "CVE-None | " + lib_name diff --git a/dojo/tools/appcheck_web_application_scanner/engines/base.py b/dojo/tools/appcheck_web_application_scanner/engines/base.py index e07433c2946..84523b90435 100644 --- a/dojo/tools/appcheck_web_application_scanner/engines/base.py +++ b/dojo/tools/appcheck_web_application_scanner/engines/base.py @@ -205,7 +205,7 @@ def parse_initial_date(self, finding: Finding, value: str) -> None: ##### # For parsing CVEs ##### - CVE_PATTERN = re.compile("CVE-[0-9]+-[0-9]+", re.IGNORECASE) + CVE_PATTERN = re.compile(r"CVE-[0-9]+-[0-9]+", re.IGNORECASE) def is_cve(self, c: str) -> bool: return bool(c and isinstance(c, str) and self.CVE_PATTERN.fullmatch(c)) diff --git a/dojo/tools/burp_enterprise/parser.py b/dojo/tools/burp_enterprise/parser.py index 052d8a80f84..58b2a5a6ea6 100644 --- a/dojo/tools/burp_enterprise/parser.py +++ b/dojo/tools/burp_enterprise/parser.py @@ -162,7 +162,7 @@ def _set_or_append_content(self, finding_details: dict, header: str, div_element cleaned_item = item.split(":")[0] if ( finding_details["cwe"] is None - and (cwe_search := re.search("CWE-([0-9]*)", cleaned_item, re.IGNORECASE)) + and (cwe_search := re.search(r"CWE-([0-9]*)", cleaned_item, re.IGNORECASE)) ): finding_details["cwe"] = int(cwe_search.group(1)) if "vulnerability_ids" not in finding_details: diff --git a/dojo/tools/burp_graphql/parser.py b/dojo/tools/burp_graphql/parser.py index 9b37760e2a8..11df852dc54 100644 --- a/dojo/tools/burp_graphql/parser.py +++ b/dojo/tools/burp_graphql/parser.py @@ -219,7 +219,7 @@ def parse_evidence(self, evidence): def get_cwe(self, cwe_html): # Match only the first CWE! - cweSearch = re.search("CWE-([0-9]*)", cwe_html, re.IGNORECASE) + cweSearch = re.search(r"CWE-([0-9]*)", cwe_html, re.IGNORECASE) if cweSearch: return cweSearch.group(1) return 0 diff --git a/dojo/tools/microfocus_webinspect/parser.py b/dojo/tools/microfocus_webinspect/parser.py index bf4475580d0..df1b4f84bac 100644 --- a/dojo/tools/microfocus_webinspect/parser.py +++ b/dojo/tools/microfocus_webinspect/parser.py @@ -111,7 +111,7 @@ def convert_severity(val): @staticmethod def get_cwe(val): # Match only the first CWE! - cweSearch = re.search("CWE-(\\d+)", val, re.IGNORECASE) + cweSearch = re.search(r"CWE-(\d+)", val, re.IGNORECASE) if cweSearch: return int(cweSearch.group(1)) return 0 diff --git a/dojo/tools/nexpose/parser.py b/dojo/tools/nexpose/parser.py index d6b63c66c8a..08916d42901 100644 --- a/dojo/tools/nexpose/parser.py +++ b/dojo/tools/nexpose/parser.py @@ -265,7 +265,7 @@ def get_items(self, tree, vulns, test): "severity": "Info", "tags": [ re.sub( - "[^A-Za-z0-9]+", + r"[^A-Za-z0-9]+", "-", service.get("name").lower(), ).rstrip("-"), diff --git a/dojo/tools/npm_audit/parser.py b/dojo/tools/npm_audit/parser.py index 6296477a971..186f133e6ab 100644 --- a/dojo/tools/npm_audit/parser.py +++ b/dojo/tools/npm_audit/parser.py @@ -66,7 +66,7 @@ def censor_path_hashes(path): if not path: return None - return re.sub("[a-f0-9]{64}", "censored_by_npm_audit", path) + return re.sub(r"[a-f0-9]{64}", "censored_by_npm_audit", path) def get_item(item_node, test): diff --git a/dojo/tools/qualys_webapp/parser.py b/dojo/tools/qualys_webapp/parser.py index 825d55b531a..989e5ba48cd 100644 --- a/dojo/tools/qualys_webapp/parser.py +++ b/dojo/tools/qualys_webapp/parser.py @@ -34,7 +34,7 @@ def truncate_str(value: str, maxlen: int): # Parse 'CWE-XXXX' format to strip just the numbers def get_cwe(cwe): - cweSearch = re.search("CWE-([0-9]*)", cwe, re.IGNORECASE) + cweSearch = re.search(r"CWE-([0-9]*)", cwe, re.IGNORECASE) if cweSearch: return cweSearch.group(1) return 0 diff --git a/dojo/tools/sarif/parser.py b/dojo/tools/sarif/parser.py index a2436e1c856..4c539583564 100644 --- a/dojo/tools/sarif/parser.py +++ b/dojo/tools/sarif/parser.py @@ -156,7 +156,7 @@ def get_message_from_multiformatMessageString(data, rule): def cve_try(val): # Match only the first CVE! - cveSearch = re.search("(CVE-[0-9]+-[0-9]+)", val, re.IGNORECASE) + cveSearch = re.search(r"(CVE-[0-9]+-[0-9]+)", val, re.IGNORECASE) if cveSearch: return cveSearch.group(1).upper() return None diff --git a/dojo/tools/sonarqube/soprasteria_helper.py b/dojo/tools/sonarqube/soprasteria_helper.py index 2e7259e6376..63b59607e6a 100644 --- a/dojo/tools/sonarqube/soprasteria_helper.py +++ b/dojo/tools/sonarqube/soprasteria_helper.py @@ -41,7 +41,7 @@ def get_references(self, rule_name, vuln_details): def get_cwe(self, vuln_references): # Match only the first CWE! - cweSearch = re.search("CWE-([0-9]*)", vuln_references, re.IGNORECASE) + cweSearch = re.search(r"CWE-([0-9]*)", vuln_references, re.IGNORECASE) if cweSearch: return cweSearch.group(1) return 0 diff --git a/dojo/tools/trivy_operator/uniform_vulnid.py b/dojo/tools/trivy_operator/uniform_vulnid.py index b3aae5055e4..b03ef9acbed 100644 --- a/dojo/tools/trivy_operator/uniform_vulnid.py +++ b/dojo/tools/trivy_operator/uniform_vulnid.py @@ -8,12 +8,12 @@ def return_uniformed_vulnid(self, vulnid): if "cve" in vulnid.lower(): return vulnid if "khv" in vulnid.lower(): - temp = re.compile("([a-zA-Z-_]+)([0-9]+)") + temp = re.compile(r"([a-zA-Z-_]+)([0-9]+)") number = str(temp.match(vulnid).groups()[1]).zfill(3) avd_category = str(temp.match(vulnid.lower()).groups()[0]) return avd_category.upper() + number if "ksv" in vulnid.lower() or "kcv" in vulnid.lower(): - temp = re.compile("([a-zA-Z-_]+)([0-9]+)") + temp = re.compile(r"([a-zA-Z-_]+)([0-9]+)") number = str(temp.match(vulnid).groups()[1]).zfill(4) avd_category = str(temp.match(vulnid.lower().replace("_", "").replace("-", "")).groups()[0].replace("avd", "")) return "AVD-" + avd_category.upper() + "-" + number diff --git a/dojo/tools/veracode/xml_parser.py b/dojo/tools/veracode/xml_parser.py index 17061402d6f..1e53b5545c4 100644 --- a/dojo/tools/veracode/xml_parser.py +++ b/dojo/tools/veracode/xml_parser.py @@ -271,7 +271,7 @@ def __xml_dynamic_flaw_to_finding( @staticmethod def _get_cwe(val): # Match only the first CWE! - cweSearch = re.search("CWE-(\\d+)", val, re.IGNORECASE) + cweSearch = re.search(r"CWE-(\d+)", val, re.IGNORECASE) if cweSearch: return int(cweSearch.group(1)) return None diff --git a/dojo/tools/wapiti/parser.py b/dojo/tools/wapiti/parser.py index 335281b9701..591ae3a390b 100644 --- a/dojo/tools/wapiti/parser.py +++ b/dojo/tools/wapiti/parser.py @@ -104,7 +104,7 @@ def get_findings(self, file, test): @staticmethod def get_cwe(val): # Match only the first CWE! - cweSearch = re.search("CWE-(\\d+)", val, re.IGNORECASE) + cweSearch = re.search(r"CWE-(\d+)", val, re.IGNORECASE) if cweSearch: return int(cweSearch.group(1)) return None diff --git a/dojo/user/validators.py b/dojo/user/validators.py index 83ee954419e..f6b665bc1c2 100644 --- a/dojo/user/validators.py +++ b/dojo/user/validators.py @@ -45,7 +45,7 @@ def get_help_text(self): class UppercaseValidator: def validate(self, password, user=None): - if not re.findall("[A-Z]", password) and get_system_setting("uppercase_character_required"): + if not re.findall(r"[A-Z]", password) and get_system_setting("uppercase_character_required"): raise ValidationError( self.get_help_text(), code="password_no_upper") @@ -57,7 +57,7 @@ def get_help_text(self): class LowercaseValidator: def validate(self, password, user=None): - if not re.findall("[a-z]", password) and get_system_setting("lowercase_character_required"): + if not re.findall(r"[a-z]", password) and get_system_setting("lowercase_character_required"): raise ValidationError( self.get_help_text(), code="password_no_lower") diff --git a/requirements-lint.txt b/requirements-lint.txt index 6821d390595..25336e7513c 100644 --- a/requirements-lint.txt +++ b/requirements-lint.txt @@ -1 +1 @@ -ruff==0.7.4 +ruff==0.8.0 diff --git a/tests/Import_scanner_test.py b/tests/Import_scanner_test.py index 737b48bdcf0..07da3dfc125 100644 --- a/tests/Import_scanner_test.py +++ b/tests/Import_scanner_test.py @@ -145,8 +145,8 @@ def test_engagement_import_scan_result(self): options_text = [scan.strip() for scan in options_text] mod_options = options_text - mod_options = [re.sub(" Scanner", "", scan) for scan in mod_options] - mod_options = [re.sub(" Scan", "", scan) for scan in mod_options] + mod_options = [re.sub(r" Scanner", "", scan) for scan in mod_options] + mod_options = [re.sub(r" Scan", "", scan) for scan in mod_options] mod_options = [scan.lower().replace("-", " ").replace(".", "") for scan in mod_options] acronyms = [] @@ -199,7 +199,7 @@ def test_engagement_import_scan_result(self): driver.find_element(By.ID, "id_file").send_keys(test_location) driver.find_element(By.CSS_SELECTOR, "input.btn.btn-primary").click() EngagementTXT = "".join(driver.find_element(By.TAG_NAME, "BODY").text).split("\n") - reg = re.compile("processed, a total of") + reg = re.compile(r"processed, a total of") matches = list(filter(reg.search, EngagementTXT)) if len(matches) != 1: failed_tests += [test.upper() + " - " + case + ": Not imported"] From 5cff5bc16a048273760e5e128005889a99902a7f Mon Sep 17 00:00:00 2001 From: Harold Blankenship <36673698+hblankenship@users.noreply.github.com> Date: Wed, 4 Dec 2024 16:12:25 -0600 Subject: [PATCH 12/65] Add Filters to the Products under View Product Type (#11321) * initial add of filters * remove unneeded things * mostly the same * small tweaks * fix access error * fix access error add product --------- Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> --- dojo/product_type/views.py | 11 +++++--- dojo/templates/dojo/view_product_type.html | 31 +++++++++++++--------- 2 files changed, 27 insertions(+), 15 deletions(-) diff --git a/dojo/product_type/views.py b/dojo/product_type/views.py index 8d731245ddc..e011ee4fb93 100644 --- a/dojo/product_type/views.py +++ b/dojo/product_type/views.py @@ -13,7 +13,7 @@ from dojo.authorization.authorization import user_has_permission from dojo.authorization.authorization_decorators import user_has_global_permission, user_is_authorized from dojo.authorization.roles_permissions import Permissions -from dojo.filters import ProductTypeFilter +from dojo.filters import ProductFilter, ProductFilterWithoutObjectLookups, ProductTypeFilter from dojo.forms import ( Add_Product_Type_GroupForm, Add_Product_Type_MemberForm, @@ -38,6 +38,7 @@ async_delete, get_page_items, get_setting, + get_system_setting, is_title_in_breadcrumbs, ) @@ -51,7 +52,6 @@ def product_type(request): - prod_types = get_authorized_product_types(Permissions.Product_Type_View) name_words = prod_types.values_list("name", flat=True) @@ -123,12 +123,17 @@ def view_product_type(request, ptid): groups = get_authorized_groups_for_product_type(pt, Permissions.Product_Type_View) global_groups = get_authorized_global_groups_for_product_type(pt, Permissions.Product_Type_View) products = get_authorized_products(Permissions.Product_View).filter(prod_type=pt) - products = get_page_items(request, products, 25) + filter_string_matching = get_system_setting("filter_string_matching", False) + filter_class = ProductFilterWithoutObjectLookups if filter_string_matching else ProductFilter + prod_filter = filter_class(request.GET, queryset=products, user=request.user) + products = get_page_items(request, prod_filter.qs, 25) + add_breadcrumb(title=page_name, top_level=False, request=request) return render(request, "dojo/view_product_type.html", { "name": page_name, "pt": pt, "products": products, + "prod_filter": prod_filter, "groups": groups, "members": members, "global_groups": global_groups, diff --git a/dojo/templates/dojo/view_product_type.html b/dojo/templates/dojo/view_product_type.html index 70e5058350a..4cff7efa44f 100644 --- a/dojo/templates/dojo/view_product_type.html +++ b/dojo/templates/dojo/view_product_type.html @@ -54,24 +54,28 @@

{% trans "Description" %}

{% trans "Products" %}

- {% if pt|has_object_permission:"Product_Type_Add_Product" %} - {% endif %}
+
+ {% include "dojo/filter_snippet.html" with form=prod_filter.form %} +
{% if products %}
{% include "dojo/paging_snippet.html" with page=products page_size=True %} @@ -325,3 +329,6 @@

{% endblock %} +{% block postscript %} + {% include "dojo/filter_js_snippet.html" %} +{% endblock %} \ No newline at end of file From 4e2bb7567185136424579f9077bfbfaef78c683c Mon Sep 17 00:00:00 2001 From: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> Date: Thu, 5 Dec 2024 09:44:41 -0600 Subject: [PATCH 13/65] Fix ruff --- dojo/pipeline.py | 2 +- dojo/tools/crashtest_security/parser.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/dojo/pipeline.py b/dojo/pipeline.py index befabc0e836..91dc1500089 100644 --- a/dojo/pipeline.py +++ b/dojo/pipeline.py @@ -107,7 +107,7 @@ def update_azure_groups(backend, uid, user=None, social=None, *args, **kwargs): def is_group_id(group): - return bool(re.search("^[a-zA-Z0-9]{8,}-[a-zA-Z0-9]{4,}-[a-zA-Z0-9]{4,}-[a-zA-Z0-9]{4,}-[a-zA-Z0-9]{12,}$", group)) + return bool(re.search(r"^[a-zA-Z0-9]{8,}-[a-zA-Z0-9]{4,}-[a-zA-Z0-9]{4,}-[a-zA-Z0-9]{4,}-[a-zA-Z0-9]{12,}$", group)) def assign_user_to_groups(user, group_names, social_provider): diff --git a/dojo/tools/crashtest_security/parser.py b/dojo/tools/crashtest_security/parser.py index deedb916b81..a12c194723a 100644 --- a/dojo/tools/crashtest_security/parser.py +++ b/dojo/tools/crashtest_security/parser.py @@ -185,7 +185,7 @@ def get_items(self, tree, test): title = re.sub(r" \([0-9]*\)$", "", title) # Attache CVEs - vulnerability_id = re.findall("CVE-\\d{4}-\\d{4,10}", title)[0] if "CVE" in title else None + vulnerability_id = re.findall(r"CVE-\d{4}-\d{4,10}", title)[0] if "CVE" in title else None description = failure.get("message") severity = failure.get("type").capitalize() From 80100266fddadd57154c7ef1e0346dc720462821 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 15:21:05 -0600 Subject: [PATCH 14/65] Bump django from 5.1.3 to 5.1.4 (#11378) Bumps [django](https://github.com/django/django) from 5.1.3 to 5.1.4. - [Commits](https://github.com/django/django/compare/5.1.3...5.1.4) --- updated-dependencies: - dependency-name: django dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 64a941b830b..aed73abc166 100644 --- a/requirements.txt +++ b/requirements.txt @@ -21,7 +21,7 @@ django-slack==5.19.0 git+https://github.com/DefectDojo/django-tagging@develop#egg=django-tagging django-watson==1.6.3 django-prometheus==2.3.1 -Django==5.1.3 +Django==5.1.4 djangorestframework==3.15.2 html2text==2024.2.26 humanize==4.11.0 From cffd271e480a4be91377cd757e458606c195470a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Dec 2024 15:42:11 -0600 Subject: [PATCH 15/65] Bump redis from 5.2.0 to 5.2.1 (#11381) Bumps [redis](https://github.com/redis/redis-py) from 5.2.0 to 5.2.1. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](https://github.com/redis/redis-py/compare/v5.2.0...v5.2.1) --- updated-dependencies: - dependency-name: redis dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index aed73abc166..611a97a568d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -35,7 +35,7 @@ psycopg[c]==3.2.3 cryptography==44.0.0 python-dateutil==2.9.0.post0 pytz==2024.2 -redis==5.2.0 +redis==5.2.1 requests==2.32.3 sqlalchemy==2.0.36 # Required by Celery broker transport urllib3==1.26.18 From 6ea595b3c499a5fc8e2087d80c0b1e66533c3a3b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 7 Dec 2024 21:41:19 -0600 Subject: [PATCH 16/65] chore(deps): update dependency prettier from 3.4.1 to v3.4.2 (docs/package.json) (#11370) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docs/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/package-lock.json b/docs/package-lock.json index 8098ed3fdea..31918f3249a 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -3986,9 +3986,9 @@ "license": "MIT" }, "node_modules/prettier": { - "version": "3.4.1", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.4.1.tgz", - "integrity": "sha512-G+YdqtITVZmOJje6QkXQWzl3fSfMxFwm1tjTyo9exhkmWSqC4Yhd1+lug++IlR2mvRVAxEDDWYkQdeSztajqgg==", + "version": "3.4.2", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.4.2.tgz", + "integrity": "sha512-e9MewbtFo+Fevyuxn/4rrcDAaq0IYxPGLvObpQjiZBMAzB9IGmzlnG9RZy3FFas+eBMu2vA0CszMeduow5dIuQ==", "dev": true, "license": "MIT", "bin": { From 95bb5d6a0d1ceb31bc5b9ba2f06f8f019c692ded Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 7 Dec 2024 21:47:12 -0600 Subject: [PATCH 17/65] chore(deps): update nginx/nginx-prometheus-exporter docker tag from 1.3.0 to v1.4.0 (helm/defectdojo/values.yaml) (#11373) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm/defectdojo/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml index 8cd5d0aca3b..2683f52c012 100644 --- a/helm/defectdojo/values.yaml +++ b/helm/defectdojo/values.yaml @@ -125,7 +125,7 @@ monitoring: # Add the nginx prometheus exporter sidecar prometheus: enabled: false - image: nginx/nginx-prometheus-exporter:1.3.0 + image: nginx/nginx-prometheus-exporter:1.4.0 imagePullPolicy: IfNotPresent annotations: {} From 0fd3fc70aa55eb0b0e715827cf5dbe5e7a454f5a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 7 Dec 2024 21:47:31 -0600 Subject: [PATCH 18/65] fix(deps): update dependency @tabler/icons from 3.23.0 to v3.24.0 (docs/package.json) (#11360) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docs/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/package-lock.json b/docs/package-lock.json index 31918f3249a..a7c37a7df7c 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -2394,9 +2394,9 @@ } }, "node_modules/@tabler/icons": { - "version": "3.23.0", - "resolved": "https://registry.npmjs.org/@tabler/icons/-/icons-3.23.0.tgz", - "integrity": "sha512-Cz+X58jfRm0g/KcupXXuPw5knj671lNR054AnmLXvCjudiQBWI0wZulDDSsqDoGezvBzMTNPQtNcjLkZs82ZxQ==", + "version": "3.24.0", + "resolved": "https://registry.npmjs.org/@tabler/icons/-/icons-3.24.0.tgz", + "integrity": "sha512-qNis9e90QcdxAGV3wNIeX0Ba2R7ktm0cnqOToKHJfC2kj3fvJwEVLsw63K0/fm7NW8rSZjDSTQRmMnSg8g/wrg==", "license": "MIT", "funding": { "type": "github", From fd55fc893bb5ddb4f587fb920ee5ad25f607c3d5 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 7 Dec 2024 21:49:01 -0600 Subject: [PATCH 19/65] chore(deps): update actions/configure-pages action from v4 to v5 (.github/workflows/gh-pages.yml) (#11329) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/gh-pages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index 8cabeeb588f..3bddb3d96b8 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -41,7 +41,7 @@ jobs: - name: Setup Pages id: pages - uses: actions/configure-pages@v4 + uses: actions/configure-pages@v5 - name: Install dependencies run: cd docs && npm ci From 4641b125e22ce925b93ae56402da014e2f9494f3 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 7 Dec 2024 21:49:50 -0600 Subject: [PATCH 20/65] chore(deps): update dependency vite from 6.0.2 to v6.0.3 (docs/package.json) (#11380) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docs/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/package-lock.json b/docs/package-lock.json index a7c37a7df7c..5755bac0791 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -4700,9 +4700,9 @@ "license": "MIT" }, "node_modules/vite": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/vite/-/vite-6.0.2.tgz", - "integrity": "sha512-XdQ+VsY2tJpBsKGs0wf3U/+azx8BBpYRHFAyKm5VeEZNOJZRB63q7Sc8Iup3k0TrN3KO6QgyzFf+opSbfY1y0g==", + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/vite/-/vite-6.0.3.tgz", + "integrity": "sha512-Cmuo5P0ENTN6HxLSo6IHsjCLn/81Vgrp81oaiFFMRa8gGDj5xEjIcEpf2ZymZtZR8oU0P2JX5WuUp/rlXcHkAw==", "dev": true, "license": "MIT", "dependencies": { From ac84d3fd45307e34700855658fefcfc8699bfd08 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 7 Dec 2024 21:51:16 -0600 Subject: [PATCH 21/65] Bump boto3 from 1.35.73 to 1.35.76 (#11377) Bumps [boto3](https://github.com/boto/boto3) from 1.35.73 to 1.35.76. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.73...1.35.76) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 611a97a568d..5b0a0a91015 100644 --- a/requirements.txt +++ b/requirements.txt @@ -69,7 +69,7 @@ django-ratelimit==4.1.0 argon2-cffi==23.1.0 blackduck==1.1.3 pycurl==7.45.3 # Required for Celery Broker AWS (SQS) support -boto3==1.35.73 # Required for Celery Broker AWS (SQS) support +boto3==1.35.76 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==2.2.3 fontawesomefree==6.6.0 From 86e6ea11cf85071fe12cf5b0f402d9d088d237bd Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Mon, 9 Dec 2024 16:33:47 +0000 Subject: [PATCH 22/65] Update versions in application files --- components/package.json | 2 +- dojo/__init__.py | 2 +- helm/defectdojo/Chart.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/package.json b/components/package.json index b8cfcf4669d..febe451775d 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.41.1", + "version": "2.42.0-dev", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index f8e01957497..033e2fc2894 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa: F401 -__version__ = "2.41.1" +__version__ = "2.42.0-dev" __url__ = "https://github.com/DefectDojo/django-DefectDojo" __docs__ = "https://documentation.defectdojo.com" diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index e8a60ef015f..d7568f8d5d8 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.41.1" +appVersion: "2.42.0-dev" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.163 +version: 1.6.164-dev icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap From 70941b06add06157b01f654d3f9407c56bd30592 Mon Sep 17 00:00:00 2001 From: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> Date: Mon, 9 Dec 2024 11:22:37 -0600 Subject: [PATCH 23/65] Removing dupes --- dojo/settings/settings.dist.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index b73e88b84e5..5daf5f2cfdf 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1768,9 +1768,7 @@ def saml2_attrib_map_format(dict): "KHV": "https://avd.aquasec.com/misconfig/kubernetes/", # e.g. https://avd.aquasec.com/misconfig/kubernetes/khv045 "CAPEC": "https://capec.mitre.org/data/definitions/&&.html", # e.g. https://capec.mitre.org/data/definitions/157.html "CWE": "https://cwe.mitre.org/data/definitions/&&.html", # e.g. https://cwe.mitre.org/data/definitions/79.html - "TEMP": "https://security-tracker.debian.org/tracker/", # e.g. https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF "GLSA": "https://security.gentoo.org/", # e.g. https://security.gentoo.org/glsa/202409-32 - "DSA": "https://security-tracker.debian.org/tracker/", # e.g. https://security-tracker.debian.org/tracker/DSA-5791-1 "RLSA": "https://errata.rockylinux.org/", # e.g. https://errata.rockylinux.org/RLSA-2024:7001 "RLBA": "https://errata.rockylinux.org/", # e.g. https://errata.rockylinux.org/RLBA-2024:6968 } From 99c101f8f8ba6c092d671c3de492bd0a7d74ae56 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 11 Dec 2024 14:10:11 -0600 Subject: [PATCH 24/65] chore(deps): update postgres:17.2-alpine docker digest from 17.2 to 17.2-alpine (docker-compose.yml) (#11397) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index aac7a98f7ba..5c47181b35c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -103,7 +103,7 @@ services: source: ./docker/extra_settings target: /app/docker/extra_settings postgres: - image: postgres:17.2-alpine@sha256:e7897baa70dae1968d23d785adb4aeb699175e0bcaae44f98a7083ecb9668b93 + image: postgres:17.2-alpine@sha256:d37d2c160d34430877c802e5adc22824a2ad453499db9bab1a2ceb2be6c1a46f environment: POSTGRES_DB: ${DD_DATABASE_NAME:-defectdojo} POSTGRES_USER: ${DD_DATABASE_USER:-defectdojo} From 61fa3ff20c776eb90ef7306fe60abfec6bad0d20 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Dec 2024 14:15:35 -0600 Subject: [PATCH 25/65] Bump nginx from `5acf10c` to `4152318` (#11391) Bumps nginx from `5acf10c` to `4152318`. --- updated-dependencies: - dependency-name: nginx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.nginx-alpine | 2 +- Dockerfile.nginx-debian | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.nginx-alpine b/Dockerfile.nginx-alpine index 0355ec4c2b4..9c266b9734a 100644 --- a/Dockerfile.nginx-alpine +++ b/Dockerfile.nginx-alpine @@ -140,7 +140,7 @@ COPY manage.py ./ COPY dojo/ ./dojo/ RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true -FROM nginx:1.27.3-alpine@sha256:5acf10cd305853dc2271e3c818d342f3aeb3688b1256ab8f035fda04b91ed303 +FROM nginx:1.27.3-alpine@sha256:41523187cf7d7a2f2677a80609d9caa14388bf5c1fbca9c410ba3de602aaaab4 ARG uid=1001 ARG appuser=defectdojo COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/ diff --git a/Dockerfile.nginx-debian b/Dockerfile.nginx-debian index aca7191e808..f55d77bfe8f 100644 --- a/Dockerfile.nginx-debian +++ b/Dockerfile.nginx-debian @@ -73,7 +73,7 @@ COPY dojo/ ./dojo/ RUN env DD_SECRET_KEY='.' python3 manage.py collectstatic --noinput && true -FROM nginx:1.27.3-alpine@sha256:5acf10cd305853dc2271e3c818d342f3aeb3688b1256ab8f035fda04b91ed303 +FROM nginx:1.27.3-alpine@sha256:41523187cf7d7a2f2677a80609d9caa14388bf5c1fbca9c410ba3de602aaaab4 ARG uid=1001 ARG appuser=defectdojo COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/ From b466f44ba8678d3a2869bf280b887d434365e217 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 11 Dec 2024 14:17:29 -0600 Subject: [PATCH 26/65] Bump boto3 from 1.35.76 to 1.35.78 (#11407) Bumps [boto3](https://github.com/boto/boto3) from 1.35.76 to 1.35.78. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.76...1.35.78) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 5b0a0a91015..20e31134df3 100644 --- a/requirements.txt +++ b/requirements.txt @@ -69,7 +69,7 @@ django-ratelimit==4.1.0 argon2-cffi==23.1.0 blackduck==1.1.3 pycurl==7.45.3 # Required for Celery Broker AWS (SQS) support -boto3==1.35.76 # Required for Celery Broker AWS (SQS) support +boto3==1.35.78 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==2.2.3 fontawesomefree==6.6.0 From 890b6cbf40e79665cb95dca8843908c31dceb26b Mon Sep 17 00:00:00 2001 From: kiblik <5609770+kiblik@users.noreply.github.com> Date: Wed, 11 Dec 2024 21:21:54 +0100 Subject: [PATCH 27/65] feat(GHA): Add digest pinning (#11364) --- .../build-docker-images-for-testing.yml | 8 ++++---- .../workflows/cancel-outdated-workflow-runs.yml | 2 +- .github/workflows/detect-merge-conflicts.yaml | 2 +- .github/workflows/fetch-oas.yml | 4 ++-- .github/workflows/gh-pages.yml | 12 ++++++------ .github/workflows/integration-tests.yml | 4 ++-- .github/workflows/k8s-tests.yml | 6 +++--- .github/workflows/plantuml.yml | 4 ++-- .github/workflows/pr-labeler.yml | 2 +- .github/workflows/release-1-create-pr.yml | 8 ++++---- .github/workflows/release-2-tag-docker-push.yml | 2 +- .github/workflows/release-3-master-into-dev.yml | 16 ++++++++-------- .github/workflows/release-drafter.yml | 8 ++++---- .../release-x-manual-docker-containers.yml | 10 +++++----- .../workflows/release-x-manual-helm-chart.yml | 8 ++++---- .github/workflows/release_drafter_valentijn.yml | 2 +- .github/workflows/rest-framework-tests.yml | 4 ++-- .github/workflows/ruff.yml | 2 +- .github/workflows/shellcheck.yml | 2 +- .github/workflows/test-helm-chart.yml | 8 ++++---- 20 files changed, 57 insertions(+), 57 deletions(-) diff --git a/.github/workflows/build-docker-images-for-testing.yml b/.github/workflows/build-docker-images-for-testing.yml index cd9c549494e..4d052bf1a47 100644 --- a/.github/workflows/build-docker-images-for-testing.yml +++ b/.github/workflows/build-docker-images-for-testing.yml @@ -19,7 +19,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -28,14 +28,14 @@ jobs: run: echo "IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 with: buildkitd-flags: --debug driver-opts: image=moby/buildkit:master # needed to get the fix for https://github.com/moby/buildkit/issues/2426 - name: Build id: docker_build - uses: docker/build-push-action@v6 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 timeout-minutes: 10 env: DOCKER_BUILD_CHECKS_ANNOTATIONS: false @@ -49,7 +49,7 @@ jobs: # export docker images to be used in next jobs below - name: Upload image ${{ matrix.docker-image }} as artifact timeout-minutes: 10 - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: built-docker-image-${{ matrix.docker-image }}-${{ matrix.os }} path: ${{ matrix.docker-image }}-${{ matrix.os }}_img diff --git a/.github/workflows/cancel-outdated-workflow-runs.yml b/.github/workflows/cancel-outdated-workflow-runs.yml index d9e0ec074ad..1f984efa2ea 100644 --- a/.github/workflows/cancel-outdated-workflow-runs.yml +++ b/.github/workflows/cancel-outdated-workflow-runs.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 3 steps: - - uses: styfle/cancel-workflow-action@0.12.1 + - uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # 0.12.1 with: workflow_id: 'integration-tests.yml,k8s-testing.yml,unit-tests.yml' access_token: ${{ github.token }} diff --git a/.github/workflows/detect-merge-conflicts.yaml b/.github/workflows/detect-merge-conflicts.yaml index 83041158702..934543cec4e 100644 --- a/.github/workflows/detect-merge-conflicts.yaml +++ b/.github/workflows/detect-merge-conflicts.yaml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - name: check if prs are conflicted - uses: eps1lon/actions-label-merge-conflict@v3 + uses: eps1lon/actions-label-merge-conflict@1b1b1fcde06a9b3d089f3464c96417961dde1168 # v3.0.2 with: dirtyLabel: "conflicts-detected" repoToken: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/fetch-oas.yml b/.github/workflows/fetch-oas.yml index 5ec0aa9abad..5257e92aab3 100644 --- a/.github/workflows/fetch-oas.yml +++ b/.github/workflows/fetch-oas.yml @@ -22,7 +22,7 @@ jobs: file-type: [yaml, json] steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: release/${{ env.release_version }} @@ -51,7 +51,7 @@ jobs: run: docker compose down - name: Upload oas.${{ matrix.file-type }} as artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 with: name: oas-${{ matrix.file-type }} path: oas.${{ matrix.file-type }} diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index f78d3881264..4f25a4b3d89 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -13,18 +13,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Setup Hugo - uses: peaceiris/actions-hugo@v3 + uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0 with: hugo-version: '0.125.3' extended: true - name: Setup Node - uses: actions/setup-node@v4 + uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: '22.5.1' - name: Cache dependencies - uses: actions/cache@v4 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} @@ -32,14 +32,14 @@ jobs: ${{ runner.os }}-node- - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: submodules: recursive fetch-depth: 0 - name: Setup Pages id: pages - uses: actions/configure-pages@v5 + uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0 - use this after https://github.com/DefectDojo/django-DefectDojo/pull/11329 - name: Install dependencies run: cd docs && npm ci @@ -51,7 +51,7 @@ jobs: run: cd docs && hugo --minify --gc --config config/production/hugo.toml - name: Deploy - uses: peaceiris/actions-gh-pages@v4 + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0 with: # publishes to the `gh-pages` branch by default github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: ./docs/public diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index cd8d8072377..c60cb6f3403 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -41,11 +41,11 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 # load docker images from build jobs - name: Load images from artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: built-docker-image pattern: built-docker-image-* diff --git a/.github/workflows/k8s-tests.yml b/.github/workflows/k8s-tests.yml index a4feb77273f..3f169002efb 100644 --- a/.github/workflows/k8s-tests.yml +++ b/.github/workflows/k8s-tests.yml @@ -32,10 +32,10 @@ jobs: os: debian steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Minikube - uses: manusa/actions-setup-minikube@v2.13.0 + uses: manusa/actions-setup-minikube@0e8062ceff873bd77979f39cf8fd3621416afe4d # v2.13.0 with: minikube version: 'v1.33.1' kubernetes version: ${{ matrix.k8s }} @@ -48,7 +48,7 @@ jobs: minikube status - name: Load images from artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: built-docker-image pattern: built-docker-image-* diff --git a/.github/workflows/plantuml.yml b/.github/workflows/plantuml.yml index 5fa308ffb41..6beb590899b 100644 --- a/.github/workflows/plantuml.yml +++ b/.github/workflows/plantuml.yml @@ -13,7 +13,7 @@ jobs: UML_FILES: ".puml" steps: - name: Checkout Source - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false @@ -33,7 +33,7 @@ jobs: with: args: -v -tpng ${{ steps.getfile.outputs.files }} - name: Push Local Changes - uses: stefanzweifel/git-auto-commit-action@v5.0.1 + uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1 with: commit_user_name: "PlantUML_bot" commit_user_email: "noreply@defectdojo.org" diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml index 34a31a0cab2..cde6795db05 100644 --- a/.github/workflows/pr-labeler.yml +++ b/.github/workflows/pr-labeler.yml @@ -15,7 +15,7 @@ jobs: name: "Autolabeler" runs-on: ubuntu-latest steps: - - uses: actions/labeler@v5 + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 with: repo-token: "${{ secrets.GITHUB_TOKEN }}" sync-labels: true diff --git a/.github/workflows/release-1-create-pr.yml b/.github/workflows/release-1-create-pr.yml index c93b1d0ee69..5b65c02ec93 100644 --- a/.github/workflows/release-1-create-pr.yml +++ b/.github/workflows/release-1-create-pr.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Checkout from_branch branch - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.inputs.from_branch }} @@ -45,7 +45,7 @@ jobs: run: git push origin HEAD:${NEW_BRANCH} - name: Checkout release branch - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ env.NEW_BRANCH }} @@ -75,7 +75,7 @@ jobs: grep -H version helm/defectdojo/Chart.yaml - name: Push version changes - uses: stefanzweifel/git-auto-commit-action@v5.0.1 + uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1 with: commit_user_name: "${{ env.GIT_USERNAME }}" commit_user_email: "${{ env.GIT_EMAIL }}" @@ -88,7 +88,7 @@ jobs: - name: Create Pull Request env: REPO_ORG: ${{ env.repoorg }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/release-2-tag-docker-push.yml b/.github/workflows/release-2-tag-docker-push.yml index f6f021fcaa9..bd06d3b920a 100644 --- a/.github/workflows/release-2-tag-docker-push.yml +++ b/.github/workflows/release-2-tag-docker-push.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: master diff --git a/.github/workflows/release-3-master-into-dev.yml b/.github/workflows/release-3-master-into-dev.yml index 012781f45e4..ede4cf33d37 100644 --- a/.github/workflows/release-3-master-into-dev.yml +++ b/.github/workflows/release-3-master-into-dev.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: master @@ -38,7 +38,7 @@ jobs: run: git push origin HEAD:${NEW_BRANCH} - name: Checkout new branch - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ env.NEW_BRANCH }} @@ -73,7 +73,7 @@ jobs: if: endsWith(github.event.inputs.release_number_new, '.0') && endsWith(github.event.inputs.release_number_dev, '.0-dev') - name: Push version changes - uses: stefanzweifel/git-auto-commit-action@v5.0.1 + uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1 with: commit_user_name: "${{ env.GIT_USERNAME }}" commit_user_email: "${{ env.GIT_EMAIL }}" @@ -86,7 +86,7 @@ jobs: - name: Create Pull Request env: REPO_ORG: ${{ env.repoorg }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | @@ -103,7 +103,7 @@ jobs: steps: - name: Checkout master - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: master @@ -120,7 +120,7 @@ jobs: run: git push origin HEAD:${NEW_BRANCH} - name: Checkout new branch - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ env.NEW_BRANCH }} @@ -139,7 +139,7 @@ jobs: grep version components/package.json - name: Push version changes - uses: stefanzweifel/git-auto-commit-action@v5.0.1 + uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1 with: commit_user_name: "${{ env.GIT_USERNAME }}" commit_user_email: "${{ env.GIT_EMAIL }}" @@ -152,7 +152,7 @@ jobs: - name: Create Pull Request env: REPO_ORG: ${{ env.repoorg }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} script: | diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml index 0e42769cd76..7802bfdc1b2 100644 --- a/.github/workflows/release-drafter.yml +++ b/.github/workflows/release-drafter.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Create Release id: create_release - uses: release-drafter/release-drafter@v6.0.0 + uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 # v6.0.0 with: version: ${{ github.event.inputs.version }} env: @@ -47,13 +47,13 @@ jobs: runs-on: ubuntu-latest steps: - name: Load OAS files from artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: pattern: oas-* - name: Upload Release Asset - OpenAPI Specification - YAML id: upload-release-asset-yaml - uses: actions/upload-release-asset@v1 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -64,7 +64,7 @@ jobs: - name: Upload Release Asset - OpenAPI Specification - JSON id: upload-release-asset-json - uses: actions/upload-release-asset@v1 + uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5 # v1.0.2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/release-x-manual-docker-containers.yml b/.github/workflows/release-x-manual-docker-containers.yml index 6f8862b6216..af42a46db5d 100644 --- a/.github/workflows/release-x-manual-docker-containers.yml +++ b/.github/workflows/release-x-manual-docker-containers.yml @@ -32,13 +32,13 @@ jobs: platform: [amd64] steps: - name: Login to DockerHub - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Checkout tag - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ github.event.inputs.release_number }} @@ -47,11 +47,11 @@ jobs: - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 - name: Build and push images with debian if: ${{ matrix.os == 'debian' }} - uses: docker/build-push-action@v6 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 env: DOCKER_BUILD_CHECKS_ANNOTATIONS: false REPO_ORG: ${{ env.repoorg }} @@ -64,7 +64,7 @@ jobs: - name: Build and push images with alpine if: ${{ matrix.os == 'alpine' }} - uses: docker/build-push-action@v6 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 env: DOCKER_BUILD_CHECKS_ANNOTATIONS: false REPO_ORG: ${{ env.repoorg }} diff --git a/.github/workflows/release-x-manual-helm-chart.yml b/.github/workflows/release-x-manual-helm-chart.yml index ee749cdc4a8..d4b1ee681fa 100644 --- a/.github/workflows/release-x-manual-helm-chart.yml +++ b/.github/workflows/release-x-manual-helm-chart.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: master fetch-depth: 0 @@ -47,7 +47,7 @@ jobs: git config --global user.email "${{ env.GIT_EMAIL }}" - name: Install Helm - uses: azure/setup-helm@v4 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 with: version: v3.4.0 @@ -58,7 +58,7 @@ jobs: helm dependency update ./helm/defectdojo - name: Add yq - uses: mikefarah/yq@master + uses: mikefarah/yq@bc5b54cb1d1f720db16c9f75c5b45384d00e5cbf # v4.44.5 - name: Pin version docker version id: pin_image @@ -75,7 +75,7 @@ jobs: echo "chart_version=$(ls build | cut -d '-' -f 2 | sed 's|\.tgz||')" >> $GITHUB_ENV - name: Create release ${{ github.event.inputs.release_number }} - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 with: name: '${{ github.event.inputs.release_number }} 🌈' tag_name: ${{ github.event.inputs.release_number }} diff --git a/.github/workflows/release_drafter_valentijn.yml b/.github/workflows/release_drafter_valentijn.yml index 0ac52a0466a..7ce4c2813a6 100644 --- a/.github/workflows/release_drafter_valentijn.yml +++ b/.github/workflows/release_drafter_valentijn.yml @@ -20,7 +20,7 @@ jobs: update_release_draft: runs-on: ubuntu-latest steps: - - uses: valentijnscholten/release-drafter@master + - uses: valentijnscholten/release-drafter@master # TODO: not maintained anymore - missing part is maybe already solved in the upstream with: version: ${{github.event.inputs.version}} previous-version: ${{github.event.inputs.previous-version}} diff --git a/.github/workflows/rest-framework-tests.yml b/.github/workflows/rest-framework-tests.yml index bd8ca3322fa..63056587431 100644 --- a/.github/workflows/rest-framework-tests.yml +++ b/.github/workflows/rest-framework-tests.yml @@ -14,13 +14,13 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false # load docker images from build jobs - name: Load images from artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 with: path: built-docker-image pattern: built-docker-image-* diff --git a/.github/workflows/ruff.yml b/.github/workflows/ruff.yml index 04799cdd003..59652fa7332 100644 --- a/.github/workflows/ruff.yml +++ b/.github/workflows/ruff.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Ruff Linter run: pip install -r requirements-lint.txt diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index 4a37d71b562..8657b48c68a 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Grab shellcheck run: | diff --git a/.github/workflows/test-helm-chart.yml b/.github/workflows/test-helm-chart.yml index 5bf20169328..75cf1186411 100644 --- a/.github/workflows/test-helm-chart.yml +++ b/.github/workflows/test-helm-chart.yml @@ -14,15 +14,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v4.2.0 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: 3.9 @@ -33,7 +33,7 @@ jobs: helm dependency update ./helm/defectdojo - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 with: yamale_version: 4.0.4 yamllint_version: 1.35.1 From 277a0eb616b7c378b64a9a766a1a111de7180451 Mon Sep 17 00:00:00 2001 From: John Doe Date: Wed, 11 Dec 2024 21:23:06 +0100 Subject: [PATCH 28/65] add uwsgi vars to nginx service (#11186) Co-authored-by: optimistic5 --- docker-compose.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 5c47181b35c..c0cc991e6ca 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -16,6 +16,8 @@ services: - uwsgi environment: NGINX_METRICS_ENABLED: "${NGINX_METRICS_ENABLED:-false}" + DD_UWSGI_HOST: "${DD_UWSGI_HOST:-uwsgi}" + DD_UWSGI_PORT: "${DD_UWSGI_PORT:-3031}" volumes: - defectdojo_media:/usr/share/nginx/html/media ports: From d35514de361e75bb895eff77cded1f3c8f1cca2b Mon Sep 17 00:00:00 2001 From: kiblik <5609770+kiblik@users.noreply.github.com> Date: Thu, 12 Dec 2024 19:17:51 +0100 Subject: [PATCH 29/65] Ruff: Add and fix S110 (+ merge all S1 rules) (#11256) --- dojo/benchmark/views.py | 5 +---- dojo/cred/views.py | 5 +---- dojo/finding/helper.py | 26 +++++++++++++------------ dojo/middleware.py | 6 ++---- dojo/product/views.py | 4 +--- dojo/templatetags/display_tags.py | 13 ++++++------- dojo/tools/gitlab_api_fuzzing/parser.py | 11 +++++------ dojo/tools/h1/parser.py | 14 ++++--------- dojo/tools/kiuwan/parser.py | 6 +++--- dojo/tools/veracode/json_parser.py | 10 +++++----- ruff.toml | 2 +- tests/Import_scanner_test.py | 7 ++----- tests/base_test_class.py | 7 +------ 13 files changed, 46 insertions(+), 70 deletions(-) diff --git a/dojo/benchmark/views.py b/dojo/benchmark/views.py index 0d0c7174b96..611c690945d 100644 --- a/dojo/benchmark/views.py +++ b/dojo/benchmark/views.py @@ -1,4 +1,3 @@ -import contextlib import logging from crum import get_current_user @@ -37,9 +36,7 @@ def add_benchmark(queryset, product): benchmark_product.product = product benchmark_product.control = requirement requirements.append(benchmark_product) - - with contextlib.suppress(Exception): - Benchmark_Product.objects.bulk_create(requirements) + Benchmark_Product.objects.bulk_create(requirements) @user_is_authorized(Product, Permissions.Benchmark_Edit, "pid") diff --git a/dojo/cred/views.py b/dojo/cred/views.py index f8f7756e340..e79dc6c6b16 100644 --- a/dojo/cred/views.py +++ b/dojo/cred/views.py @@ -1,4 +1,3 @@ -import contextlib import logging from django.contrib import messages @@ -585,9 +584,7 @@ def new_cred_finding(request, fid): @user_is_authorized(Cred_User, Permissions.Credential_Delete, "ttid") def delete_cred_controller(request, destination_url, id, ttid): - cred = None - with contextlib.suppress(Exception): - cred = Cred_Mapping.objects.get(pk=ttid) + cred = Cred_Mapping.objects.filter(pk=ttid).first() if request.method == "POST": tform = CredMappingForm(request.POST, instance=cred) message = "" diff --git a/dojo/finding/helper.py b/dojo/finding/helper.py index 4c1281d6653..66badd594dc 100644 --- a/dojo/finding/helper.py +++ b/dojo/finding/helper.py @@ -4,6 +4,7 @@ from django.conf import settings from django.db.models.query_utils import Q from django.db.models.signals import post_delete, pre_delete +from django.db.utils import IntegrityError from django.dispatch.dispatcher import receiver from django.utils import timezone from fieldsignals import pre_save_changed @@ -164,21 +165,22 @@ def create_finding_group(finds, finding_group_name): finding_group = Finding_Group(test=finds[0].test) finding_group.creator = get_current_user() - finding_group.name = finding_group_name + finding_group_name_dummy - finding_group.save() - available_findings = [find for find in finds if not find.finding_group_set.all()] - finding_group.findings.set(available_findings) - # if user provided a name, we use that, else: - # if we have components, we may set a nice name but catch 'name already exist' exceptions + if finding_group_name: + finding_group.name = finding_group_name + elif finding_group.components: + finding_group.name = finding_group.components try: - if finding_group_name: - finding_group.name = finding_group_name - elif finding_group.components: - finding_group.name = finding_group.components finding_group.save() - except: - pass + except IntegrityError as ie: + if "already exists" in str(ie): + finding_group.name = finding_group_name + finding_group_name_dummy + finding_group.save() + else: + raise + + available_findings = [find for find in finds if not find.finding_group_set.all()] + finding_group.findings.set(available_findings) added = len(available_findings) skipped = len(finds) - added diff --git a/dojo/middleware.py b/dojo/middleware.py index 9fcb8a51dbc..239a2d92f4b 100644 --- a/dojo/middleware.py +++ b/dojo/middleware.py @@ -1,5 +1,6 @@ import logging import re +from contextlib import suppress from threading import local from urllib.parse import quote @@ -56,13 +57,10 @@ def __call__(self, request): if request.user.is_authenticated: logger.debug("Authenticated user: %s", str(request.user)) - try: + with suppress(ModuleNotFoundError): # to avoid unittests to fail uwsgi = __import__("uwsgi", globals(), locals(), ["set_logvar"], 0) # this populates dd_user log var, so can appear in the uwsgi logs uwsgi.set_logvar("dd_user", str(request.user)) - except: - # to avoid unittests to fail - pass path = request.path_info.lstrip("/") from dojo.models import Dojo_User if Dojo_User.force_password_reset(request.user) and path != "change_password": diff --git a/dojo/product/views.py b/dojo/product/views.py index 8c20b50627a..654169363dc 100644 --- a/dojo/product/views.py +++ b/dojo/product/views.py @@ -1,7 +1,6 @@ # # product import base64 import calendar as tcalendar -import contextlib import logging from collections import OrderedDict from datetime import date, datetime, timedelta @@ -958,8 +957,7 @@ def edit_product(request, pid): if get_system_setting("enable_github") and github_inst: gform = GITHUB_Product_Form(request.POST, instance=github_inst) - # need to handle delete - with contextlib.suppress(Exception): + if gform.is_valid(): gform.save() elif get_system_setting("enable_github"): gform = GITHUB_Product_Form(request.POST) diff --git a/dojo/templatetags/display_tags.py b/dojo/templatetags/display_tags.py index edcc109ffbf..94bcf80d6e5 100644 --- a/dojo/templatetags/display_tags.py +++ b/dojo/templatetags/display_tags.py @@ -431,13 +431,12 @@ def pic_token(context, image, size): @register.filter def inline_image(image_file): - try: - if img_type := mimetypes.guess_type(image_file.file.name)[0]: - if img_type.startswith("image/"): - img_data = base64.b64encode(image_file.file.read()) - return f"data:{img_type};base64, {img_data.decode('utf-8')}" - except: - pass + # TODO: This code might need better exception handling or data processing + if img_types := mimetypes.guess_type(image_file.file.name): + img_type = img_types[0] + if img_type.startswith("image/"): + img_data = base64.b64encode(image_file.file.read()) + return f"data:{img_type};base64, {img_data.decode('utf-8')}" return "" diff --git a/dojo/tools/gitlab_api_fuzzing/parser.py b/dojo/tools/gitlab_api_fuzzing/parser.py index c536dc00205..1095d21a657 100644 --- a/dojo/tools/gitlab_api_fuzzing/parser.py +++ b/dojo/tools/gitlab_api_fuzzing/parser.py @@ -28,12 +28,11 @@ def get_findings(self, file, test): title = vulnerability["name"] severity = self.normalise_severity(vulnerability["severity"]) description = vulnerability.get("category", "") - try: - location = vulnerability["location"] - description += "\n" + location["crash_type"] - description += "\n" + location["crash_state"] - except: - pass + if location := vulnerability.get("location"): + if crash_type := location.get("crash_type"): + description += f"\n{crash_type}" + if crash_state := location.get("crash_state"): + description += f"\n{crash_state}" findings.append( Finding( title=title, diff --git a/dojo/tools/h1/parser.py b/dojo/tools/h1/parser.py index 62072f5eb27..772700f3176 100644 --- a/dojo/tools/h1/parser.py +++ b/dojo/tools/h1/parser.py @@ -118,11 +118,8 @@ def build_description(self, content): description += f"Triaged: {triaged_date}\n" # Try to grab CVSS - try: - cvss = content["relationships"]["severity"]["data"]["attributes"]["score"] + if cvss := content.get("relationships", {}).get("severity", {}).get("data", {}).get("attributes", {}).get("score"): description += f"CVSS: {cvss}\n" - except Exception: - pass # Build rest of description meat description += "##Report: \n{}\n".format( @@ -130,12 +127,9 @@ def build_description(self, content): ) # Try to grab weakness if it's there - try: - weakness_title = content["relationships"]["weakness"]["data"]["attributes"]["name"] - weakness_desc = content["relationships"]["weakness"]["data"]["attributes"]["description"] - description += f"\n##Weakness: {weakness_title}\n{weakness_desc}" - except Exception: - pass + if weakness_title := content.get("relationships", {}).get("weakness", {}).get("data", {}).get("attributes", {}).get("name"): + if weakness_desc := content.get("relationships", {}).get("weakness", {}).get("data", {}).get("attributes", {}).get("description"): + description += f"\n##Weakness: {weakness_title}\n{weakness_desc}" return description diff --git a/dojo/tools/kiuwan/parser.py b/dojo/tools/kiuwan/parser.py index 34601b05aae..1caeb78c803 100644 --- a/dojo/tools/kiuwan/parser.py +++ b/dojo/tools/kiuwan/parser.py @@ -1,4 +1,3 @@ -import contextlib import csv import hashlib import io @@ -105,8 +104,9 @@ def get_findings(self, filename, test): finding.mitigation = "Not provided!" finding.severity = findingdict["severity"] finding.static_finding = True - with contextlib.suppress(Exception): - finding.cwe = int(row["CWE"]) + if cwe := row.get("CWE"): + if cwe.isdigit(): + finding.cwe = int(cwe) if finding is not None: if finding.title is None: diff --git a/dojo/tools/veracode/json_parser.py b/dojo/tools/veracode/json_parser.py index fe5c2ccddd2..df83cbb802e 100644 --- a/dojo/tools/veracode/json_parser.py +++ b/dojo/tools/veracode/json_parser.py @@ -85,13 +85,13 @@ def get_items(self, tree, test): if not finding: continue # Set the date of the finding from the report if it is present - try: + if finding_status := vuln.get("finding_status"): if settings.USE_FIRST_SEEN: - finding.date = parser.parse(vuln.get("finding_status", {}).get("first_found_date", "")) + if first_found_date := finding_status.get("first_found_date"): + finding.date = parser.parse(first_found_date) else: - finding.date = parser.parse(vuln.get("finding_status", {}).get("last_found_date", "")) - except Exception: - pass + if last_found_date := finding_status.get("last_found_date"): + finding.date = parser.parse(last_found_date) # Generate the description finding = self.parse_description(finding, vuln.get("description"), scan_type) finding.nb_occurences = vuln.get("count", 1) diff --git a/ruff.toml b/ruff.toml index 24f642c22cc..12b556d5cf3 100644 --- a/ruff.toml +++ b/ruff.toml @@ -41,7 +41,7 @@ select = [ "UP", "YTT", "ASYNC", - "S2", "S5", "S7", "S101", "S104", "S105", "S106", "S108", "S311", "S112", "S113", + "S1", "S2", "S5", "S7", "S311", "FBT001", "FBT003", "A003", "A004", "A005", "A006", "COM", diff --git a/tests/Import_scanner_test.py b/tests/Import_scanner_test.py index 07da3dfc125..eefe72d5b09 100644 --- a/tests/Import_scanner_test.py +++ b/tests/Import_scanner_test.py @@ -172,11 +172,8 @@ def test_engagement_import_scan_result(self): index = list(found_matches.keys())[0] scan_map[test] = options_text[index] elif len(found_matches) > 1: - try: - index = list(found_matches.values()).index(temp_test) - scan_map[test] = options_text[list(found_matches.keys())[index]] - except: - pass + index = list(found_matches.values()).index(temp_test) + scan_map[test] = options_text[list(found_matches.keys())[index]] failed_tests = [] for test in self.tests: diff --git a/tests/base_test_class.py b/tests/base_test_class.py index 2e1f6477358..7fcc3a6f203 100644 --- a/tests/base_test_class.py +++ b/tests/base_test_class.py @@ -1,4 +1,3 @@ -import contextlib import logging import os import re @@ -238,11 +237,7 @@ def goto_all_findings_list(self, driver): return driver def wait_for_datatable_if_content(self, no_content_id, wrapper_id): - no_content = None - with contextlib.suppress(Exception): - no_content = self.driver.find_element(By.ID, no_content_id) - - if no_content is None: + if not self.is_element_by_id_present(no_content_id): # wait for product_wrapper div as datatables javascript modifies the DOM on page load. WebDriverWait(self.driver, 30).until( EC.presence_of_element_located((By.ID, wrapper_id)), From 5a66da9283c0f4adb3998122ca2a1e8b338c6722 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 12:31:36 -0600 Subject: [PATCH 30/65] chore(deps): update actions/cache action from v4.1.2 to v4.2.0 (.github/workflows/gh-pages.yml) (#11410) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/gh-pages.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index 4f25a4b3d89..888cd7eb3e4 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -24,7 +24,7 @@ jobs: node-version: '22.5.1' - name: Cache dependencies - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: ~/.npm key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} From 3f0cba2c336ac4c8c4f49ce5a44e075e723ddc48 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 12:32:16 -0600 Subject: [PATCH 31/65] chore(deps): update gcr.io/cloudsql-docker/gce-proxy docker tag from 1.37.2 to v1.37.3 (helm/defectdojo/values.yaml) (#11411) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm/defectdojo/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml index 2683f52c012..0deb30aaff4 100644 --- a/helm/defectdojo/values.yaml +++ b/helm/defectdojo/values.yaml @@ -478,7 +478,7 @@ cloudsql: image: # set repo and image tag of gce-proxy repository: gcr.io/cloudsql-docker/gce-proxy - tag: 1.37.2 + tag: 1.37.3 pullPolicy: IfNotPresent # set CloudSQL instance: 'project:zone:instancename' instance: "" From 0dbf92a2ad4edbfca6034e65032b3a53f6ebe3de Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 12:33:07 -0600 Subject: [PATCH 32/65] chore(deps): update softprops/action-gh-release action from v2.1.0 to v2.2.0 (.github/workflows/release-x-manual-helm-chart.yml) (#11412) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/release-x-manual-helm-chart.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-x-manual-helm-chart.yml b/.github/workflows/release-x-manual-helm-chart.yml index d4b1ee681fa..18778c6d239 100644 --- a/.github/workflows/release-x-manual-helm-chart.yml +++ b/.github/workflows/release-x-manual-helm-chart.yml @@ -75,7 +75,7 @@ jobs: echo "chart_version=$(ls build | cut -d '-' -f 2 | sed 's|\.tgz||')" >> $GITHUB_ENV - name: Create release ${{ github.event.inputs.release_number }} - uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 + uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 with: name: '${{ github.event.inputs.release_number }} 🌈' tag_name: ${{ github.event.inputs.release_number }} From 60ce0cdc521adc2f9308dce89dcdd89cc6181f7a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 12 Dec 2024 12:34:21 -0600 Subject: [PATCH 33/65] chore(deps): update mikefarah/yq action from v4.44.5 to v4.44.6 (.github/workflows/release-x-manual-helm-chart.yml) (#11409) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/release-x-manual-helm-chart.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-x-manual-helm-chart.yml b/.github/workflows/release-x-manual-helm-chart.yml index 18778c6d239..3b01d2d6d26 100644 --- a/.github/workflows/release-x-manual-helm-chart.yml +++ b/.github/workflows/release-x-manual-helm-chart.yml @@ -58,7 +58,7 @@ jobs: helm dependency update ./helm/defectdojo - name: Add yq - uses: mikefarah/yq@bc5b54cb1d1f720db16c9f75c5b45384d00e5cbf # v4.44.5 + uses: mikefarah/yq@4839dbbf80445070a31c7a9c1055da527db2d5ee # v4.44.6 - name: Pin version docker version id: pin_image From 1b1a9c6a8ea9cd1bf21533623bee8b2aa37ed801 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Sat, 14 Dec 2024 21:18:44 -0600 Subject: [PATCH 34/65] chore(deps): update helm release postgresql from 16.2.5 to ~16.3.0 (helm/defectdojo/chart.yaml) (#11406) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- helm/defectdojo/Chart.lock | 6 +++--- helm/defectdojo/Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/helm/defectdojo/Chart.lock b/helm/defectdojo/Chart.lock index 7a0e49b95de..591ab3ae6e9 100644 --- a/helm/defectdojo/Chart.lock +++ b/helm/defectdojo/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 16.2.0 + version: 16.3.0 - name: postgresql-ha repository: https://charts.bitnami.com/bitnami version: 9.4.11 - name: redis repository: https://charts.bitnami.com/bitnami version: 19.6.4 -digest: sha256:0d2e729a1b07543cb813f80f5d05c67ad56817f1b44911e08245e43868f49301 -generated: "2024-11-14T10:51:48.400717864Z" +digest: sha256:896db01c8521d42f6830a84190fb0a679afb2a999a79e3d82226d0b871f7778d +generated: "2024-12-11T06:49:40.425726453Z" diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index d7568f8d5d8..a80f07786a8 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -10,7 +10,7 @@ maintainers: url: https://github.com/DefectDojo/django-DefectDojo dependencies: - name: postgresql - version: ~16.2.0 + version: ~16.3.0 repository: "https://charts.bitnami.com/bitnami" condition: postgresql.enabled - name: postgresql-ha From ceee3df0d990a8596e0f949d39d16364a82e6535 Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Mon, 16 Dec 2024 16:04:37 +0000 Subject: [PATCH 35/65] Update versions in application files --- components/package.json | 2 +- dojo/__init__.py | 2 +- helm/defectdojo/Chart.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/package.json b/components/package.json index 590f1cb37e0..febe451775d 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.41.2", + "version": "2.42.0-dev", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index 7edf826dd58..033e2fc2894 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa: F401 -__version__ = "2.41.2" +__version__ = "2.42.0-dev" __url__ = "https://github.com/DefectDojo/django-DefectDojo" __docs__ = "https://documentation.defectdojo.com" diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index f76daab65f6..ab66f338320 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.41.2" +appVersion: "2.42.0-dev" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.164 +version: 1.6.165-dev icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap From fe4507008a1755ae35c3102efc17519756101c63 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 17:50:46 -0600 Subject: [PATCH 36/65] fix(deps): update dependency @tabler/icons from 3.24.0 to v3.26.0 (docs/package.json) (#11423) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docs/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/package-lock.json b/docs/package-lock.json index 5755bac0791..31ec2d4d704 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -2394,9 +2394,9 @@ } }, "node_modules/@tabler/icons": { - "version": "3.24.0", - "resolved": "https://registry.npmjs.org/@tabler/icons/-/icons-3.24.0.tgz", - "integrity": "sha512-qNis9e90QcdxAGV3wNIeX0Ba2R7ktm0cnqOToKHJfC2kj3fvJwEVLsw63K0/fm7NW8rSZjDSTQRmMnSg8g/wrg==", + "version": "3.26.0", + "resolved": "https://registry.npmjs.org/@tabler/icons/-/icons-3.26.0.tgz", + "integrity": "sha512-oO3D4ss+DxzxqU1aDy0f1HmToyrO0gcQWIMpzHAfV1quPUx0BZYvNm5xz1DQb4DxNm/+xNvbBGLJy4pzTLYWag==", "license": "MIT", "funding": { "type": "github", From 048f2fa91a151f6c0ba5ce1f1d5cb8641a09eef6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 17:52:49 -0600 Subject: [PATCH 37/65] Bump boto3 from 1.35.78 to 1.35.81 (#11425) Bumps [boto3](https://github.com/boto/boto3) from 1.35.78 to 1.35.81. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.78...1.35.81) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 20e31134df3..476f53ab5a1 100644 --- a/requirements.txt +++ b/requirements.txt @@ -69,7 +69,7 @@ django-ratelimit==4.1.0 argon2-cffi==23.1.0 blackduck==1.1.3 pycurl==7.45.3 # Required for Celery Broker AWS (SQS) support -boto3==1.35.78 # Required for Celery Broker AWS (SQS) support +boto3==1.35.81 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==2.2.3 fontawesomefree==6.6.0 From a9676269968eaa61fd3869ca760a96edd73d8b74 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 17:53:58 -0600 Subject: [PATCH 38/65] Bump vobject from 0.9.8 to 0.9.9 (#11426) Bumps [vobject](https://github.com/py-vobject/vobject) from 0.9.8 to 0.9.9. - [Release notes](https://github.com/py-vobject/vobject/releases) - [Commits](https://github.com/py-vobject/vobject/compare/v0.9.8...v0.9.9) --- updated-dependencies: - dependency-name: vobject dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 476f53ab5a1..e44a0c34707 100644 --- a/requirements.txt +++ b/requirements.txt @@ -40,7 +40,7 @@ requests==2.32.3 sqlalchemy==2.0.36 # Required by Celery broker transport urllib3==1.26.18 uWSGI==2.0.28 -vobject==0.9.8 +vobject==0.9.9 whitenoise==5.2.0 titlecase==2.4.1 social-auth-app-django==5.4.2 From f467902866bf3b183225b66cce74e2667fe5c729 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 17:54:29 -0600 Subject: [PATCH 39/65] chore(deps): update docker/setup-buildx-action action from v3.7.1 to v3.8.0 (.github/workflows/release-x-manual-docker-containers.yml) (#11427) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/build-docker-images-for-testing.yml | 2 +- .github/workflows/release-x-manual-docker-containers.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-docker-images-for-testing.yml b/.github/workflows/build-docker-images-for-testing.yml index 4d052bf1a47..9f30ca472dc 100644 --- a/.github/workflows/build-docker-images-for-testing.yml +++ b/.github/workflows/build-docker-images-for-testing.yml @@ -28,7 +28,7 @@ jobs: run: echo "IMAGE_REPOSITORY=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV - name: Set up Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 with: buildkitd-flags: --debug driver-opts: image=moby/buildkit:master # needed to get the fix for https://github.com/moby/buildkit/issues/2426 diff --git a/.github/workflows/release-x-manual-docker-containers.yml b/.github/workflows/release-x-manual-docker-containers.yml index af42a46db5d..bf0061c7e6e 100644 --- a/.github/workflows/release-x-manual-docker-containers.yml +++ b/.github/workflows/release-x-manual-docker-containers.yml @@ -47,7 +47,7 @@ jobs: - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Build and push images with debian if: ${{ matrix.os == 'debian' }} From 6d032f002907f14ac62f3964a8a6327867c95ee7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 17:54:59 -0600 Subject: [PATCH 40/65] Bump pdfmake from 0.2.15 to 0.2.16 in /components (#11428) Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.2.15 to 0.2.16. - [Release notes](https://github.com/bpampuch/pdfmake/releases) - [Changelog](https://github.com/bpampuch/pdfmake/blob/0.2.16/CHANGELOG.md) - [Commits](https://github.com/bpampuch/pdfmake/compare/0.2.15...0.2.16) --- updated-dependencies: - dependency-name: pdfmake dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- components/package.json | 2 +- components/yarn.lock | 18 +++++++++--------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/components/package.json b/components/package.json index febe451775d..018753a4c6b 100644 --- a/components/package.json +++ b/components/package.json @@ -35,7 +35,7 @@ "metismenu": "~3.0.7", "moment": "^2.30.1", "morris.js": "morrisjs/morris.js", - "pdfmake": "^0.2.15", + "pdfmake": "^0.2.16", "startbootstrap-sb-admin-2": "1.0.7" }, "engines": { diff --git a/components/yarn.lock b/components/yarn.lock index 26479c39938..eb7b1009641 100644 --- a/components/yarn.lock +++ b/components/yarn.lock @@ -24,10 +24,10 @@ base64-js "1.3.1" unicode-trie "^2.0.0" -"@foliojs-fork/pdfkit@^0.15.1": - version "0.15.1" - resolved "https://registry.yarnpkg.com/@foliojs-fork/pdfkit/-/pdfkit-0.15.1.tgz#ecae3bcb7aad46b58e50493de593317f9b738074" - integrity sha512-4Cq2onHZAhThIfzv3/AFTPALqHzbmV8uNvgRELULWNbsZATgVeqEL4zHOzCyblLfX6tMXVO2BVaPcXboIxGjiw== +"@foliojs-fork/pdfkit@^0.15.2": + version "0.15.2" + resolved "https://registry.yarnpkg.com/@foliojs-fork/pdfkit/-/pdfkit-0.15.2.tgz#6dbe57ed45f1dc022d0219f3810071b9007e347e" + integrity sha512-Wpj6BH4DGn+zAWmCk9agdbAw3Zxt+MpemjssLfYdnretWpZ014uR6Zo51E4ftVP75UA8a7mtt4TiCu09lIKsBw== dependencies: "@foliojs-fork/fontkit" "^1.9.2" "@foliojs-fork/linebreak" "^1.1.1" @@ -503,13 +503,13 @@ pako@~1.0.2: resolved "https://registry.yarnpkg.com/pako/-/pako-1.0.11.tgz#6c9599d340d54dfd3946380252a35705a6b992bf" integrity sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw== -pdfmake@^0.2.15: - version "0.2.15" - resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.2.15.tgz#86bbc2c854e8a1cc98d4d6394b39dae00cc3a3b0" - integrity sha512-Ryef9mjxo6q8dthhbssAK0zwCsPZ6Pl7kCHnIEXOvQdd79LUGZD6SHGi21YryFXczPjvw6V009uxQwp5iritcA== +pdfmake@^0.2.16: + version "0.2.16" + resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.2.16.tgz#5001538ad16e347aa21c12b1bdc0440015f7bdf7" + integrity sha512-oCHFIAVybjCkeU1ZCY5fB6BxOZ7ofeinN/sYfgPBny7Frx+8GbxNkEuuvZGj70Xn8/9kUhKZ84Q9S6qxj5eq5Q== dependencies: "@foliojs-fork/linebreak" "^1.1.2" - "@foliojs-fork/pdfkit" "^0.15.1" + "@foliojs-fork/pdfkit" "^0.15.2" iconv-lite "^0.6.3" xmldoc "^1.3.0" From ffb87460a31ec69b81082a1b940a1ec15dfb578c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 18:12:26 -0600 Subject: [PATCH 41/65] Bump pycurl from 7.45.3 to 7.45.4 (#11417) Bumps [pycurl](https://github.com/pycurl/pycurl) from 7.45.3 to 7.45.4. - [Changelog](https://github.com/pycurl/pycurl/blob/master/ChangeLog) - [Commits](https://github.com/pycurl/pycurl/commits) --- updated-dependencies: - dependency-name: pycurl dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index e44a0c34707..90e7b0b7f02 100644 --- a/requirements.txt +++ b/requirements.txt @@ -68,7 +68,7 @@ drf-spectacular-sidecar==2024.12.1 django-ratelimit==4.1.0 argon2-cffi==23.1.0 blackduck==1.1.3 -pycurl==7.45.3 # Required for Celery Broker AWS (SQS) support +pycurl==7.45.4 # Required for Celery Broker AWS (SQS) support boto3==1.35.81 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==2.2.3 From 1ecb1e5cf33695f236eb76f67f4b3426881f750a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 10:53:20 -0600 Subject: [PATCH 42/65] Bump boto3 from 1.35.81 to 1.35.82 (#11434) Bumps [boto3](https://github.com/boto/boto3) from 1.35.81 to 1.35.82. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.81...1.35.82) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 90e7b0b7f02..6e73c94a549 100644 --- a/requirements.txt +++ b/requirements.txt @@ -69,7 +69,7 @@ django-ratelimit==4.1.0 argon2-cffi==23.1.0 blackduck==1.1.3 pycurl==7.45.4 # Required for Celery Broker AWS (SQS) support -boto3==1.35.81 # Required for Celery Broker AWS (SQS) support +boto3==1.35.82 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==2.2.3 fontawesomefree==6.6.0 From 9c984dad13c156e12454db02fe1fd6fd9067e90b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 18 Dec 2024 21:03:56 -0600 Subject: [PATCH 43/65] chore(deps): update actions/upload-artifact action from v4.4.3 to v4.5.0 (.github/workflows/fetch-oas.yml) (#11436) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/build-docker-images-for-testing.yml | 2 +- .github/workflows/fetch-oas.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-docker-images-for-testing.yml b/.github/workflows/build-docker-images-for-testing.yml index 9f30ca472dc..245b340ba36 100644 --- a/.github/workflows/build-docker-images-for-testing.yml +++ b/.github/workflows/build-docker-images-for-testing.yml @@ -49,7 +49,7 @@ jobs: # export docker images to be used in next jobs below - name: Upload image ${{ matrix.docker-image }} as artifact timeout-minutes: 10 - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: built-docker-image-${{ matrix.docker-image }}-${{ matrix.os }} path: ${{ matrix.docker-image }}-${{ matrix.os }}_img diff --git a/.github/workflows/fetch-oas.yml b/.github/workflows/fetch-oas.yml index 5257e92aab3..cc5c499f22b 100644 --- a/.github/workflows/fetch-oas.yml +++ b/.github/workflows/fetch-oas.yml @@ -51,7 +51,7 @@ jobs: run: docker compose down - name: Upload oas.${{ matrix.file-type }} as artifact - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: oas-${{ matrix.file-type }} path: oas.${{ matrix.file-type }} From 40179ef16f6559091b7dc8fa760fb4560d347109 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Dec 2024 21:04:32 -0600 Subject: [PATCH 44/65] Bump boto3 from 1.35.82 to 1.35.83 (#11437) Bumps [boto3](https://github.com/boto/boto3) from 1.35.82 to 1.35.83. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.82...1.35.83) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 6e73c94a549..f4beee0a977 100644 --- a/requirements.txt +++ b/requirements.txt @@ -69,7 +69,7 @@ django-ratelimit==4.1.0 argon2-cffi==23.1.0 blackduck==1.1.3 pycurl==7.45.4 # Required for Celery Broker AWS (SQS) support -boto3==1.35.82 # Required for Celery Broker AWS (SQS) support +boto3==1.35.83 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==2.2.3 fontawesomefree==6.6.0 From 33a825195c82740a98aed6398d62869010b9a4d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 18 Dec 2024 21:05:32 -0600 Subject: [PATCH 45/65] Bump python-gitlab from 5.1.0 to 5.2.0 (#11438) Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 5.1.0 to 5.2.0. - [Release notes](https://github.com/python-gitlab/python-gitlab/releases) - [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md) - [Commits](https://github.com/python-gitlab/python-gitlab/compare/v5.1.0...v5.2.0) --- updated-dependencies: - dependency-name: python-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index f4beee0a977..fcf8b2b07ac 100644 --- a/requirements.txt +++ b/requirements.txt @@ -46,7 +46,7 @@ titlecase==2.4.1 social-auth-app-django==5.4.2 social-auth-core==4.5.4 gitpython==3.1.43 -python-gitlab==5.1.0 +python-gitlab==5.2.0 cpe==1.3.1 packageurl-python==0.16.0 django-crum==0.7.9 From c1953688f9954ba6a51f1b41aaa3431f74e622ea Mon Sep 17 00:00:00 2001 From: Harold Blankenship <36673698+hblankenship@users.noreply.github.com> Date: Thu, 19 Dec 2024 11:32:06 -0600 Subject: [PATCH 46/65] Request/Response API CRUD Endpoints (#11365) * initial work * Get is mostly working * fully operational * Ruff ternary operator * add filterset_fields to query by finding in normal GET * no hint, return str * remove from no models list * remove import * take care of patch * working all around * add test that fails currently * override test_update * update for string rep * Update dojo/api_v2/serializers.py Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> * Update unittests/test_rest_framework.py Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> * remove unnecessary code tested and confirmed * reduce blank lines * Update validator --------- Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com> Co-authored-by: Charles Neill <1749665+cneill@users.noreply.github.com> --- dojo/api_v2/serializers.py | 42 +++++++++++++++++++ dojo/api_v2/views.py | 18 ++++++++ dojo/urls.py | 2 + unittests/test_apiv2_methods_and_endpoints.py | 2 - unittests/test_rest_framework.py | 25 +++++++++++ 5 files changed, 87 insertions(+), 2 deletions(-) diff --git a/dojo/api_v2/serializers.py b/dojo/api_v2/serializers.py index 5cdc2db4d88..f92310af002 100644 --- a/dojo/api_v2/serializers.py +++ b/dojo/api_v2/serializers.py @@ -1,3 +1,4 @@ +import base64 import collections import json import logging @@ -45,6 +46,7 @@ Answer, Answered_Survey, App_Analysis, + BurpRawRequestResponse, Check_List, ChoiceAnswer, ChoiceQuestion, @@ -385,6 +387,46 @@ class BurpRawRequestResponseSerializer(serializers.Serializer): req_resp = RequestResponseSerializerField(required=True) +class BurpRawRequestResponseMultiSerializer(serializers.ModelSerializer): + burpRequestBase64 = serializers.CharField() + burpResponseBase64 = serializers.CharField() + + def to_representation(self, data): + return { + "id": data.id, + "finding": data.finding.id, + "burpRequestBase64": data.burpRequestBase64.decode("utf-8"), + "burpResponseBase64": data.burpResponseBase64.decode("utf-8"), + } + + def validate(self, data): + b64request = data.get("burpRequestBase64", None) + b64response = data.get("burpResponseBase64", None) + finding = data.get("finding", None) + # Make sure all fields are present + if not b64request or not b64response or not finding: + msg = "burpRequestBase64, burpResponseBase64, and finding are required." + raise ValidationError(msg) + # Verify we have true base64 decoding + try: + base64.b64decode(b64request, validate=True) + base64.b64decode(b64response, validate=True) + except Exception as e: + msg = "Inputs need to be valid base64 encodings" + raise ValidationError(msg) from e + # Encode the data in utf-8 to remove any bad characters + data["burpRequestBase64"] = b64request.encode("utf-8") + data["burpResponseBase64"] = b64response.encode("utf-8") + # Run the model validation - an ValidationError will be raised if there is an issue + BurpRawRequestResponse(finding=finding, burpRequestBase64=b64request, burpResponseBase64=b64response).clean() + + return data + + class Meta: + model = BurpRawRequestResponse + fields = "__all__" + + class MetaSerializer(serializers.ModelSerializer): product = serializers.PrimaryKeyRelatedField( queryset=Product.objects.all(), diff --git a/dojo/api_v2/views.py b/dojo/api_v2/views.py index 384fc91c973..bca0a75e0b6 100644 --- a/dojo/api_v2/views.py +++ b/dojo/api_v2/views.py @@ -2693,6 +2693,24 @@ def get_queryset(self): return Note_Type.objects.all().order_by("id") +class BurpRawRequestResponseViewSet( + DojoModelViewSet, +): + serializer_class = serializers.BurpRawRequestResponseMultiSerializer + queryset = BurpRawRequestResponse.objects.none() + filter_backends = (DjangoFilterBackend,) + filterset_fields = ["finding"] + + def get_queryset(self): + results = BurpRawRequestResponse.objects.all() + empty_value = b"" + results = results.exclude( + burpRequestBase64__exact=empty_value, + burpResponseBase64__exact=empty_value, + ) + return results.order_by("id") + + # Authorization: superuser class NotesViewSet( mixins.UpdateModelMixin, diff --git a/dojo/urls.py b/dojo/urls.py index 1e36b67d4f8..a450c115e8a 100644 --- a/dojo/urls.py +++ b/dojo/urls.py @@ -14,6 +14,7 @@ from dojo.api_v2.views import ( AnnouncementViewSet, AppAnalysisViewSet, + BurpRawRequestResponseViewSet, ConfigurationPermissionViewSet, CredentialsMappingViewSet, CredentialsViewSet, @@ -156,6 +157,7 @@ v2_api.register(r"product_type_groups", ProductTypeGroupViewSet, basename="product_type_group") v2_api.register(r"regulations", RegulationsViewSet, basename="regulations") v2_api.register(r"reimport-scan", ReImportScanView, basename="reimportscan") +v2_api.register(r"request_response_pairs", BurpRawRequestResponseViewSet, basename="request_response_pairs") v2_api.register(r"risk_acceptance", RiskAcceptanceViewSet, basename="risk_acceptance") v2_api.register(r"roles", RoleViewSet, basename="role") v2_api.register(r"sla_configurations", SLAConfigurationViewset, basename="sla_configurations") diff --git a/unittests/test_apiv2_methods_and_endpoints.py b/unittests/test_apiv2_methods_and_endpoints.py index 56c5beb9fbc..5ac9c6cd04d 100644 --- a/unittests/test_apiv2_methods_and_endpoints.py +++ b/unittests/test_apiv2_methods_and_endpoints.py @@ -9,7 +9,6 @@ Benchmark_Product_Summary, Benchmark_Requirement, Benchmark_Type, - BurpRawRequestResponse, Choice, Contact, FileAccessToken, @@ -92,7 +91,6 @@ def setUp(self): Product_Line, Report_Type, CWE, - BurpRawRequestResponse, FileAccessToken, UserAnnouncement, BannerConf, diff --git a/unittests/test_rest_framework.py b/unittests/test_rest_framework.py index fa30780c922..9b58a538e43 100644 --- a/unittests/test_rest_framework.py +++ b/unittests/test_rest_framework.py @@ -31,6 +31,7 @@ from dojo.api_v2.views import ( AnnouncementViewSet, AppAnalysisViewSet, + BurpRawRequestResponseViewSet, ConfigurationPermissionViewSet, CredentialsMappingViewSet, CredentialsViewSet, @@ -3043,3 +3044,27 @@ def __init__(self, *args, **kwargs): self.test_type = TestType.STANDARD self.deleted_objects = 1 BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) + + +class BurpRawRequestResponseTest(BaseClass.BaseClassTest): + fixtures = ["dojo_testdata.json"] + + def __init__(self, *args, **kwargs): + self.endpoint_model = BurpRawRequestResponse + self.endpoint_path = "request_response_pairs" + self.viewname = "request_response_pairs" + self.viewset = BurpRawRequestResponseViewSet + self.payload = { + "finding": 2, + "burpRequestBase64": "cmVxdWVzdAo=", + "burpResponseBase64": "cmVzcG9uc2UK", + } + + self.update_fields = { + "finding": 2, + "burpRequestBase64": "cmVxdWVzdCAtIGVkaXRlZAo=", + "burpResponseBase64": "cmVzcG9uc2UgLSBlZGl0ZWQK", + } + self.test_type = TestType.STANDARD + self.deleted_objects = 1 + BaseClass.RESTEndpointTest.__init__(self, *args, **kwargs) From 9abdc58510940c55997cb10595d27304661b31e3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2024 12:25:47 -0600 Subject: [PATCH 47/65] Bump boto3 from 1.35.83 to 1.35.84 (#11440) Bumps [boto3](https://github.com/boto/boto3) from 1.35.83 to 1.35.84. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.83...1.35.84) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index fcf8b2b07ac..de54c48f1f4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -69,7 +69,7 @@ django-ratelimit==4.1.0 argon2-cffi==23.1.0 blackduck==1.1.3 pycurl==7.45.4 # Required for Celery Broker AWS (SQS) support -boto3==1.35.83 # Required for Celery Broker AWS (SQS) support +boto3==1.35.84 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==2.2.3 fontawesomefree==6.6.0 From 874d493d484e6e024b4812eba9ec3b493069dbde Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2024 12:26:14 -0600 Subject: [PATCH 48/65] chore(deps): update dependency vite from 6.0.3 to v6.0.4 (docs/package.json) (#11439) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docs/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/package-lock.json b/docs/package-lock.json index 31ec2d4d704..f8c92eb5f29 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -4700,9 +4700,9 @@ "license": "MIT" }, "node_modules/vite": { - "version": "6.0.3", - "resolved": "https://registry.npmjs.org/vite/-/vite-6.0.3.tgz", - "integrity": "sha512-Cmuo5P0ENTN6HxLSo6IHsjCLn/81Vgrp81oaiFFMRa8gGDj5xEjIcEpf2ZymZtZR8oU0P2JX5WuUp/rlXcHkAw==", + "version": "6.0.4", + "resolved": "https://registry.npmjs.org/vite/-/vite-6.0.4.tgz", + "integrity": "sha512-zwlH6ar+6o6b4Wp+ydhtIKLrGM/LoqZzcdVmkGAFun0KHTzIzjh+h0kungEx7KJg/PYnC80I4TII9WkjciSR6Q==", "dev": true, "license": "MIT", "dependencies": { From 460cd7cc146735d19f92e4d9d99bfba4ebd99c4f Mon Sep 17 00:00:00 2001 From: manuelsommer <47991713+manuel-sommer@users.noreply.github.com> Date: Fri, 20 Dec 2024 20:39:09 +0100 Subject: [PATCH 49/65] bump ruff to 0.8.1 (#11350) * bump ruff 0.8.1 * fix ruff * fix unittests * update * update * fix unittest --- dojo/tools/factory.py | 2 +- requirements-lint.txt | 2 +- tests/Import_scanner_test.py | 17 ++++++++++------- unittests/test_factory.py | 4 ++-- 4 files changed, 14 insertions(+), 11 deletions(-) diff --git a/dojo/tools/factory.py b/dojo/tools/factory.py index 04930321c50..b69fea12ac0 100644 --- a/dojo/tools/factory.py +++ b/dojo/tools/factory.py @@ -115,7 +115,7 @@ def requires_tool_type(scan_type): # iterate through the modules in the current package package_dir = str(Path(__file__).resolve().parent) -for module_name in os.listdir(package_dir): +for module_name in os.listdir(package_dir): # noqa: PTH208 # check if it's dir if Path(os.path.join(package_dir, module_name)).is_dir(): try: diff --git a/requirements-lint.txt b/requirements-lint.txt index 25336e7513c..8f161d317ec 100644 --- a/requirements-lint.txt +++ b/requirements-lint.txt @@ -1 +1 @@ -ruff==0.8.0 +ruff==0.8.1 \ No newline at end of file diff --git a/tests/Import_scanner_test.py b/tests/Import_scanner_test.py index eefe72d5b09..8f0ac1beb53 100644 --- a/tests/Import_scanner_test.py +++ b/tests/Import_scanner_test.py @@ -28,9 +28,10 @@ def setUp(self): git.Repo.clone_from("https://github.com/DefectDojo/sample-scan-files", self.repo_path) self.remove_items = ["__init__.py", "__init__.pyc", "factory.py", "factory.pyc", "factory.py", "LICENSE", "README.md", ".gitignore", ".git", "__pycache__"] - tool_path = dir_path[:-5] + "dojo/tools" - tools = sorted(os.listdir(tool_path)) - tests = sorted(os.listdir(self.repo_path)) + tool_path = Path(dir_path[:-5] + "dojo/tools") + tools = sorted(any(tool_path.iterdir())) + p = Path(self.repo_path) + tests = sorted(any(p.iterdir())) self.tools = [i for i in tools if i not in self.remove_items] self.tests = [i for i in tests if i not in self.remove_items] @@ -43,7 +44,8 @@ def test_check_test_file(self): missing_tests += ["\nNO TEST FILES"] for test in self.tests: - cases = sorted(os.listdir(self.repo_path + "/" + test)) + p = Path(self.repo_path + "/" + test) + cases = sorted(any(p.iterdir())) cases = [i for i in cases if i not in self.remove_items] if len(cases) == 0 and tool not in missing_tests: missing_tests += [test] @@ -145,8 +147,8 @@ def test_engagement_import_scan_result(self): options_text = [scan.strip() for scan in options_text] mod_options = options_text - mod_options = [re.sub(r" Scanner", "", scan) for scan in mod_options] - mod_options = [re.sub(r" Scan", "", scan) for scan in mod_options] + mod_options = [scan.replace(" Scanner", "") for scan in mod_options] + mod_options = [scan.replace(" Scan", "") for scan in mod_options] mod_options = [scan.lower().replace("-", " ").replace(".", "") for scan in mod_options] acronyms = [] @@ -177,7 +179,8 @@ def test_engagement_import_scan_result(self): failed_tests = [] for test in self.tests: - cases = sorted(os.listdir(self.repo_path + "/" + test)) + p = Path(self.repo_path + "/" + test) + cases = sorted(any(p.iterdir())) cases = [i for i in cases if i not in self.remove_items] if len(cases) == 0: failed_tests += [test.upper() + ": No test cases"] diff --git a/unittests/test_factory.py b/unittests/test_factory.py index 43fb5b54771..5d8b4040dd5 100644 --- a/unittests/test_factory.py +++ b/unittests/test_factory.py @@ -64,8 +64,8 @@ def test_get_parser_test_active_in_db(self): def test_parser_name_matches_module(self): """Test to ensure that parsers' class names match their module names""" - package_dir = "dojo/tools" - module_names = os.listdir(package_dir) + package_dir = Path("dojo/tools") + module_names = package_dir.iterdir() missing_parsers = [] excluded_parsers = [ "wizcli_common_parsers", # common class for other wizcli parsers, there is not parsing here From 629275ee5202a5a308c15a0f20f0d1584044d761 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Dec 2024 15:50:34 -0600 Subject: [PATCH 50/65] Bump boto3 from 1.35.84 to 1.35.85 (#11443) Bumps [boto3](https://github.com/boto/boto3) from 1.35.84 to 1.35.85. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.84...1.35.85) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index de54c48f1f4..006715a7f1e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -69,7 +69,7 @@ django-ratelimit==4.1.0 argon2-cffi==23.1.0 blackduck==1.1.3 pycurl==7.45.4 # Required for Celery Broker AWS (SQS) support -boto3==1.35.84 # Required for Celery Broker AWS (SQS) support +boto3==1.35.85 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==2.2.3 fontawesomefree==6.6.0 From 8f8abe95fc1ed0e01ee97bf205c0567055113f9e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 20 Dec 2024 15:53:26 -0600 Subject: [PATCH 51/65] chore(deps): update dependency vite from 6.0.4 to v6.0.5 (docs/package.json) (#11445) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docs/package-lock.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/package-lock.json b/docs/package-lock.json index f8c92eb5f29..1e3c2deba90 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -4700,13 +4700,13 @@ "license": "MIT" }, "node_modules/vite": { - "version": "6.0.4", - "resolved": "https://registry.npmjs.org/vite/-/vite-6.0.4.tgz", - "integrity": "sha512-zwlH6ar+6o6b4Wp+ydhtIKLrGM/LoqZzcdVmkGAFun0KHTzIzjh+h0kungEx7KJg/PYnC80I4TII9WkjciSR6Q==", + "version": "6.0.5", + "resolved": "https://registry.npmjs.org/vite/-/vite-6.0.5.tgz", + "integrity": "sha512-akD5IAH/ID5imgue2DYhzsEwCi0/4VKY31uhMLEYJwPP4TiUp8pL5PIK+Wo7H8qT8JY9i+pVfPydcFPYD1EL7g==", "dev": true, "license": "MIT", "dependencies": { - "esbuild": "^0.24.0", + "esbuild": "0.24.0", "postcss": "^8.4.49", "rollup": "^4.23.0" }, From e4e11c9cd41a1ad163fb12fc8f292d2cc01d3803 Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Mon, 23 Dec 2024 16:22:19 +0000 Subject: [PATCH 52/65] Update versions in application files --- components/package.json | 2 +- dojo/__init__.py | 2 +- helm/defectdojo/Chart.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/package.json b/components/package.json index 6ff5bff877e..febe451775d 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.41.3", + "version": "2.42.0-dev", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index d6ab484dc20..033e2fc2894 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa: F401 -__version__ = "2.41.3" +__version__ = "2.42.0-dev" __url__ = "https://github.com/DefectDojo/django-DefectDojo" __docs__ = "https://documentation.defectdojo.com" diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index 4d63b24192b..4b1d62f3fef 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.41.3" +appVersion: "2.42.0-dev" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.165 +version: 1.6.166-dev icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap From 65cea0bfa1118c93bfd11b9e0c956666f9d9c17e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Dec 2024 11:47:25 -0600 Subject: [PATCH 53/65] Bump pdfmake from 0.2.16 to 0.2.17 in /components (#11457) Bumps [pdfmake](https://github.com/bpampuch/pdfmake) from 0.2.16 to 0.2.17. - [Release notes](https://github.com/bpampuch/pdfmake/releases) - [Changelog](https://github.com/bpampuch/pdfmake/blob/0.2.17/CHANGELOG.md) - [Commits](https://github.com/bpampuch/pdfmake/compare/0.2.16...0.2.17) --- updated-dependencies: - dependency-name: pdfmake dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- components/package.json | 2 +- components/yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/components/package.json b/components/package.json index 018753a4c6b..be6c0f99acd 100644 --- a/components/package.json +++ b/components/package.json @@ -35,7 +35,7 @@ "metismenu": "~3.0.7", "moment": "^2.30.1", "morris.js": "morrisjs/morris.js", - "pdfmake": "^0.2.16", + "pdfmake": "^0.2.17", "startbootstrap-sb-admin-2": "1.0.7" }, "engines": { diff --git a/components/yarn.lock b/components/yarn.lock index eb7b1009641..b3615a80643 100644 --- a/components/yarn.lock +++ b/components/yarn.lock @@ -503,10 +503,10 @@ pako@~1.0.2: resolved "https://registry.yarnpkg.com/pako/-/pako-1.0.11.tgz#6c9599d340d54dfd3946380252a35705a6b992bf" integrity sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw== -pdfmake@^0.2.16: - version "0.2.16" - resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.2.16.tgz#5001538ad16e347aa21c12b1bdc0440015f7bdf7" - integrity sha512-oCHFIAVybjCkeU1ZCY5fB6BxOZ7ofeinN/sYfgPBny7Frx+8GbxNkEuuvZGj70Xn8/9kUhKZ84Q9S6qxj5eq5Q== +pdfmake@^0.2.17: + version "0.2.17" + resolved "https://registry.yarnpkg.com/pdfmake/-/pdfmake-0.2.17.tgz#64beeb0b09c7e0ade39b6d4b379371818cea3da5" + integrity sha512-ODOp1T232yr/HGjdYCq888paBE7RDCflCOSRDUtR9CyfXneOmnMPZJl8dxP9zEXbKiv9vfk9Z/3eK2V2B/Wx/Q== dependencies: "@foliojs-fork/linebreak" "^1.1.2" "@foliojs-fork/pdfkit" "^0.15.2" From ce5cf51e1bc87dfc2fd924b16d249afc6b5d4d16 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 26 Dec 2024 11:59:24 -0600 Subject: [PATCH 54/65] chore(deps): update dependency vite from 6.0.5 to v6.0.6 (docs/package.json) (#11471) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docs/package-lock.json | 224 ++++++++++++++++++++++------------------- 1 file changed, 121 insertions(+), 103 deletions(-) diff --git a/docs/package-lock.json b/docs/package-lock.json index f7ab6560956..3aa14d80550 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -1504,9 +1504,9 @@ } }, "node_modules/@esbuild/aix-ppc64": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.24.0.tgz", - "integrity": "sha512-WtKdFM7ls47zkKHFVzMz8opM7LkcsIp9amDUBIAWirg70RM71WRSjdILPsY5Uv1D42ZpUfaPILDlfactHgsRkw==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.24.2.tgz", + "integrity": "sha512-thpVCb/rhxE/BnMLQ7GReQLLN8q9qbHmI55F4489/ByVg2aQaQ6kbcLb6FHkocZzQhxc4gx0sCk0tJkKBFzDhA==", "cpu": [ "ppc64" ], @@ -1521,9 +1521,9 @@ } }, "node_modules/@esbuild/android-arm": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.24.0.tgz", - "integrity": "sha512-arAtTPo76fJ/ICkXWetLCc9EwEHKaeya4vMrReVlEIUCAUncH7M4bhMQ+M9Vf+FFOZJdTNMXNBrWwW+OXWpSew==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.24.2.tgz", + "integrity": "sha512-tmwl4hJkCfNHwFB3nBa8z1Uy3ypZpxqxfTQOcHX+xRByyYgunVbZ9MzUUfb0RxaHIMnbHagwAxuTL+tnNM+1/Q==", "cpu": [ "arm" ], @@ -1538,9 +1538,9 @@ } }, "node_modules/@esbuild/android-arm64": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.24.0.tgz", - "integrity": "sha512-Vsm497xFM7tTIPYK9bNTYJyF/lsP590Qc1WxJdlB6ljCbdZKU9SY8i7+Iin4kyhV/KV5J2rOKsBQbB77Ab7L/w==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.24.2.tgz", + "integrity": "sha512-cNLgeqCqV8WxfcTIOeL4OAtSmL8JjcN6m09XIgro1Wi7cF4t/THaWEa7eL5CMoMBdjoHOTh/vwTO/o2TRXIyzg==", "cpu": [ "arm64" ], @@ -1555,9 +1555,9 @@ } }, "node_modules/@esbuild/android-x64": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.24.0.tgz", - "integrity": "sha512-t8GrvnFkiIY7pa7mMgJd7p8p8qqYIz1NYiAoKc75Zyv73L3DZW++oYMSHPRarcotTKuSs6m3hTOa5CKHaS02TQ==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.24.2.tgz", + "integrity": "sha512-B6Q0YQDqMx9D7rvIcsXfmJfvUYLoP722bgfBlO5cGvNVb5V/+Y7nhBE3mHV9OpxBf4eAS2S68KZztiPaWq4XYw==", "cpu": [ "x64" ], @@ -1572,9 +1572,9 @@ } }, "node_modules/@esbuild/darwin-arm64": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.24.0.tgz", - "integrity": "sha512-CKyDpRbK1hXwv79soeTJNHb5EiG6ct3efd/FTPdzOWdbZZfGhpbcqIpiD0+vwmpu0wTIL97ZRPZu8vUt46nBSw==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.24.2.tgz", + "integrity": "sha512-kj3AnYWc+CekmZnS5IPu9D+HWtUI49hbnyqk0FLEJDbzCIQt7hg7ucF1SQAilhtYpIujfaHr6O0UHlzzSPdOeA==", "cpu": [ "arm64" ], @@ -1589,9 +1589,9 @@ } }, "node_modules/@esbuild/darwin-x64": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.24.0.tgz", - "integrity": "sha512-rgtz6flkVkh58od4PwTRqxbKH9cOjaXCMZgWD905JOzjFKW+7EiUObfd/Kav+A6Gyud6WZk9w+xu6QLytdi2OA==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.24.2.tgz", + "integrity": "sha512-WeSrmwwHaPkNR5H3yYfowhZcbriGqooyu3zI/3GGpF8AyUdsrrP0X6KumITGA9WOyiJavnGZUwPGvxvwfWPHIA==", "cpu": [ "x64" ], @@ -1606,9 +1606,9 @@ } }, "node_modules/@esbuild/freebsd-arm64": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.24.0.tgz", - "integrity": "sha512-6Mtdq5nHggwfDNLAHkPlyLBpE5L6hwsuXZX8XNmHno9JuL2+bg2BX5tRkwjyfn6sKbxZTq68suOjgWqCicvPXA==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.24.2.tgz", + "integrity": "sha512-UN8HXjtJ0k/Mj6a9+5u6+2eZ2ERD7Edt1Q9IZiB5UZAIdPnVKDoG7mdTVGhHJIeEml60JteamR3qhsr1r8gXvg==", "cpu": [ "arm64" ], @@ -1623,9 +1623,9 @@ } }, "node_modules/@esbuild/freebsd-x64": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.24.0.tgz", - "integrity": "sha512-D3H+xh3/zphoX8ck4S2RxKR6gHlHDXXzOf6f/9dbFt/NRBDIE33+cVa49Kil4WUjxMGW0ZIYBYtaGCa2+OsQwQ==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.24.2.tgz", + "integrity": "sha512-TvW7wE/89PYW+IevEJXZ5sF6gJRDY/14hyIGFXdIucxCsbRmLUcjseQu1SyTko+2idmCw94TgyaEZi9HUSOe3Q==", "cpu": [ "x64" ], @@ -1640,9 +1640,9 @@ } }, "node_modules/@esbuild/linux-arm": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.24.0.tgz", - "integrity": "sha512-gJKIi2IjRo5G6Glxb8d3DzYXlxdEj2NlkixPsqePSZMhLudqPhtZ4BUrpIuTjJYXxvF9njql+vRjB2oaC9XpBw==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.24.2.tgz", + "integrity": "sha512-n0WRM/gWIdU29J57hJyUdIsk0WarGd6To0s+Y+LwvlC55wt+GT/OgkwoXCXvIue1i1sSNWblHEig00GBWiJgfA==", "cpu": [ "arm" ], @@ -1657,9 +1657,9 @@ } }, "node_modules/@esbuild/linux-arm64": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.24.0.tgz", - "integrity": "sha512-TDijPXTOeE3eaMkRYpcy3LarIg13dS9wWHRdwYRnzlwlA370rNdZqbcp0WTyyV/k2zSxfko52+C7jU5F9Tfj1g==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.24.2.tgz", + "integrity": "sha512-7HnAD6074BW43YvvUmE/35Id9/NB7BeX5EoNkK9obndmZBUk8xmJJeU7DwmUeN7tkysslb2eSl6CTrYz6oEMQg==", "cpu": [ "arm64" ], @@ -1674,9 +1674,9 @@ } }, "node_modules/@esbuild/linux-ia32": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.24.0.tgz", - "integrity": "sha512-K40ip1LAcA0byL05TbCQ4yJ4swvnbzHscRmUilrmP9Am7//0UjPreh4lpYzvThT2Quw66MhjG//20mrufm40mA==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.24.2.tgz", + "integrity": "sha512-sfv0tGPQhcZOgTKO3oBE9xpHuUqguHvSo4jl+wjnKwFpapx+vUDcawbwPNuBIAYdRAvIDBfZVvXprIj3HA+Ugw==", "cpu": [ "ia32" ], @@ -1691,9 +1691,9 @@ } }, "node_modules/@esbuild/linux-loong64": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.24.0.tgz", - "integrity": "sha512-0mswrYP/9ai+CU0BzBfPMZ8RVm3RGAN/lmOMgW4aFUSOQBjA31UP8Mr6DDhWSuMwj7jaWOT0p0WoZ6jeHhrD7g==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.24.2.tgz", + "integrity": "sha512-CN9AZr8kEndGooS35ntToZLTQLHEjtVB5n7dl8ZcTZMonJ7CCfStrYhrzF97eAecqVbVJ7APOEe18RPI4KLhwQ==", "cpu": [ "loong64" ], @@ -1708,9 +1708,9 @@ } }, "node_modules/@esbuild/linux-mips64el": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.24.0.tgz", - "integrity": "sha512-hIKvXm0/3w/5+RDtCJeXqMZGkI2s4oMUGj3/jM0QzhgIASWrGO5/RlzAzm5nNh/awHE0A19h/CvHQe6FaBNrRA==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.24.2.tgz", + "integrity": "sha512-iMkk7qr/wl3exJATwkISxI7kTcmHKE+BlymIAbHO8xanq/TjHaaVThFF6ipWzPHryoFsesNQJPE/3wFJw4+huw==", "cpu": [ "mips64el" ], @@ -1725,9 +1725,9 @@ } }, "node_modules/@esbuild/linux-ppc64": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.24.0.tgz", - "integrity": "sha512-HcZh5BNq0aC52UoocJxaKORfFODWXZxtBaaZNuN3PUX3MoDsChsZqopzi5UupRhPHSEHotoiptqikjN/B77mYQ==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.24.2.tgz", + "integrity": "sha512-shsVrgCZ57Vr2L8mm39kO5PPIb+843FStGt7sGGoqiiWYconSxwTiuswC1VJZLCjNiMLAMh34jg4VSEQb+iEbw==", "cpu": [ "ppc64" ], @@ -1742,9 +1742,9 @@ } }, "node_modules/@esbuild/linux-riscv64": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.24.0.tgz", - "integrity": "sha512-bEh7dMn/h3QxeR2KTy1DUszQjUrIHPZKyO6aN1X4BCnhfYhuQqedHaa5MxSQA/06j3GpiIlFGSsy1c7Gf9padw==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.24.2.tgz", + "integrity": "sha512-4eSFWnU9Hhd68fW16GD0TINewo1L6dRrB+oLNNbYyMUAeOD2yCK5KXGK1GH4qD/kT+bTEXjsyTCiJGHPZ3eM9Q==", "cpu": [ "riscv64" ], @@ -1759,9 +1759,9 @@ } }, "node_modules/@esbuild/linux-s390x": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.24.0.tgz", - "integrity": "sha512-ZcQ6+qRkw1UcZGPyrCiHHkmBaj9SiCD8Oqd556HldP+QlpUIe2Wgn3ehQGVoPOvZvtHm8HPx+bH20c9pvbkX3g==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.24.2.tgz", + "integrity": "sha512-S0Bh0A53b0YHL2XEXC20bHLuGMOhFDO6GN4b3YjRLK//Ep3ql3erpNcPlEFed93hsQAjAQDNsvcK+hV90FubSw==", "cpu": [ "s390x" ], @@ -1776,9 +1776,9 @@ } }, "node_modules/@esbuild/linux-x64": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.24.0.tgz", - "integrity": "sha512-vbutsFqQ+foy3wSSbmjBXXIJ6PL3scghJoM8zCL142cGaZKAdCZHyf+Bpu/MmX9zT9Q0zFBVKb36Ma5Fzfa8xA==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.24.2.tgz", + "integrity": "sha512-8Qi4nQcCTbLnK9WoMjdC9NiTG6/E38RNICU6sUNqK0QFxCYgoARqVqxdFmWkdonVsvGqWhmm7MO0jyTqLqwj0Q==", "cpu": [ "x64" ], @@ -1792,10 +1792,27 @@ "node": ">=18" } }, + "node_modules/@esbuild/netbsd-arm64": { + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.24.2.tgz", + "integrity": "sha512-wuLK/VztRRpMt9zyHSazyCVdCXlpHkKm34WUyinD2lzK07FAHTq0KQvZZlXikNWkDGoT6x3TD51jKQ7gMVpopw==", + "cpu": [ + "arm64" + ], + "dev": true, + "license": "MIT", + "optional": true, + "os": [ + "netbsd" + ], + "engines": { + "node": ">=18" + } + }, "node_modules/@esbuild/netbsd-x64": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.24.0.tgz", - "integrity": "sha512-hjQ0R/ulkO8fCYFsG0FZoH+pWgTTDreqpqY7UnQntnaKv95uP5iW3+dChxnx7C3trQQU40S+OgWhUVwCjVFLvg==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.24.2.tgz", + "integrity": "sha512-VefFaQUc4FMmJuAxmIHgUmfNiLXY438XrL4GDNV1Y1H/RW3qow68xTwjZKfj/+Plp9NANmzbH5R40Meudu8mmw==", "cpu": [ "x64" ], @@ -1810,9 +1827,9 @@ } }, "node_modules/@esbuild/openbsd-arm64": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.24.0.tgz", - "integrity": "sha512-MD9uzzkPQbYehwcN583yx3Tu5M8EIoTD+tUgKF982WYL9Pf5rKy9ltgD0eUgs8pvKnmizxjXZyLt0z6DC3rRXg==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.24.2.tgz", + "integrity": "sha512-YQbi46SBct6iKnszhSvdluqDmxCJA+Pu280Av9WICNwQmMxV7nLRHZfjQzwbPs3jeWnuAhE9Jy0NrnJ12Oz+0A==", "cpu": [ "arm64" ], @@ -1827,9 +1844,9 @@ } }, "node_modules/@esbuild/openbsd-x64": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.24.0.tgz", - "integrity": "sha512-4ir0aY1NGUhIC1hdoCzr1+5b43mw99uNwVzhIq1OY3QcEwPDO3B7WNXBzaKY5Nsf1+N11i1eOfFcq+D/gOS15Q==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.24.2.tgz", + "integrity": "sha512-+iDS6zpNM6EnJyWv0bMGLWSWeXGN/HTaF/LXHXHwejGsVi+ooqDfMCCTerNFxEkM3wYVcExkeGXNqshc9iMaOA==", "cpu": [ "x64" ], @@ -1844,9 +1861,9 @@ } }, "node_modules/@esbuild/sunos-x64": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.24.0.tgz", - "integrity": "sha512-jVzdzsbM5xrotH+W5f1s+JtUy1UWgjU0Cf4wMvffTB8m6wP5/kx0KiaLHlbJO+dMgtxKV8RQ/JvtlFcdZ1zCPA==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.24.2.tgz", + "integrity": "sha512-hTdsW27jcktEvpwNHJU4ZwWFGkz2zRJUz8pvddmXPtXDzVKTTINmlmga3ZzwcuMpUvLw7JkLy9QLKyGpD2Yxig==", "cpu": [ "x64" ], @@ -1861,9 +1878,9 @@ } }, "node_modules/@esbuild/win32-arm64": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.24.0.tgz", - "integrity": "sha512-iKc8GAslzRpBytO2/aN3d2yb2z8XTVfNV0PjGlCxKo5SgWmNXx82I/Q3aG1tFfS+A2igVCY97TJ8tnYwpUWLCA==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.24.2.tgz", + "integrity": "sha512-LihEQ2BBKVFLOC9ZItT9iFprsE9tqjDjnbulhHoFxYQtQfai7qfluVODIYxt1PgdoyQkz23+01rzwNwYfutxUQ==", "cpu": [ "arm64" ], @@ -1878,9 +1895,9 @@ } }, "node_modules/@esbuild/win32-ia32": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.24.0.tgz", - "integrity": "sha512-vQW36KZolfIudCcTnaTpmLQ24Ha1RjygBo39/aLkM2kmjkWmZGEJ5Gn9l5/7tzXA42QGIoWbICfg6KLLkIw6yw==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.24.2.tgz", + "integrity": "sha512-q+iGUwfs8tncmFC9pcnD5IvRHAzmbwQ3GPS5/ceCyHdjXubwQWI12MKWSNSMYLJMq23/IUCvJMS76PDqXe1fxA==", "cpu": [ "ia32" ], @@ -1895,9 +1912,9 @@ } }, "node_modules/@esbuild/win32-x64": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.24.0.tgz", - "integrity": "sha512-7IAFPrjSQIJrGsK6flwg7NFmwBoSTyF3rl7If0hNUFQU4ilTsEPL6GuMuU9BfIWVVGuRnuIidkSMC+c0Otu8IA==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.24.2.tgz", + "integrity": "sha512-7VTgWzgMGvup6aSqDPLiW5zHaxYJGTO4OokMjIlrCtf+VpEL+cXKtCvg723iguPYI5oaUNdS+/V7OU2gvXVWEg==", "cpu": [ "x64" ], @@ -2906,9 +2923,9 @@ "license": "MIT" }, "node_modules/esbuild": { - "version": "0.24.0", - "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.24.0.tgz", - "integrity": "sha512-FuLPevChGDshgSicjisSooU0cemp/sGXR841D5LHMB7mTVOmsEHcAxaH3irL53+8YDIeVNQEySh4DaYU/iuPqQ==", + "version": "0.24.2", + "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.24.2.tgz", + "integrity": "sha512-+9egpBW8I3CD5XPe0n6BfT5fxLzxrlDzqydF3aviG+9ni1lDC/OvMHcxqEFV0+LANZG5R1bFMWfUrjVsdwxJvA==", "dev": true, "hasInstallScript": true, "license": "MIT", @@ -2919,30 +2936,31 @@ "node": ">=18" }, "optionalDependencies": { - "@esbuild/aix-ppc64": "0.24.0", - "@esbuild/android-arm": "0.24.0", - "@esbuild/android-arm64": "0.24.0", - "@esbuild/android-x64": "0.24.0", - "@esbuild/darwin-arm64": "0.24.0", - "@esbuild/darwin-x64": "0.24.0", - "@esbuild/freebsd-arm64": "0.24.0", - "@esbuild/freebsd-x64": "0.24.0", - "@esbuild/linux-arm": "0.24.0", - "@esbuild/linux-arm64": "0.24.0", - "@esbuild/linux-ia32": "0.24.0", - "@esbuild/linux-loong64": "0.24.0", - "@esbuild/linux-mips64el": "0.24.0", - "@esbuild/linux-ppc64": "0.24.0", - "@esbuild/linux-riscv64": "0.24.0", - "@esbuild/linux-s390x": "0.24.0", - "@esbuild/linux-x64": "0.24.0", - "@esbuild/netbsd-x64": "0.24.0", - "@esbuild/openbsd-arm64": "0.24.0", - "@esbuild/openbsd-x64": "0.24.0", - "@esbuild/sunos-x64": "0.24.0", - "@esbuild/win32-arm64": "0.24.0", - "@esbuild/win32-ia32": "0.24.0", - "@esbuild/win32-x64": "0.24.0" + "@esbuild/aix-ppc64": "0.24.2", + "@esbuild/android-arm": "0.24.2", + "@esbuild/android-arm64": "0.24.2", + "@esbuild/android-x64": "0.24.2", + "@esbuild/darwin-arm64": "0.24.2", + "@esbuild/darwin-x64": "0.24.2", + "@esbuild/freebsd-arm64": "0.24.2", + "@esbuild/freebsd-x64": "0.24.2", + "@esbuild/linux-arm": "0.24.2", + "@esbuild/linux-arm64": "0.24.2", + "@esbuild/linux-ia32": "0.24.2", + "@esbuild/linux-loong64": "0.24.2", + "@esbuild/linux-mips64el": "0.24.2", + "@esbuild/linux-ppc64": "0.24.2", + "@esbuild/linux-riscv64": "0.24.2", + "@esbuild/linux-s390x": "0.24.2", + "@esbuild/linux-x64": "0.24.2", + "@esbuild/netbsd-arm64": "0.24.2", + "@esbuild/netbsd-x64": "0.24.2", + "@esbuild/openbsd-arm64": "0.24.2", + "@esbuild/openbsd-x64": "0.24.2", + "@esbuild/sunos-x64": "0.24.2", + "@esbuild/win32-arm64": "0.24.2", + "@esbuild/win32-ia32": "0.24.2", + "@esbuild/win32-x64": "0.24.2" } }, "node_modules/escalade": { @@ -4699,13 +4717,13 @@ "license": "MIT" }, "node_modules/vite": { - "version": "6.0.5", - "resolved": "https://registry.npmjs.org/vite/-/vite-6.0.5.tgz", - "integrity": "sha512-akD5IAH/ID5imgue2DYhzsEwCi0/4VKY31uhMLEYJwPP4TiUp8pL5PIK+Wo7H8qT8JY9i+pVfPydcFPYD1EL7g==", + "version": "6.0.6", + "resolved": "https://registry.npmjs.org/vite/-/vite-6.0.6.tgz", + "integrity": "sha512-NSjmUuckPmDU18bHz7QZ+bTYhRR0iA72cs2QAxCqDpafJ0S6qetco0LB3WW2OxlMHS0JmAv+yZ/R3uPmMyGTjQ==", "dev": true, "license": "MIT", "dependencies": { - "esbuild": "0.24.0", + "esbuild": "^0.24.2", "postcss": "^8.4.49", "rollup": "^4.23.0" }, From f85de4e269e772a54688c9ffdb7aa287e96d0ec2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 26 Dec 2024 12:02:14 -0600 Subject: [PATCH 55/65] Bump boto3 from 1.35.85 to 1.35.87 (#11466) Bumps [boto3](https://github.com/boto/boto3) from 1.35.85 to 1.35.87. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.85...1.35.87) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 006715a7f1e..f34582b7e59 100644 --- a/requirements.txt +++ b/requirements.txt @@ -69,7 +69,7 @@ django-ratelimit==4.1.0 argon2-cffi==23.1.0 blackduck==1.1.3 pycurl==7.45.4 # Required for Celery Broker AWS (SQS) support -boto3==1.35.85 # Required for Celery Broker AWS (SQS) support +boto3==1.35.87 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==2.2.3 fontawesomefree==6.6.0 From 7e656eda95591f5fb4ff4bc17f9cdf6b3123f763 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 27 Dec 2024 12:45:14 -0600 Subject: [PATCH 56/65] Bump boto3 from 1.35.87 to 1.35.88 (#11473) Bumps [boto3](https://github.com/boto/boto3) from 1.35.87 to 1.35.88. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.87...1.35.88) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index f34582b7e59..8a567a69254 100644 --- a/requirements.txt +++ b/requirements.txt @@ -69,7 +69,7 @@ django-ratelimit==4.1.0 argon2-cffi==23.1.0 blackduck==1.1.3 pycurl==7.45.4 # Required for Celery Broker AWS (SQS) support -boto3==1.35.87 # Required for Celery Broker AWS (SQS) support +boto3==1.35.88 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==2.2.3 fontawesomefree==6.6.0 From b91ae3e3c501adee875e3de9f797e0f96f6f2c51 Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Mon, 30 Dec 2024 15:57:25 +0000 Subject: [PATCH 57/65] Update versions in application files --- components/package.json | 2 +- dojo/__init__.py | 2 +- helm/defectdojo/Chart.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/package.json b/components/package.json index e037cef0533..febe451775d 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.41.4", + "version": "2.42.0-dev", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index 5b3feec85aa..033e2fc2894 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa: F401 -__version__ = "2.41.4" +__version__ = "2.42.0-dev" __url__ = "https://github.com/DefectDojo/django-DefectDojo" __docs__ = "https://documentation.defectdojo.com" diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index d6c561dc9a9..e9713e02252 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.41.4" +appVersion: "2.42.0-dev" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.166 +version: 1.6.167-dev icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap From c0f2ba8f26ccb124c75ff844bb34ca48e41ee8b9 Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Mon, 30 Dec 2024 15:57:26 +0000 Subject: [PATCH 58/65] Update versions in application files --- components/package.json | 2 +- helm/defectdojo/Chart.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/components/package.json b/components/package.json index e037cef0533..febe451775d 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.41.4", + "version": "2.42.0-dev", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index d6c561dc9a9..e9713e02252 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.41.4" +appVersion: "2.42.0-dev" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.166 +version: 1.6.167-dev icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap From 0a2c8097d2b1663443b3217956f5e44135108b9a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Dec 2024 16:05:07 -0600 Subject: [PATCH 59/65] Bump boto3 from 1.35.88 to 1.35.90 (#11476) Bumps [boto3](https://github.com/boto/boto3) from 1.35.88 to 1.35.90. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.88...1.35.90) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 8a567a69254..0fc4410609e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -69,7 +69,7 @@ django-ratelimit==4.1.0 argon2-cffi==23.1.0 blackduck==1.1.3 pycurl==7.45.4 # Required for Celery Broker AWS (SQS) support -boto3==1.35.88 # Required for Celery Broker AWS (SQS) support +boto3==1.35.90 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==2.2.3 fontawesomefree==6.6.0 From 5678d556c33c6bdf06c8026542573f2084fde23c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Dec 2024 16:05:50 -0600 Subject: [PATCH 60/65] Bump python-gitlab from 5.2.0 to 5.3.0 (#11475) Bumps [python-gitlab](https://github.com/python-gitlab/python-gitlab) from 5.2.0 to 5.3.0. - [Release notes](https://github.com/python-gitlab/python-gitlab/releases) - [Changelog](https://github.com/python-gitlab/python-gitlab/blob/main/CHANGELOG.md) - [Commits](https://github.com/python-gitlab/python-gitlab/compare/v5.2.0...v5.3.0) --- updated-dependencies: - dependency-name: python-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 0fc4410609e..3353536e4fb 100644 --- a/requirements.txt +++ b/requirements.txt @@ -46,7 +46,7 @@ titlecase==2.4.1 social-auth-app-django==5.4.2 social-auth-core==4.5.4 gitpython==3.1.43 -python-gitlab==5.2.0 +python-gitlab==5.3.0 cpe==1.3.1 packageurl-python==0.16.0 django-crum==0.7.9 From 9e141201ff1b3e8f333b38d4b034a6ab89627727 Mon Sep 17 00:00:00 2001 From: Harold Blankenship <36673698+hblankenship@users.noreply.github.com> Date: Thu, 2 Jan 2025 12:07:17 -0600 Subject: [PATCH 61/65] Update JIRA for Finding Group When Risk Acceptance Expires (#11401) * update group jira RA, use helper for UI * ruff it up * return endpoint update * move func to jira_helper, update calls * the endpoints fail the test? * rearrange risk changes * fix for minor e.text error, minor grammar issue * added test for changing jira group status * remove newline at end of file --- dojo/finding/views.py | 20 +- dojo/fixtures/dojo_testdata.json | 6 +- dojo/jira_link/helper.py | 25 +- dojo/risk_acceptance/helper.py | 45 +- unittests/test_jira_import_and_pushing_api.py | 64 +- ...est_import_grouped_reopen_expired_sla.yaml | 7455 +++++++++++++++++ 6 files changed, 7573 insertions(+), 42 deletions(-) create mode 100644 unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_grouped_reopen_expired_sla.yaml diff --git a/dojo/finding/views.py b/dojo/finding/views.py index 18faed336b0..6fd6331d3c3 100644 --- a/dojo/finding/views.py +++ b/dojo/finding/views.py @@ -1438,25 +1438,7 @@ def reopen_finding(request, fid): status.save() # Clear the risk acceptance, if present ra_helper.risk_unaccept(request.user, finding) - - # Manage the jira status changes - push_to_jira = False - # Determine if the finding is in a group. if so, not push to jira - finding_in_group = finding.has_finding_group - # Check if there is a jira issue that needs to be updated - jira_issue_exists = finding.has_jira_issue or (finding.finding_group and finding.finding_group.has_jira_issue) - # Only push if the finding is not in a group - if jira_issue_exists: - # Determine if any automatic sync should occur - push_to_jira = jira_helper.is_push_all_issues(finding) \ - or jira_helper.get_jira_instance(finding).finding_jira_sync - # Save the finding - finding.save(push_to_jira=(push_to_jira and not finding_in_group)) - - # we only push the group after saving the finding to make sure - # the updated data of the finding is pushed as part of the group - if push_to_jira and finding_in_group: - jira_helper.push_to_jira(finding.finding_group) + jira_helper.save_and_push_to_jira(finding) reopen_external_issue(finding, "re-opened by defectdojo", "github") diff --git a/dojo/fixtures/dojo_testdata.json b/dojo/fixtures/dojo_testdata.json index ae550f8bf81..b35d570eaab 100644 --- a/dojo/fixtures/dojo_testdata.json +++ b/dojo/fixtures/dojo_testdata.json @@ -2158,8 +2158,8 @@ "fields": { "configuration_name": "Happy little JIRA 2", "url": "https://defectdojo.atlassian.net/", - "username": "YOUR USERNAME", - "password": "YOU API TOKEN", + "username": "[YOUR USERNAME]", + "password": "[YOUR API TOKEN]", "default_issue_type": "Task", "epic_name_id": 10011, "open_status_key": 11, @@ -2253,7 +2253,7 @@ "component": "", "enable_engagement_epic_mapping": true, "jira_instance": 2, - "project_key": "key1" + "project_key": "NTEST" } }, { diff --git a/dojo/jira_link/helper.py b/dojo/jira_link/helper.py index 308331987a9..8aff8972401 100644 --- a/dojo/jira_link/helper.py +++ b/dojo/jira_link/helper.py @@ -785,7 +785,7 @@ def failure_to_add_message(message: str, exception: Exception, object: Any) -> b JIRAError.log_to_tempfile = False jira = get_jira_connection(jira_instance) except Exception as e: - message = f"The following jira instance could not be connected: {jira_instance} - {e.text}" + message = f"The following jira instance could not be connected: {jira_instance} - {e}" return failure_to_add_message(message, e, obj) # Set the list of labels to set on the jira issue labels = get_labels(obj) + get_tags(obj) @@ -793,6 +793,7 @@ def failure_to_add_message(message: str, exception: Exception, object: Any) -> b labels = list(dict.fromkeys(labels)) # de-dup # Determine what due date to set on the jira issue duedate = None + if System_Settings.objects.get().enable_finding_sla: duedate = obj.sla_deadline() # Set the fields that will compose the jira issue @@ -1104,6 +1105,7 @@ def get_issuetype_fields( issuetype_fields = None use_cloud_api = jira.deploymentType.lower() == "cloud" or jira._version < (9, 0, 0) + try: if use_cloud_api: try: @@ -1706,3 +1708,24 @@ def process_resolution_from_jira(finding, resolution_id, resolution_name, assign if status_changed: finding.save() return status_changed + + +def save_and_push_to_jira(finding): + # Manage the jira status changes + push_to_jira = False + # Determine if the finding is in a group. if so, not push to jira yet + finding_in_group = finding.has_finding_group + # Check if there is a jira issue that needs to be updated + jira_issue_exists = finding.has_jira_issue or (finding.finding_group and finding.finding_group.has_jira_issue) + # Only push if the finding is not in a group + if jira_issue_exists: + # Determine if any automatic sync should occur + push_to_jira = is_push_all_issues(finding) \ + or get_jira_instance(finding).finding_jira_sync + # Save the finding + finding.save(push_to_jira=(push_to_jira and not finding_in_group)) + + # we only push the group after saving the finding to make sure + # the updated data of the finding is pushed as part of the group + if push_to_jira and finding_in_group: + push_to_jira(finding.finding_group) diff --git a/dojo/risk_acceptance/helper.py b/dojo/risk_acceptance/helper.py index 00897d134c3..a3d06a45490 100644 --- a/dojo/risk_acceptance/helper.py +++ b/dojo/risk_acceptance/helper.py @@ -22,23 +22,21 @@ def expire_now(risk_acceptance): reactivated_findings = [] if risk_acceptance.reactivate_expired: for finding in risk_acceptance.accepted_findings.all(): - if not finding.active: - logger.debug("%i:%s: unaccepting a.k.a reactivating finding.", finding.id, finding) - finding.active = True - finding.risk_accepted = False + if not finding.active: # not sure why this is important + logger.debug("%i:%s: unaccepting/reactivating finding.", finding.id, finding) + # Update any endpoint statuses on each of the findings update_endpoint_statuses(finding, accept_risk=False) + risk_unaccept(None, finding, post_comments=False) # comments will be posted at end if risk_acceptance.restart_sla_expired: finding.sla_start_date = timezone.now().date() + finding.save(dedupe_option=False) # resave if changed after risk_unaccept - finding.save(dedupe_option=False) reactivated_findings.append(finding) - # findings remain in this risk acceptance for reporting / metrics purposes else: logger.debug("%i:%s already active, no changes made.", finding.id, finding) - # best effort JIRA integration, no status changes post_jira_comments(risk_acceptance, risk_acceptance.accepted_findings.all(), expiration_message_creator) risk_acceptance.expiration_date = timezone.now() @@ -189,7 +187,7 @@ def expiration_handler(*args, **kwargs): product=risk_acceptance.engagement.product, url=reverse("view_risk_acceptance", args=(risk_acceptance.engagement.id, risk_acceptance.id))) - post_jira_comments(risk_acceptance, expiration_warning_message_creator, heads_up_days) + post_jira_comments(risk_acceptance, risk_acceptance.accepted_findings.all(), expiration_warning_message_creator, heads_up_days) risk_acceptance.expiration_date_warned = timezone.now() risk_acceptance.save() @@ -243,20 +241,22 @@ def unaccepted_message_creator(risk_acceptance, heads_up_days=0): def post_jira_comment(finding, message_factory, heads_up_days=0): - if not finding or not finding.has_jira_issue: + if not finding or (not finding.has_jira_issue and not finding.has_jira_group_issue): return - jira_project = jira_helper.get_jira_project(finding) if jira_project and jira_project.risk_acceptance_expiration_notification: jira_instance = jira_helper.get_jira_instance(finding) - if jira_instance: jira_comment = message_factory(None, heads_up_days) - logger.debug("Creating JIRA comment for something risk acceptance related") - jira_helper.add_simple_jira_comment(jira_instance, finding.jira_issue, jira_comment) + jira_issue = None + if finding.has_jira_issue: + jira_issue = finding.jira_issue + elif finding.has_jira_group_issue: + jira_issue = finding.finding_group.jira_issue + jira_helper.add_simple_jira_comment(jira_instance, jira_issue, jira_comment) def post_jira_comments(risk_acceptance, findings, message_factory, heads_up_days=0): @@ -270,11 +270,15 @@ def post_jira_comments(risk_acceptance, findings, message_factory, heads_up_days if jira_instance: jira_comment = message_factory(risk_acceptance, heads_up_days) - for finding in findings: + jira_issue = None if finding.has_jira_issue: - logger.debug("Creating JIRA comment for something risk acceptance related") - jira_helper.add_simple_jira_comment(jira_instance, finding.jira_issue, jira_comment) + jira_issue = finding.jira_issue + elif finding.has_jira_group_issue: + jira_issue = finding.finding_group.jira_issue + + if jira_issue: + jira_helper.add_simple_jira_comment(jira_instance, jira_issue, jira_comment) def get_expired_risk_acceptances_to_handle(): @@ -319,7 +323,7 @@ def simple_risk_accept(user: Dojo_User, finding: Finding, perform_save=True) -> )) -def risk_unaccept(user: Dojo_User, finding: Finding, perform_save=True) -> None: +def risk_unaccept(user: Dojo_User, finding: Finding, perform_save=True, post_comments=True) -> None: logger.debug("unaccepting finding %i:%s if it is currently risk accepted", finding.id, finding) if finding.risk_accepted: logger.debug("unaccepting finding %i:%s", finding.id, finding) @@ -336,7 +340,12 @@ def risk_unaccept(user: Dojo_User, finding: Finding, perform_save=True) -> None: # post_jira_comment might reload from database so see unaccepted finding. but the comment # only contains some text so that's ok - post_jira_comment(finding, unaccepted_message_creator) + if post_comments: + post_jira_comment(finding, unaccepted_message_creator) + + # Update the JIRA obect for this finding + jira_helper.save_and_push_to_jira(finding) + # Add a note to reflect that the finding was removed from the risk acceptance if user is not None: finding.notes.add(Notes.objects.create( diff --git a/unittests/test_jira_import_and_pushing_api.py b/unittests/test_jira_import_and_pushing_api.py index eeba03f9740..2562b555a99 100644 --- a/unittests/test_jira_import_and_pushing_api.py +++ b/unittests/test_jira_import_and_pushing_api.py @@ -2,12 +2,14 @@ import logging from crum import impersonate +from django.urls import reverse from rest_framework.authtoken.models import Token from rest_framework.test import APIClient from vcr import VCR +import dojo.risk_acceptance.helper as ra_helper from dojo.jira_link import helper as jira_helper -from dojo.models import Finding, Finding_Group, JIRA_Instance, User +from dojo.models import Finding, Finding_Group, JIRA_Instance, Risk_Acceptance, User from .dojo_test_case import DojoVCRAPITestCase, get_unit_tests_path, toggle_system_setting_boolean @@ -68,6 +70,7 @@ def setUp(self): self.scans_path = "/scans/" self.zap_sample5_filename = self.scans_path + "zap/5_zap_sample_one.xml" self.npm_groups_sample_filename = self.scans_path + "npm_audit/many_vuln_with_groups.json" + self.client.force_login(self.get_test_admin()) def test_import_no_push_to_jira(self): import0 = self.import_scan_with_params(self.zap_sample5_filename, verified=True) @@ -281,6 +284,65 @@ def test_import_twice_push_to_jira(self): self.assert_jira_issue_count_in_test(test_id1, 0) self.assert_jira_group_issue_count_in_test(test_id, 0) + def add_risk_acceptance(self, eid, data_risk_accceptance, fid=None): + args = (eid, fid) if fid else (eid,) + response = self.client.post(reverse("add_risk_acceptance", args=args), data_risk_accceptance) + self.assertEqual(302, response.status_code, response.content[:1000]) + return response + + def test_import_grouped_reopen_expired_sla(self): + # steps + # import scan, make sure they are in grouped JIRA + # risk acceptance all the grouped findings, make sure they are closed in JIRA + # expire risk acceptance on all grouped findings, make sure they are open in JIRA + import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type="NPM Audit Scan", group_by="component_name+component_version", push_to_jira=True, verified=True) + test_id = import0["test"] + self.assert_jira_issue_count_in_test(test_id, 0) + self.assert_jira_group_issue_count_in_test(test_id, 3) + findings = self.get_test_findings_api(test_id) + finding_id = findings["results"][0]["id"] + + ra_data = { + "name": "Accept: Unit test", + "accepted_findings": [], + "recommendation": "A", + "recommendation_details": "recommendation 1", + "decision": "A", + "decision_details": "it has been decided!", + "accepted_by": "pointy haired boss", + "owner": 1, + "expiration_date": "2024-12-31", + "reactivate_expired": True, + } + + for finding in findings["results"]: + ra_data["accepted_findings"].append(finding["id"]) + + pre_jira_status = self.get_jira_issue_status(finding_id) + + response = self.add_risk_acceptance(1, data_risk_accceptance=ra_data) + self.assertEqual("/engagement/1", response.url) + + # We do this to update the JIRA + for finding in ra_data["accepted_findings"]: + self.patch_finding_api(finding, {"push_to_jira": True}) + + post_jira_status = self.get_jira_issue_status(finding_id) + self.assertNotEqual(pre_jira_status, post_jira_status) + + pre_jira_status = post_jira_status + ra = Risk_Acceptance.objects.last() + ra_helper.expire_now(ra) + # We do this to update the JIRA + for finding in ra_data["accepted_findings"]: + self.patch_finding_api(finding, {"push_to_jira": True}) + + post_jira_status = self.get_jira_issue_status(finding_id) + self.assertNotEqual(pre_jira_status, post_jira_status) + + # by asserting full cassette is played we know all calls to JIRA have been made as expected + self.assert_cassette_played() + def test_import_with_groups_twice_push_to_jira(self): import0 = self.import_scan_with_params(self.npm_groups_sample_filename, scan_type="NPM Audit Scan", group_by="component_name+component_version", push_to_jira=True, verified=True) test_id = import0["test"] diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_grouped_reopen_expired_sla.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_grouped_reopen_expired_sla.yaml new file mode 100644 index 00000000000..5450aa9653e --- /dev/null +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_import_grouped_reopen_expired_sla.yaml @@ -0,0 +1,7455 @@ +interactions: +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA5yQUUvDMBSF/0te3bqbtN26vMkEp+gU2r0oImlyi9U0KU06GGP/3QQH26P6drnn + O/cc7oHUwuF20ISTD+97x2czhQ1Kr+ynTYTXwrlWmMSgJxOiWtdrsf8HX+KwayUqdF9r1P0Kjcfh + r0dW1jR6RCPxd84dDq61JsAUgCaQwLTcXD+X66fqrG7Grg4T4a8RmsAE3kIm9truu9Cy2vcxbaXt + qIKpHlutfiyEBwNbLE7LG+EjyIBlU8qmdFlRxlPKaZoAwBUEOPhd+AMOVdtdsilUtOA0C3iSL86s + 7O5MYwMIWQ5ZyuYiresiL5Y0X1KVs1RKVqCaU4GNENm8vgjwOibct4OILwz6qP2DlSKuD0SfJoLm + fVuS42WxF2uicvtYkeM3AAAA//8DAIJe/usgAgAA + headers: + Atl-Request-Id: + - cd2d7f48-ee2c-4df1-807a-3163dc0e224b + Atl-Traceid: + - cd2d7f48ee2c4df1807a3163dc0e224b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:31 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=214,atl-edge-internal;dur=37,atl-edge-upstream;dur=176,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - d50a969d2e184c047378565e1391d27c + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: !!binary | + H4sIAAAAAAAAA+xW32/TMBD+V6o8V0vbVWOqhBBiIE2gCWndXtCETHJZb3PsYDttyrT/nXPixO5a + RjpgvCxP9vl+fOf77uK7CKqCiTSaRYWSN5AYHQ39cvblziug1iWYdQFWRQPPSLYwptCzOE4hI4NU + 3sgDZjjTGpk4EGBiBdrErMB4Ejuv8XhEH7lA67Td3MKadmfz9+dz2gmWA20vBBpDDmxAtmSGqQvF + CdVdND2upsd7xi8FLkFpxr82vuIlwiq2CXXQ3MF4NB29opiTaTWZ/tsobzT+gNc6Z5xTwPFRNT56 + joBVG/FwUh1OniNiDimWeXQ/DHlk+fUEJnUeai5NQi7ZTQo6UVgYlIKkbwd1rsNBitqgSMygQEhg + ILPBSqrbA2udSEHM2hPFI9fgAXYXcTg+3riIjuRzpm9pVwqjmNCcGUjPNk50+c3Y1SxjXMMwWiAo + ppLF+hMsgUCPhr5HMwSe2nZxC2oVXeY5U2u7VPC9RAWkaFRJnnSygJzZE4uVzLVRKK5tzLU2kFuJ + s77v8J47SduzrQYBY/oEMlZyc8l4CR1gWRBgWw1bcKq3ia5CGvRC5rUDcF7o4Z1a2WDeaDYIQ9te + GK9o3HAuV5DWSi88fYSNjeEp5VXb7qDnva12wRQIs1lq52F3rTmKOlxba+fAF/pzI2iL7M57Vrhj + YSLzQgqyrHvl99iYUsxyHQkVmXj7EGvg1ON954Ut5kCvL26WpjYS2HgKcrmEaAdbbWYb7OqT2nbz + hy58IieBtM0k1OybSlsC98/oNQZa3ZAYThQwo1Ny1Oj2ewDbvtQnjYA/e/Q4azvNPjbDVmZmRUy3 + F4B5wZHmvC/pyxvpbwb8f2+kemJmWF2Sh4aUffr34Wiy8Zt+7Hol9On75QNWA6fsZ1Oouk/jDN2I + enw4FQqlQvPgVfKrzDrtjbZ3srDvO7W28TvBVgLNgNnGvwPwExu/iR2PbUn6/7gxZ9egY2uhWydI + ggVeL8j7TwAAAP//vJfBboMwDIZfpeqht8K6tpdJqNph0iax087VBNQCNgqMkHU99N0XxwmE0mms + QTvWjZMvtnF+O+wTW7S68SMZ8QTZV0Qw7GClRhkHtk+qMW+tMZfjYNL31gV91rJHoi6tUVfjoIqK + 7HL6xUFDrqwh16NB9krUlzaNup6etihNzC/RDv0/SwH1Imd1sZfT1at4xherYR0syLEJkfNUCj+n + PH6lzIkrgDwpStGHnLe0Cu7iZA5lGs2V/iUXktfitLbZPYhFE58WKTXZQ7vQ9n7s29iVsyAE0g4D + bnT22vTVo9qtRfbJoHnV/6Lf8rpAdZxBDQPT2FTCwrlxaSOX8Viktt58cKiO3uDLX1LUgjmo6yBK + 9oOHlvN4GP5GTAxrG5d7cynFpuM97B50g6goj+14jUV0ZT4Nf4PfsBp5Fb9hN5GTd5vezgY2KVZz + tCsK/h2qTcQrnPSUyH/aeTOWFIcXHuKASkOhh4+7aWZkUa4SVOhpL+dZNruqXJowI3Ccg2xjvweZ + M6g65aC9jWLQpqYUWoNdFPFwl3YLwgxcBjimb5Qc9eQY8tdoUOdAwbo9fQMAAP//AwBWYTYNTBYA + AA== + headers: + Atl-Request-Id: + - 92e4fee3-8af8-4343-85a2-906308cde605 + Atl-Traceid: + - 92e4fee38af8434385a2906308cde605 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:32 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=312,atl-edge-internal;dur=17,atl-edge-upstream;dur=292,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 4e0b52fac382010988109639367a2804 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/358] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || + CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] + | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] + | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] + | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Jan. 29, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* High\n *Due Date:* Jan. 29, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* Jan. 29, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '3361' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"15997","key":"NTEST-1585","self":"https://defectdojo.atlassian.net/rest/api/2/issue/15997"}' + headers: + Atl-Request-Id: + - df4ed9e1-993f-4c3c-b656-46250a07daec + Atl-Traceid: + - df4ed9e1993f4c3cb65646250a07daec + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:32 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=677,atl-edge-internal;dur=22,atl-edge-upstream;dur=659,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 03d5482c097ff2a04fe6e3893b2eb52a + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1585 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXWXPbNhD+Kxg+phIvSY7MmU7HdZTEreu6spI8OB4PTK5IxCTAAKCO2v7v3eUh + xYcytTuN/UBce2D32w+rGwdWJZeJEzkaZAIakrcC8sT0JC/A9EycQcF7qgTNrVDS9CARtgDLe3HG + ZQq5SnsL0Ab3IJlCqcGAtO3ZuDJWFXNSeBn4fuC7Gr5WYOxsXcKp5rEVMTg9R5D9YLS//xonBvI5 + TjNrSxN5XgJziG2iviiX25wbI7h0JVgPLVmPl8ILPWFMBV6n4BrWKH8ym5zN+sFoPMKl2gXjRDeO + Qd8qE3MLqdLr5g4JzlAi9MNhPwj7A38WjKNgGA1CdxwEP6HfPjlJRiw6Xqt5oZMk76E+P9xcu50k + YGItSgocrh4wU/A877FEGCtkbFkpIAam5myp9LVL0rGSH3T+TC8qKShdPL/kC2659hYCll7t1tbB + divwB8H4FyP+hp8LTHtVoFWCBZqccXNNuaquLI2iOc8N9JxG8AjvVcv2nEwgcHScrY9hAeirf9dz + rEBklYgSJ5IV3tF5AJOB322UWn3BG70w4K10He46gV24afINSLa3+iCFtajAOBvbhNTf67NGze2S + a8KrEUWZC3Q4eXBzzEeNsuF4NRw/093vZKa7ySYvQ5+AHg5X4fD/tdJkv8YiGgz2VsHejzC46iwO + wtUg/BEWW4Df3T2GY7ALp2G3MRerjw0HYvbPLx6fHHQneZpqSJFvHhUBXkDlVVP+T5sb7drY27Xx + esdGuHNjvGtj/7GfDW02q0RK9QvhRP0Ap9ziw9EQ7vMLt6HzLYF7jTpNZVkPD1VFgQuIlD/RgpCp + E1ldwV3L06RNi7gJ582jNfIMj5pMVXnyRpgy5+u2lHEZ3bIfETNU3m00NOBliT+eeiSG+2H3SDwM + 24bKHm7sAlW4AVWphdLCrl8YxE7cq1+af/9WiIKnYDySMJ0SgQuZSDPXLNItW77HlY5WQ+dx4YQb + 1Of8CogYnygN4pMnAxHswmgwpohk3ExKER8Lef2Wdt5ASf2LjLs81tld1nubFankBNsXfpXDFLhp + sKHbkXN6/OHd0cnl8dHh5ORscjmZTv+c4v2wTg2GBA/MMmCn+AJIy8guE4Ypma8ZsonISSmziv0m + NGenGgqkE1YZRK37FKsEWFCOfyt8v0wGkdO8ipg9DP+2qu6xBSYiFZLnDw+13Vcb3hrpOXrXzimz + qYTN6aqkst2F5NGe3yG5aZReCL5GePPy3u9tnofHLd5+5fE1tpsd5Drlja3DtqP7Tw53bWFTM2gk + 7BoFCUuqbpUrfdJ4c5VX0E818sa2KVLsjWqSrYoSG2Jpnwb9aBctjDa08L2M3w/nZ/nt/wFLtapK + ahTfCpkgMRqGtcKuACQrK5NBUqP0aHpA3ytgQi7IAMEsYfhTgOFrBklEyrLQZe9I3Wf5qv6+itj5 + Rq2QEZMYLyu4VTry3ZE7uKWgY8xzFfM8U8ZGY3/se/NG5rL2zRuMxhcozc7PIK6Io9h7texbtUMY + H+2kwkc7vGAeOw+MZX9VXFvQbCJTrMwC47xDFDYHvKCWPjn9gx1UyAHsLOZyhxS1gN6+f9FE9PaW + nWHzWvuJ48OPk/rzqfl0iaZJ2wPQcCYs0gGJ1sDCESpixJjslp2jjn6IFNDHLjkMai8IqHKRuBL7 + fTdVC29R5RKha5FavPvnL0jFwPc3cvES3EJYDa7SqYf1zQnzAptZ4gUPj7qZLXKS2+YLJ3XGSFmI + f1NIq5xjTP8BAAD//+xZbW/aMBD+K9akVoBICkkIharqqFjVTms1rdo+dF8wsYFsIYkSoPuwH7/n + HCe8lJSOqlUnTa2A2D77fL57zvfkF9Vwah99Gfo8IFe6lckCpRozWOWmmKHODoPZySmmcc1GtcSW + +uSPLNum9XtIvwtZJ1Op+zPbZhcX+2zZnSfbRY9XdnGebhdnp11e3CZWmU0QcLnTdWvKPtTGav25 + ZH1EKho/AsWY1akzAHmLraNA/jdpmgUMqGfbfLXTxhb6CnkBij8iRjkJWu+UYxV8VLft/9Hdsxoi + Eu3f8WXsFRxYEv6kpnheeK4fQe02micw5oUfSMCnzAx+OJ6dcM+T8Uz9XLrfimB/CfM1wHGhRgT8 + 18Bp+tERFws/RaqQlG/byAAjMjrcKL8Y0JEOlisMGK4wjPRHaa4vLYl2B60duYMo3CHV7sBnM2Tg + tM7uJ743YbhLj8cA4TkAkMUca4VjxhmKGg+CuBZ5CR+RHoOe2qjxiYfjOeB4wCaSC0guOHKome2W + fVsqdA28D+Rqclnvz2ut7qpLYshnVSaIvB/d47y7uT4DRk4gjkY4uQr37u6DIczv0gf5Fx5pWylm + iefDwPf0oV37KpXqM/uqbltkYX0YmTIMMBOgI9Gbh9zVNObejGRuIuarB4bEt/CFFGvu9AUxhSso + lv4bp9CicUR5k3y8wsXUD6usUv09hQ/Pom7ht1tB48UBw9oTMCwCDOuZgLFX1ngAGPvmrdXzfW3A + cP8DxisAhvNvAYZbiO4AjIeMR6so+jcL3rKap+mUdRSEFxVDswS+pHgeYm42hjoFPbXR0SgjzRpl + vEOj4B1y85QNLOPKGoUyKgAmVH7oYny1nt+s6tL5dMqpgH33aIVFJic2Kkr2LHWJkziDxxKHdiVO + 200AYuPA7kn32B26DjcaI6ttOCPeMjqddsMQ7kjI9mjoSJvK4kISy2ay3SdKSvKbnhAUNaQzT6JA + vF9RGVUzLfAok64ORZoovNUwksnZXHtkC2soBXfbx1zavCNG3Okce0Pudjyn2TwTp2oW7PXAusB/ + JmdMeaiLRMPImlJznhr3MJlhmVR9mlnEkk2NmPOUTAp5lRN4kOLn5bnhmHFI5MQmK//2Nd6k9d++ + xpuvBd66xkAskbHMmj26VM7PzgMe/pRhOvFjFVpUCGZEdgZ6d1FIoz/MkyiWR3eAI48oVx2D9G4K + vUWk0zL6jdx23skpw2BnhY7+AwAA//9ClYAPR6NLwMv5ImglMVocDcKER6g4AgAAAP//GowuHi2O + aO1i+hVH6KUGvK0HbwoBnZ4OyYLVoDl3KNsAaGF+SSJ0xQC6KTgbdTiLMZytPSPsBSWuyScDXM1b + UKmAVcIAV/PWGJcOY3j7MTWvLLMoPw/SgIQIpZRCl6tAuESFXn4uxIRqGBNaO5BRWiOttNGHmauj + lJtYEZRaXJoDMhjJbvDcTFGJYwnEHWX5JdSbEoYYBjcUaFdGYnFYPnhqCzaPC5qUBk0YgayEOwTV + tUYozoVqAAdPbW0tAAAA//8DAANknFkdJQAA + headers: + Atl-Request-Id: + - f30865ec-4d2d-4762-bd6c-018be1d37964 + Atl-Traceid: + - f30865ec4d2d4762bd6c018be1d37964 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:33 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=259,atl-edge-internal;dur=14,atl-edge-upstream;dur=246,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 074e7b783fa14fe46e209d9cfe89afd6 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15997 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXWXPbNhD+Kxg+phIvSY7MmU7HdZTEreu6spI8OB4PTK5IxCTAAKBkNc5/7y4v + xYcytTtN8iDi2AO73367/uLATcll4kSOBpmAhuS1gDwxA8kLMAMTZ1DwgSpBcyuUNANIhC3A8kGc + cZlCrtLBCrTBM0jmUGowIG17N66MVcWSFF4Gvh/4robPFRi72JRwqnlsRQzOwBFkP5js77/EhYF8 + icvM2tJEnpfAEmKbqE/K5TbnxgguXQnWQ0vW46XwQk8YU4HXKbiGDcqfLGZni2EwmU5wq3bBONEX + x6BvlYm5hVTpTfOGBFcoEfrheBiEw5G/CKZRMI5GoTsNgp/Qb5+cJCMWHa/VPNNJkvdQnx/2z24X + CZhYi5ICh7sHzBQ8zwcsEcYKGVtWCoiBqSVbK33tknSs5DudP9GLSgpKF88v+Ypbrr2VgLVXu7V1 + sD0K/FEw/cWIv+HnAtNeFWiVYIEmF9xcU66qK0tf0ZLnBgZOI3iE76plB04mEDg6zjbHsAL01f86 + cKxAZJWIEieSFb7RuQeTkd8dlFp9whc9M+CtdB3uOoFduGnxDUi2r3onhbWowDi9bULq7/Vdo5Z2 + zTXh1YiizAU6nNx7OeajRtl4ejOePtHd72Sme0mfl7FPQA/HN+H4/7XSZL/GIhoM9m6CvR9h8Kaz + OApvRuGPsNgC/OvXh3AMduE07A6W4uZ9w4GY/fOLhzdH3U2ephpS5JsHRYAPUHnVlP/j5ia7DvZ2 + HbzccRDuPJjuOth/6GdDm80ukVLdIZxoGLRcSSnRIm6e9OXBHhUKRttkqsqTV8KUOd+05YTba26x + 9TSU/fTSbxrCtgV4jTpNhV1/HqqKQl+7+oE2hEydyOqKbKNS+x4xQ+XdRkMDPpb447EmMd4PuyZx + P2w9ld0/2AWqsAdVqYXSwm6eGYJO3Ks7zb/vFaLgKRiPJEynROBGJtLMNat0y5Zvcaej1dB5WDhh + j/qcXwER4yOlQXzyaCCCXRgNphSRjJtZKeJjIa9f08krKGl+kXGHoRpZ6/qs35FKznB84Vc5zIGb + Bpe6/XJOj9+9OTq5PD46nJ2czS5n8/mfc3wf1qnBkOCFRQbsFDuAtIzsMmGYkvmGIZuInJQyq9hv + QnN2qqFAOmGVQcy5j7FKgAXl+LfC98tkFDlNV8TsYfi3VXWHLTARqZA8v3+pnb7a8NbIz9G7dk2Z + TSX0t6uSynYXkid7fofkZlB6Jvga4b7z3p1tnobHLd5+5fE1jpsd5Drlja3DdqL7Tw53Y2FTM2gk + 7AYFCWuqbpUrfdJ4c5VXMEw1ctZ2KFLslWqSrYoSB2JpHwf9pKeF7yX2vlBPGXfD+VF++/+ApVpV + JQ2Kr4VMkNYMw1phVwCSlZXJIKlRejQ/oN8rYEKuyDLBLGH4pwDDbgZJRMqy0GVvSN1H+aL+fRGx + 816tkBGTGC8ruFU68t2JO7qloGPMcxXzPFPGRlN/6nvLRuay9s0bTaYXKM3OzyCuiKPYW7UeWrVD + GJt2UmHTDi+Yx84DY9lfFdcWNJvJFCuzwDjvEIX+ghfU0ienf7CDCjmAncVc7pCiEdDb9y+aiN7e + sjMcXms/8fvw/az++dD8dImmRTsD0OdCWKQDEq2BhV+oiBFjslt2jjqGIVLAEKfkMKi9IKDKVeJK + nPfdVK28VZVLhK5FavHu3r8gFSPf7+XiNbiFsBpcpVMP65sT5gUOs8QLHl51M1vkJLfNFy7qjJGy + EP/NIa1yjjH9BwAA///sWW1v2jAQ/ivWpFaASApJCIWq6qhY1U5rNa3aPnRfMLGBbCGJEqD7sB+/ + 5xwnvJSUjqpVJ02tgNg++3y+e8735BfVcGoffRn6PCBXupXJAqUaM1jlppihzg6D2ckppnHNRrXE + lvrkjyzbpvV7SP0LWSdTqfsz22YXF/ts2Z0n20WPV3Zxnm4XZ6ddXtwmVplNEHC503Vryj7Uxmr9 + uWR9RCoaPwLFmNWpMwB5i62jQP43aZoFDKhn23y108YW+gp5AYo/IkY5CVrvlGMVfFS37f/R3bMa + IhLt3/Fl7BUcWBL+pKZ4XniuH0HtNponMOaFH0jAp8wMfjienXDPk/FM/Vy634pgfwnzNcBxoUYE + /NfAafrRERcLP0UOkZRv28gAIzI63Ci/GNCRDpYrDBiuMIz0R2muLy2JdgetHbmDKNwh1e7AZzNk + 4LTO7ie+N2G4x4/HAOE5AJDFHGuFY8YZihoPgrgWeQkfkR6Dntqo8YmH4zngeMAmkgtILjhyqJnt + ln1bKnQNvA/kanJZ789rre6qS2LIZ3XJF3k/usd5d3N9BoycQByNcHIV7t3dB0OY36UP8i880rZS + zBLPh4Hv6UO79lUq1Wf2Vd22yML6MDJlGGAmQEeiNw+5q2nMvRnJ3ETMVw8MiW/hCynW3OkLYgpX + UCz9N06hReOI8ib5eIWLqR9WWaX6ewofnkXdwm+3gsaLA4a1J2BYBBjWMwFjr6zxADD2zVur5/va + gOH+B4xXAAzn3wIMtxDdARgPGY9WUfRvFrxlVEjTWS2GZglcRpExRA5tDi2jwBplHU7BW21KFLxD + boWygWU8RKOMK2sUa6oAmFD5oYvx1Xp+s9xL59MppwL23aMVFpmc2Kgo2bPUJU7iDB5LDNiVOG03 + AYiNA7sn3WN36DrcaIystuGMeMvodNoNQ7gjIdujoSNtKosLSSybyXafKCnJb3pCUNSQzjyJAvF+ + RWVUzbTAo0y6Oi1povBWw0gmZ3PtkS2soRTcbR9zafOOGHGnc+wNudvxnGbzTJyqWbDXA+sC/5mc + MeWhLhINI2tKzXlq3MNkhmVS9WlmEUs2NWLOUzIp5FVO4EGKn5fnhmPGIZETm6z829d4k9Z/+xpv + vhZ46xoDykTGcGv26FI5PzsPePhThunEj1VoUSGY0dAZGt5FIY3+ME+iWB7dAac8olx1DNK7KfQW + kU7L6Ddy23knpwyDnRU6+g8AAAD//0KVgA9HF0HrgtFSZxCmL7JLHQAAAAD//xpAF4+WOrR2Mf1K + HfRSA1cj0ATe1oM3hYB+SofkzWrQnDuUbQB0SX5JInTFALopuFp7BriKMQMj7OUhrsknA5wewNka + hPsMXQeuZqIxTgl4+zE1ryyzKD8P0oCECKWUQperQLjEhF5Zfgn1JlIhhsENBdqUkVgclg+eUoLN + 3QLzAcTJ1TAmtDoi2wHgpT36MHN1lHITK4JSi0tzQAYjeRY8GVRU4lgC8ThoUho0YQTyOlwcVbMR + im6oBrBra2trAQAAAP//AwC//yv3HSUAAA== + headers: + Atl-Request-Id: + - d80393f0-c8d6-4dbb-b06c-68814984b3ef + Atl-Traceid: + - d80393f0c8d64dbbb06c68814984b3ef + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:33 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=299,atl-edge-internal;dur=14,atl-edge-upstream;dur=286,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 1da1d0b1a01cc131cc1a1d6f87430d82 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA5yQX0vDMBTFv0teXbv8abc2bzLBKTqFdi+KSJrcYjVNSpMOxth3N8Ghe1TfLvf8 + zj2He0CNcLAdNeLozfvB8flcQQvSK/tuU+G1cK4TJjXg0Qypzg1a7P/BVzDuOgkK3Mca9LAC42H8 + 65GVNa2ewEj4nXMHo+usCTDBmKQ4xUm1uXys1g/1j7qZ+iZMiD9HaIZn+CVkwqDtvg8t6/0Q01ba + TiqYmqnT6suCeDDQ5fK0vBI+ghTTLCE0IWVNKGeEE5ZijC9wgIPfhT/AWHf9OctwTQpOMs5YWtLy + m5X9jWltAHGW44zRhWBNU+RFSfKSqJwyKWkBakEEtEJki+YswOuYcNuNIr4w6JP2d1aKuD4gfZoQ + mNdthY7nxZ6sicr1fY2OnwAAAP//AwAr8WPzIAIAAA== + headers: + Atl-Request-Id: + - b7cdaa61-5afe-4562-aefd-97a5684e5692 + Atl-Traceid: + - b7cdaa615afe4562aefd97a5684e5692 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:33 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=184,atl-edge-internal;dur=32,atl-edge-upstream;dur=155,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 89433fd5d072dee7df29a3909871d4bf + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: !!binary | + H4sIAAAAAAAAA+xW32/TMBD+V6o8V0vbVWOqhBBiIE2gCWndXtCETHJZb3PsYDttyrT/nXPixO5a + RjpgvCxP9vl+fOf77uK7CKqCiTSaRYWSN5AYHQ39cvblziug1iWYdQFWRQPPSLYwptCzOE4hI4NU + 3sgDZjjTGpk4EGBiBdrErMB4Ejuv8XhEH7lA67Td3MKadmfz9+dz2gmWA20vBBpDDmxAtmSGqQvF + CdVdND2upsd7xi8FLkFpxr82vuIlwiq2CXXQ3MF4NB29opiTaTWZ/tsobzT+gNc6Z5xTwPFRNT56 + joBVG/FwUh1OniNiDimWeXQ/DHlk+fUEJnUeai5NQi7ZTQo6UVgYlIKkbwd1rsNBitqgSMygQEhg + ILPBSqrbA2udSEHM2hPFI9fgAXYXcTg+3riIjuRzpm9pVwqjmNCcGUjPNk50+c3Y1SxjXMMwWiAo + ppLF+hMsgUCPhr5HMwSe2nZxC2oVXeY5U2u7VPC9RAWkaFRJnnSygJzZE4uVzLVRKK5tzLU2kFuJ + s77v8J47SduzrQYBY/oEMlZyc8l4CR1gWRBgWw1bcKq3ia5CGvRC5rUDcF7o4Z1a2WDeaDYIQ9te + GK9o3HAuV5DWSi88fYSNjeEp5VXb7qDnva12wRQIs1lq52F3rTmKOlxba+fAF/pzI2iL7M57Vrhj + YSLzQgqyrHvl99iYUsxyHQkVmXj7EGvg1ON954Ut5kCvL26WpjYS2HgKcrmEaAdbbWYb7OqT2nbz + hy58IieBtM0k1OybSlsC98/oNQZa3ZAYThQwo1Ny1Oj2ewDbvtQnjYA/e/Q4azvNPjbDVmZmRUy3 + F4B5wZHmvC/pyxvpbwb8f2+kemJmWF2Sh4aUffr34Wiy8Zt+7Hol9On75QNWA6fsZ1Oouk/jDN2I + enw4FQqlQvPgVfKrzDrtjbZ3srDvO7W28TvBVgLNgNnGvwPwExu/iR2PbUn6/7gxZ9egY2uhWydI + ggVeL8j7TwAAAP//vJfBboMwDIZfpeqht8K6tpdJqNph0iax087VBNQCNgqMkHU99N0XxwmE0mms + QTvWjZMvtnF+O+wTW7S68SMZ8QTZV0Qw7GClRhkHtk+qMW+tMZfjYNL31gV91rJHoi6tUVfjoIqK + 7HL6xUFDrqwh16NB9krUlzaNup6etihNzC/RDv0/SwH1Imd1sZfT1at4xherYR0syLEJkfNUCj+n + PH6lzIkrgDwpStGHnLe0Cu7iZA5lGs2V/iUXktfitLbZPYhFE58WKTXZQ7vQ9n7s29iVsyAE0g4D + bnT22vTVo9qtRfbJoHnV/6Lf8rpAdZxBDQPT2FTCwrlxaSOX8Viktt58cKiO3uDLX1LUgjmo6yBK + 9oOHlvN4GP5GTAxrG5d7cynFpuM97B50g6goj+14jUV0ZT4Nf4PfsBp5Fb9hN5GTd5vezgY2KVZz + tCsK/h2qTcQrnPSUyH/aeTOWFIcXHuKASkOhh4+7aWZkUa4SVOhpL+dZNruqXJowI3Ccg2xjvweZ + M6g65aC9jWLQpqYUWoNdFPFwl3YLwgxcBjimb5Qc9eQY8tdoUOdAwbo9fQMAAP//AwBWYTYNTBYA + AA== + headers: + Atl-Request-Id: + - 37e95857-514d-4576-baa6-a78e6ad0c798 + Atl-Traceid: + - 37e95857514d4576baa6a78e6ad0c798 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:34 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=303,atl-edge-internal;dur=15,atl-edge-upstream;dur=289,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 21c72ac11ff6eb2264d42be0fa541413 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of + Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/359] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || + CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] + | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236] | Active, + Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] + | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/234] | Active, + Verified |\n\n*Severity:* High\n\n *Due Date:* Jan. 29, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect + Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* High\n *Due + Date:* Jan. 29, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, + < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < + 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= + 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 + < 7.1.2)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Jan. 29, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '7143' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"15998","key":"NTEST-1586","self":"https://defectdojo.atlassian.net/rest/api/2/issue/15998"}' + headers: + Atl-Request-Id: + - b4134387-e6da-4096-89be-5e60cf114bed + Atl-Traceid: + - b4134387e6da409689be5e60cf114bed + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:35 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=662,atl-edge-internal;dur=12,atl-edge-upstream;dur=651,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 6972c7f69c901e2b0ee8ed2e31176648 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1586 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXWXPbNhD+Kxg+dVKJl45InOl0XEdJnLquKyvJg+PxQOSKREwCLADqaJz/3l1S + lGI7Smt3GnvGxLUHdr/9sP7kwLrkMnEiR4NMQEPyUkCemI7kBZiOiTMoeEeVoLkVSpoOJMIWYHkn + zrhMIVdpZwna4B4kUyg1GJB2ezaujFXFghReB74f+K6GPyswdrYp4Vzz2IoYnI4jyH4wGI9HODGQ + L3CaWVuayPMSWEBsE/VRudzm3BjBpSvBemjJerwUXugJYyrwWgU3sEH5s9nkYtYNBqMhLtUuGCf6 + 5Bj0rTIxt5AqvWnukOAMJUI/7HeDsNvzZ8EoCvpRb+D6o+BH9NsnJ8mIRcdrNU90kuQ91OeHu2tv + JwmYWIuSAoerR8wUPM87LBHGChlbVgqIgakFWyl945J0rORbnT/Si0oKShfPr/mSW669pYCVV7u1 + d3C7Ffi9YPSzEX/BTwWmvSrQKsECTc64uaFcVXNLo2jBcwMdpxE8wXvVsh0nEwgcHWebU1gC+up/ + 7jhWILJKRIkTyQrv6NyDSc8/tBG0G6VWH/GqT8zEVrrOQ53ZNg80+QI9++u+lcJaVGCcnW2C8K/1 + WaMWdsU1AdmIoswFOpzcCwkmqoZff7Tujx7p7jdS1t5kl7C+/xzdCPvrsP//WmlgUYMUDQbDdTD8 + HgbXrcVeuO6F38PiFvmfPz+EY3gIp712YyHW7xpyxOxfXiEa0lRDinzzj0UwaDfwAiqvGl74+tHh + oY3nBzbCgxujQxvjh+40tNmsEinVL4QTdQOccosPR0O4j6/Phs73BO416jRVXz08VhUFLiBSfk8L + QqZOZHUFmCVUat9hYqkGG+dqfaRfi7iJ46cHa+QrCptMVXnyQpgy55ttDVPmNeBliSYePhJ99/n+ + kbgftkNUFu6o7P7GDlSlFkoLu3liEFtxr35p/v1bIQqegvFIwrRKBC5kIs1cs0z3pPgaV1r2DJ2H + 9RHuyiDncyD+owq43xMcAm9wCKPBiCKScTMpRXwq5M1L2nkBJfUvMm6zVudyVe/tVqSSE2xf+DyH + KXDTIEFvR8756dtXJ2fXpyfHk7OLyfVkOv19ivfDOjUYEjwwy4CdI9FLy8guE4YpmW8YkobISSmz + ir0RmrNzDQWyBqsMotb9GnkEWFCOfyt8v0zmkdO8ipg9DP++qu6wBSYiFZLn9w9tu69teGtc5+hd + SziY2VTC7nRVUtkeQvJoOGyR3DRKTwRfI7x7YO/2No/D4x5vv/D4BtvNFnKt8sbW8baj+08Ot21h + UzNoJGz7AQkrqm6VK33WeDPPK+imGlli3xQp9kI1yVZFiQ2xtF8H/eAQLQx2tPCtjN8N5wf55e8R + S7WqSmoUXwqZIDEahrXC5gCSlZXJIKlRejI9ou8cmJBLMkAwSxj+K8Dw0YIkImVZ6LJXpO6DfFZ/ + n0XscqdWyIiVaTRwA9e/pWBjrHMV8zxTxkYjf+R7i+bsde2T1xuMr1CKXV5AXBE3sddq1bXqgDC+ + yUmFb3J4xTx2GRjL/qi4tqDZRKZYkQXG94Ao7A54QS19dv4bO6qw9tlFzOUBKerwvLF/1UTy9pZd + YNNa+4nj43eT+vO++bQJpsn2iafhTFikARKtAYUjVMSIKdktu0Qd3RBLvxsM/VFYe0EAlcvEldjn + u6laessqlwhZi5Ti3T1/RSrG/Z1YvAK3EFaDq3TqYVlzgrrAVpXowBv33cwWOUmVKf6p80QqQvyZ + QqEs4DUSYJM1poNkWJf9cJ7+DQAA///sWN9v2zYQ/lcOCBDImkPPsmxjDvwQJH3YsBbD0u5lHmBF + ZmJtsuToR5qi6/++70iKomKrRZM9Jgkc+Y5HHr873n3UkE7T6pwCMR6LgOj0rjpf0kT8CGOlmIiZ + CKlRhK0iFFMxb+TTVj4VmKuRz1o5P05bOXtn5GMxa+VBKw/c8ZNWPhGTVh628rDdwLxdlx8duV2X + H4NBT26YTB4FkxkjegHS8CCHHHpF9+lYnOffGWcz/v+K82uMnx3jsC/GKIRNUVj4Kt4sI/+qlnSF + CgrhL+guFPw0JDTYKXWrc/O7HQtbntX3iXg9ly+M2Qx1279SvR5t+O+cmAUhHt+0Iw8fg2OR/Wpc + yUcvgPxP/Dt7xnHFgjj3aoKXtYVuavnXeV3EEumVSp8b9Bn66C4pJeO6v3MGXrU0wke7t8si90rT + oEWSj6LNQ1KCiuAOMA0CMIxbhhjHoSGezDXW+7s1gdTBv4wiKnQax5zG0qYx70EW0U2Sck+ttlFF + eYyFSvq4BTupQK+NIaN2E5WS8oLucU/7RLgrx3wKS8weF9EtOwA6Vu8yYvYl1EEDQS8kgaFT9TFv + TGIqY5lFuMkwZcFSSbwlEAGw9zT5R4K/32KVCG7v92kSq1eXhho1DqcS+ODI8gXAHaW3Bp/qrIxu + USqY75+VNQ+Bf+V9apYzyJS0i2Cc5GAGjvOlWGXB4ewwyoB0yc7APVx5C7BFzGvRYbZmfYgMUoWs + 6iJDbuOprNOK0XV8wLijTggG8OQEV5cc8cTfZZ7Fcl+tsvV6vcr4OljRZ7rEzsB6vtCS+F1uUkjv + 9OQxmCO19P9BMzbWI5cE7mzMPFaqJ2E2x5LGgOFa0vr6za9vLt/TmC6u6fS+zqvzFX705CNfS3AI + j6n90Qrn8gfeapmnUuC24CH7Y9zghMweBn+xN6DQMMlGI229Vg5opxSAHvwYkieLYsgIDmjJJ4c+ + Y2azJ8y1Yce/DAw49IdNFHoL0op8IT5qrrx5D7TolHEwxZ5CDk1fKbdGB8Xcag7KuaN5UtAdzZOS + 7mieFHVH86SsW81BYXc03dIOnH5TL3g2DUgLM9KAZFDBfA5cjJHBhBdy4WKMDChG1cDFGFlQHE3T + 8hpUOioGyaLS0TBIFpWOhkGyqHQ0DJJFxdFokCwqHY0GyUkm4LVFJnFKnmnCtzgs9HxXWfAHuhO+ + XcR8DpCY9Q2Ov+kBbxN18zMtwLdXmUA8iscFfVBvC7gAmWLfhAQVM4WmEK7RpM9IR+uoTdhno8N4 + 1GbaZ6MDfNRm1mejI2JtyKN33IFUd7IdTiXBUEd8qMquDjG3migtc9rrBBbEPMIuOu9bVIX064ua + hECXOljAxO7n3T6KK47bu5wS9YWQAg/JRm7aNo+Bv4MUFRLVvPyePm9M9zlfuZmmeNFml2QD8gb/ + 7kBDqnxhqcdRPvvKZZ0D7Ba8b3PZ8JlcNmQuG76My/4HAAD//6JKW5bcri9yuqV1W9ZwtC1bAAAA + AP//7JrZasMwEEV/pRTyKNeL4qUQ0gRa0l/I21iSm5J4wQv9/WosW8Rq1JY+GWrIQ4g09mRi3Vy4 + Z/Gyi5ddvKxF1ifebCLsE292Le2Llx3ntXjZxcvOw8t6uvQHL/s1v1/rCNuMb20JnkdtCxrowGiv + rYGde2oBqQNjK9WwhbHg6muYC7YU3dUp+jge20Yb+eHqZiZptJlJQtsCO2HiphLPpstzwDj2/mZe + iKNGpqKs/xjYojvZAmNIgrzyTeRJJ+uugp0I4zANKRA38yNCM1iTJIlcwsOMiyhLqQgw3NWV8raq + 9vGXlQKflx3nspcGe4a6vPCnq5ZZiZzc99hX/2MI561W27BmRI+CLOB+KjiEUQwigIRnQJOYpRAm + jHrelm/6q8jvuvJf5EvVkRyKIfIkRH3UOF1DPuTIiO9gluootcSZkgqgwZHK+t7Ny3Mp3x72hDpV + gRG7iZDNv2OTQZt/xybDNveOpVJxRUYNDMShf/jv9hcozqJoTu9Vf7QwNlM4lhK7Y1ng7ueuLivx + cJQyxBAcGs4ggpRyVZ90vM3Ald6mJ6hNe6kNqqI2Uo9qfa+HP4f/K0efAAAA//8axAlvtDiih4tH + iyNcxRF6qQFv48GbRECnp0OyYDVogTiUbQC0ML8kEbruHd0UnI05nMUYzlaeEfaCEtcSSgNczVpQ + qYBVwgBXs9YYlw5jeLsxNa8ssyg/D9I2hAillEI3XUC4RIVefi7EhGoYE1o7kFFaI+0X0YeZq6OU + m1gRBBllQrEbvMKwqMSxBOKOMmDnhtxlkRgLmyGGwQ0F2pWRWByWD16gCVt7DFpaDVr2CLIS7hBU + 1xqhOBeqARw8tbW1AAAAAP//AwCOce734zMAAA== + headers: + Atl-Request-Id: + - 280ca78e-37a4-4a69-8e40-d91793d25780 + Atl-Traceid: + - 280ca78e37a44a698e40d91793d25780 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:35 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=312,atl-edge-internal;dur=35,atl-edge-upstream;dur=274,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - e4fe957377af661e38d0343b353d8285 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15998 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xX6VPbRhT/V3b0qZPaunxE1kynQ4mT0FJKjUk+EIZZS8/SBmlX3V35aOB/71td + DhhnCp0GZtBe7/69gy8WbArKYyu0JPAYJMRvGWSx6nGag+qpKIWc9kQBkmomuOpBzHQOmvailPIE + MpH0ViAV3kE8g0KCAq6bt1GptMiXhuGN57qea0v4qwSl59sCziWNNIvA6lnMyPdGk0mAGwXZErep + 1oUKHSeGJUQ6Fp+FTXVGlWKU2xy0g5K0Qwvm+A5TqgSnZXALW6Q/m08v5n1vFIzxqFJBWeEXS6Fu + pYqohkTIbW1DjDuk8F1/2Pf8/sCde0HoDcPByHYD70fU2zVKGiEaFa/YvFBJQ+8gP9fvzG42MahI + ssI4Dk+PiMpplvVIzJRmPNKkYBABEUuyFvLWNtSR4Jcye6YWJWcmXDS7oSuqqXRWDNZOpdZOwebK + cwde8LNif8NPOYa9zFGqgQWKnFN1a2JVLrRZhUuaKehZNeEJ2lXR9qyUIXBklG5PYQWoq3vfszRD + ZBWIEivkJdpoPYLJwG0vCik+o0UvdHhDXbm7CmDrbrP5CiQ7qy450xoZKKuTbZD6W/VWiaVeU2nw + qlheZAwVjh9ZjvGoUDYMNsPgmep+IzKtJV1chu5rVMMfbvzh/yuljn6FRRTojTfe+HsI3LQSB/5m + 4H8PiQ3A7+/34egdwqnfXizZ5kNdAzH6V9f7LwftS5okEhKsN3tJgAaIrKzT/2lxo0MX40MXrw9c + +AcvgkMXk30967JZn5qiVHUIK+x7Ta00IZEsqk36sndmEgW9rVJRZvEbpoqMbpt0wuM11dh66pL9 + /NSvG8KuBTg1O2kSu1oei9K4vlL1ozlgPLFCLUsjG5nqD4gZk96NNySgsaZ+7DeJof161yQeu60r + ZY8vDoHK70BVSCYk09sXuqAld6pO8+97BctpAsoxFKplwvAgZUlqq1Wyq5bv8aQtq761nzh+h/qM + LsAUxidSw9STJx3hHcKoFxiPpFRNCxadMn771ty8gcLMLzxqMVQha13ddSdc8CmOL3SRwQyoqnEp + m5V1fnr57uTs5vTkeHp2Mb2ZzmZ/zNA+zFOFLsEH8xTIOXYAromRS5gigmdbgtWEZYYp0YL8yiQl + 5xJyLCekVIg5+6mq4mFCWe4dc90iXoRW3RUxeuj+XVY9qBYYiIRxmj1+1ExfjXsr5GeoXbM3kU04 + dK/LwqTtISQH43GL5HpQeiH4auKu8z6cbZ6Hxx3efqHRLY6bLeRa5rWs42ai+08Kt2NhnTMoxG8H + BQ5rk90iE/Ks1maRldBPJNas3VAkyBtRB1vkBQ7EXD8N+lFXFr4V2MdEXcl46M5P/OvfI5JIURZm + UHzLeIxlTRHMFbIA4KQoVQpxhdKT2ZH5LoAwvjKSDcxigv8KEOxmEIeGWerb5J1h94m/qr6vQnLV + sWU8JEUSjmzPdu+Ms9HXmYholgqlw8ANXGdZv72pdHIGo8k1UpGrC4hKU5vIe7Hua3GAGJt1XGKz + 9q+JQ648pcmfJZUaJJnyBDMyR/8eIIXugeNV1Gfnv5OjEnOfXESUH6Ayo58zca9rT97dkQscWis9 + cX38YVp9PtafNsBm0/R+s5wzjWXAkFaAwhUyIqZSkjtyhTz6PqZ+3xu7gV9pYQDKV7HNcc63E7Fy + VmXGEbIaS4rz8P21YTEZdmTRGuycaQm2kImDaU0N1BnOsKYcOJOhneo8M1RFgn+qOBkWPv7MIBca + 0IwYyHSD4TA0pE9+OE/+AQAA///sWN9v2zYQ/lcOCBDImkPPsmxjDvwQJH3YsBbD0u5lHmBFZmJt + suToR5qi6/++70iKomKrRZM9Jgkc+Y5HHr873n3UkE7T6pwCMR6LgOj0rjpf0kT8CGOlmIiZCKlR + hK0iFFMxb+TTVj4VmKuRz1o5P05bOXtn5GMxa+VBKw/c8ZNWPhGTVh628rDdwLxdlx8duV2XH4NB + T26YTB4FkxkjegEK8yCHHHp1D6BjcZ5/Z5zN+P8rzq8xfnaMw74YoxA2RWHhq3izjPyrWtIVKiiE + v6C7UPDTkNBgp9Stzs3vdixseVbfJ+L1XL4wZjPUbf9K9Xq04b9zYhaEeHzTjjx8DI5F9qtxJR+9 + API/8e/sGccVC+Lcqwle1ha6qeVf53URS6RXKn1u0Gfoo7uklIzr/s4ZeNXSCB/t3i6L3CtNgxZJ + Poo2D0kJjoI7wDQIwDBuGWIch4Z4MtdY7+/WBFIH/zKKqNBpHHMaS5vGvAdZRDdJyj212kYV5TEW + KunjFuykAr02hozaTVRKygu6x63xE+GuHPMpLDF7XES37ADoWL3LiNmXUAcNBL2QBIZO1ce8MYmp + jGUW4SbDlAVLJfGWQATA3tPkHwn+fotVIri936dJrF5dGmrUOJxK4IMjyxcAd5TeGnyqszK6Ralg + vn9W1jwE/pX3qVnOIFPSLoJxkoMZOM6XYpUFh7PDKAPSJTsD93BhLcAIMa9Fh9ma9SEySBWyqosM + uY2nsk4rRtfxAeOOOiEYwJMTXF1yxBN/l3kWy321ytbr9Srj62BFn+kSOwPr+UJL4ne5SSG905PH + YI7U0v8HzdhYj1wSuLMx81ipnoTZHEsaA4ZrSevrN7++uXxPY7q4ptP7Oq/OV/jRk498LcEhPKb2 + Ryucyx94q2WeSoHbgofsj3GDEzJ7GPzF3oBCwyQbjbT1WjmgnVIAevBjSJ4siiEjOKAlnxz6jJnN + njDXhh3/MjDg0B82UegtSCvyhfioufLmBdGiU8bBFHsKOTR9pdwaHRRzqzko547mSUF3NE9KuqN5 + UtQdzZOybjUHhd3RdEs7cPpNvZ7ZNCAtzEgDkkEF8zlwMUYGE17IhYsxMqAYVQMXY2RBcTRNy2tQ + 6agYJItKR8MgWVQ6GgbJotLRMEgWFUejQbKodDQaJCeZgNcWmcQpeaYJ3+Kw0PNdZcEf6E74dhHz + OUBi1jc4/qYHvE3Uzc+0AN9eZQLxKB4X9EG9LeACZIp9ExJUzBSaQrhGkz4jHa2jNmGfjQ7jUZtp + n40O8FGbWZ+Njoi1IY/ecQdS3cl2OJUEQx3xoSq7OsTcaqK0zGmvE1gQ8wi76LxvURXSry9qEgJd + 6mABE7ufd/sorjhu73JK1BdCCjwkG7lp2zwG/g5SVEhU8/J7+rwx3ed85Waa4kWbXZINyBv8uwMN + qfKFpR5H+ewrl3UOsFvwvs1lw2dy2ZC5bPgyLvsfAAAA//+iSluW3K4vcrqldVvWcLQtWwAAAAD/ + /+yay26DMBBFf6WqlKUpDwdCpShNpFbpL2Q32KapEh7iof5+PZhYxInbqisWllgg8OBhsIcr3eO0 + rNOyTsta2vqVNrtq7FfabNranZa91MtpWadl56FlAx36i5a99e+X2sI27VubsR/QqbXXNcBOA1qA + qIM51AZ0+LYbVFMYZoR20S9VsA20ueq+jfzw9ZzQdcCOaKqN1vLUnTbNy7YvCkA79vGuX4ilRqai + av5p2KI62QBjyHG883USSCXrL6KtiFdxFlMgfh4mhOawJGma+ITHORdJnlERobmrI+W0Kvb5j5EC + 18uWc5lLizlDU535yyRlViEn9zMPNnwl4X00ahjGXJikKI94mAkOcbICEUHKc6DpimUQp4wGwYav + h6fId12Eb/JQcaSAcrQ8CVGXWq9vyZcsGQk99FI91S2xpqQGaLGkMn5Q83JfytP9jlCvLtFiN9my + +Wdswmnzz9iE2+aesWxhXHFaIwOxHxb/w+4M5UmU7fGzHrYW2mYKplJd8FCVOPq1b6paPB1kf2II + Do17EAlLeVfvdJxm5Erv0xPU1nupDaqiGqpqxn+A6zo36+sbAAD//xr49DVa6tDDxaOlDq5SB73U + wNX4M4G38eBNIKCf0iF5sxq0chzKNgC6JL8kEbruHd0UXK08A1zFmIER9vIQ1xJKA5wewNkKhPsM + XQeu5qExTgl4uzE1ryyzKD8P0nCECKWUQjddQLjEhF4ZsFNB7nJEjOXAEMPghgJtykgsDssHL4yE + rUAG5gOIk6thTGh1RLYDwBtU9GHm6ijlJlYEQYa1UDwLXtJYVOJYAvE4aGk1aNkjyOtwcVTNRii6 + oRrArq2trQUAAAD//wMAO5wx+uMzAAA= + headers: + Atl-Request-Id: + - 4ff5f7ff-8d18-4bbf-85bb-508cd0066144 + Atl-Traceid: + - 4ff5f7ff8d184bbf85bb508cd0066144 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:36 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=333,atl-edge-internal;dur=13,atl-edge-upstream;dur=321,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 8b7531b317452184ec57e0570a191a71 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA5yQX0vDMBTFv0te3br8abs2bzLBKTqFdi+KSJrcYjVNSpMOxth3N8Ghe1TfLvf8 + zj2He0CNcLAdNeLozfvB8cVCQQvSK/tuE+G1cK4TJjHg0Qypzg1a7P/BVzDuOgkK3Mca9LAC42H8 + 65GVNa2ewEj4nXMHo+usCTDBmCQ4wfNqc/lYrR/qH3Uz9U2YEH+O0AzP8EvIhEHbfR9a1vshpq20 + nVQwNVOn1ZcF8WCgy+VpeSV8BCmm6ZzQOSlrQjkjnLAEY3yBAxz8LvwBxrrrz1mGa1JwknKWJ6zM + vlnZ35jWBhCnGU4ZzQVrmiIrSpKVRGWUSUkLUDkR0AqR5s1ZgNcx4bYbRXxh0Cft76wUcX1A+jQh + MK/bCh3Piz1ZE5Xr+xodPwEAAP//AwChsT7JIAIAAA== + headers: + Atl-Request-Id: + - 27fe2f1b-9f83-4045-9322-bc366f157577 + Atl-Traceid: + - 27fe2f1b9f8340459322bc366f157577 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:36 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=158,atl-edge-internal;dur=14,atl-edge-upstream;dur=145,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 353d6b4edab9302c92df895fa2d603ed + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: !!binary | + H4sIAAAAAAAAA+xW32/TMBD+V6o8V0vbVWOqhBBiIE2gCWndXtCETHJZb3PsYDttyrT/nXPixO5a + RjpgvCxP9vl+fOf77uK7CKqCiTSaRYWSN5AYHQ39cvblziug1iWYdQFWRQPPSLYwptCzOE4hI4NU + 3sgDZjjTGpk4EGBiBdrErMB4Ejuv8XhEH7lA67Td3MKadmfz9+dz2gmWA20vBBpDDmxAtmSGqQvF + CdVdND2upsd7xi8FLkFpxr82vuIlwiq2CXXQ3MF4NB29opiTaTWZ/tsobzT+gNc6Z5xTwPFRNT56 + joBVG/FwUh1OniNiDimWeXQ/DHlk+fUEJnUeai5NQi7ZTQo6UVgYlIKkbwd1rsNBitqgSMygQEhg + ILPBSqrbA2udSEHM2hPFI9fgAXYXcTg+3riIjuRzpm9pVwqjmNCcGUjPNk50+c3Y1SxjXMMwWiAo + ppLF+hMsgUCPhr5HMwSe2nZxC2oVXeY5U2u7VPC9RAWkaFRJnnSygJzZE4uVzLVRKK5tzLU2kFuJ + s77v8J47SduzrQYBY/oEMlZyc8l4CR1gWRBgWw1bcKq3ia5CGvRC5rUDcF7o4Z1a2WDeaDYIQ9te + GK9o3HAuV5DWSi88fYSNjeEp5VXb7qDnva12wRQIs1lq52F3rTmKOlxba+fAF/pzI2iL7M57Vrhj + YSLzQgqyrHvl99iYUsxyHQkVmXj7EGvg1ON954Ut5kCvL26WpjYS2HgKcrmEaAdbbWYb7OqT2nbz + hy58IieBtM0k1OybSlsC98/oNQZa3ZAYThQwo1Ny1Oj2ewDbvtQnjYA/e/Q4azvNPjbDVmZmRUy3 + F4B5wZHmvC/pyxvpbwb8f2+kemJmWF2Sh4aUffr34Wiy8Zt+7Hol9On75QNWA6fsZ1Oouk/jDN2I + enw4FQqlQvPgVfKrzDrtjbZ3srDvO7W28TvBVgLNgNnGvwPwExu/iR2PbUn6/7gxZ9egY2uhWydI + ggVeL8j7TwAAAP//vJfBboMwDIZfpeqht8K6tpdJqNph0iax087VBNQCNgqMkHU99N0XxwmE0mms + QTvWjZMvtnF+O+wTW7S68SMZ8QTZV0Qw7GClRhkHtk+qMW+tMZfjYNL31gV91rJHoi6tUVfjoIqK + 7HL6xUFDrqwh16NB9krUlzaNup6etihNzC/RDv0/SwH1Imd1sZfT1at4xherYR0syLEJkfNUCj+n + PH6lzIkrgDwpStGHnLe0Cu7iZA5lGs2V/iUXktfitLbZPYhFE58WKTXZQ7vQ9n7s29iVsyAE0g4D + bnT22vTVo9qtRfbJoHnV/6Lf8rpAdZxBDQPT2FTCwrlxaSOX8Viktt58cKiO3uDLX1LUgjmo6yBK + 9oOHlvN4GP5GTAxrG5d7cynFpuM97B50g6goj+14jUV0ZT4Nf4PfsBp5Fb9hN5GTd5vezgY2KVZz + tCsK/h2qTcQrnPSUyH/aeTOWFIcXHuKASkOhh4+7aWZkUa4SVOhpL+dZNruqXJowI3Ccg2xjvweZ + M6g65aC9jWLQpqYUWoNdFPFwl3YLwgxcBjimb5Qc9eQY8tdoUOdAwbo9fQMAAP//AwBWYTYNTBYA + AA== + headers: + Atl-Request-Id: + - 2dbf8a5e-2f13-43f7-9e80-bdc5ba5213e0 + Atl-Traceid: + - 2dbf8a5e2f1343f79e80bdc5ba5213e0 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:36 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=305,atl-edge-internal;dur=19,atl-edge-upstream;dur=287,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - a3ecf719596af998b017df96c3a71903 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group + of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: + [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/360] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || + CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] + | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/235] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Jan. 29, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* High\n *Due + Date:* Jan. 29, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service when + parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - + 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + [(admin) ()|mailto:]\n", "priority": {"name": "High"}}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '1974' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue + response: + body: + string: '{"id":"15999","key":"NTEST-1587","self":"https://defectdojo.atlassian.net/rest/api/2/issue/15999"}' + headers: + Atl-Request-Id: + - 40223e0e-b863-4edc-adf6-50bb7ae7846f + Atl-Traceid: + - 40223e0eb8634edcadf650bb7ae7846f + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:37 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=681,atl-edge-internal;dur=17,atl-edge-upstream;dur=668,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - ccdc5d5cea4d44b84753189f473cdb30 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 201 + message: Created +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1587 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXWXPbNhD+Kxg+phIvSbbMmU7HtZXEreu6spI8OB4PTK5IxCTAAqCOxvnv3SVF + KT6Y1u40owfi2gO7335YfXZgVXKZOJGjQSagIXktIE9MT/ICTM/EGRS8p0rQ3AolTQ8SYQuwvBdn + XKaQq7S3AG1wD5IplBoMSLs5G1fGqmJOCq8D3w98V8OfFRg7W5dwrnlsRQxOzxFkPxgdHBzgxEA+ + x2lmbWkiz0tgDrFN1CflcptzYwSXrgTroSXr8VJ4oSeMqcBrFdzCGuXPZpOLWT8YjfdxqXbBONFn + x6BvlYm5hVTpdXOHBGcoEfrhsB+E/YE/C8ZRMIwG++5oMPoB/fbJSTJi0fFazQudJHkP9fnh9tqb + SQIm1qKkwOHqITMFz/MeS4SxQsaWlQJiYGrOlkrfuiQdK/lO58/0opKC0sXza77glmtvIWDp1W7t + HNxsBf4gGP9kxF/wY4Fprwq0SrBAkzNubilX1Y2lUTTnuYGe0wie4L1q2Z6TCQSOjrP1KSwAffW/ + 9BwrEFklosSJZIV3dB7AZOB3bQTtRqnVJ7zqCzOxka7zUGe2zQNNvkLP7rrvpLAWFRhna5sg/Gt9 + 1qi5XXJNQDaiKHOBDicPQoKJquE3HK+G42e6+42UtTfZJmzoE9zD4Soc/r9WGljUIEWDwd4q2Pse + BletxUG4GoTfw+IG+V++PIZj2IXTQbsxF6v3DTli9i+vEA1pqiFFvvnHIhi1G3gBlVcNLzx9dK9r + Y79jI+zcGHdtHDx2p6HNZpVIqX4hnKgf4JRbfDgawn1+fTZ0viNwr1Gnqfrq4ZGqKHABkfIHWhAy + dSKrK8AsoVL7HhNLNdg4V+sj/VrETRw/P1ojX1HYZKrKk2NhypyvNzVMmdeAlyWaeOqRCMNB+0g8 + DFsXlYVbKnu4sQVVqYXSwq5fGMRW3Ktfmn//VoiCp2A8kjCtEoELmUgz1yzSHSm+xZWWPUPncX2E + 2zLI+Q0Q/1EFPOwJusAbdGE0GFNEMm4mpYhPhbx9TTvHUFL/IuM2a3Uul/XedkUqOcH2hd/kMAVu + GiTozcg5P3335uTs+vTkaHJ2MbmeTKe/T/F+WKcGQ4IHZhmwcyR6aRnZZcIwJfM1Q9IQOSllVrFf + hObsXEOBrMEqg6h1nyKPAAvK8e+E75fJp8hpXkXMHoZ/V1X32AITkQrJ84eHNt3XJrw1rnP0riUc + zGwqYXu6KqlsO5E83m+R3DRKLwRfI7x9YO/3Ns/D4w5vP/P4FtvNFnKt8sbW0aaj+08Ot21hUzNo + JGz7AQlLqm6VK33WeHOTV9BPNbLErilS7Fg1yVZFiQ2xtE+DftRFC6MtLXwr4/fD+VF+/TtkqVZV + SY3iayETJEbDsFbYDYBkZWUySGqUnkwP6XsDTMgFGSCYJQz/CjB8tCCJSFkWuuwNqfsoX9XfVxG7 + 3KoVMmJzjGEW+e7A9e8o3hjuXMU8z5Sx0dgf+968OX5du+UN9vwrFGSXFxBXRE/srVr2reoQxmc5 + qfBZDq+Yxy4DY9kfFdcWNJvIFIuywBB3iML2gBfU0mfnv7HDCsufXcRcdkhRk+cd+FdNMO/u2AX2 + rbWfOD56P6k/H5pPm2OabF55Gs6ERSYg0RpTOEJFjMiS3bFL1NEPkdz6wV4QHNReEEblInEltvpu + qhbeosolotYiq3j3z1+RiqHfxJrk4iW4hbAaXKVTD0ubE9wFtqtECR4edTNb5CRXpwq/dbJIzxTS + KucYyhX9a6vdPwYp/gYAAP//7FnbTttAEP2VFVJREsXGsZ0rQjQoRVCJqipqH+gLG++auHXiyHHC + Q/n4nllvlsRkaUvVKg8IlMvOXsYzs2fOTHhKwXMt8xWKM+aw2jktbLLDtDjG4rbr1y3G064+8oM2 + HThEYl3JJtlGUWL2QDZtrC06aCij0BhrjJaSjRCBGHyP28n8fpMBoNpsO7rXf5OWa8JbfQ/cf/w8 + UHykcARX/FvGCGGh6y/XsRpe6rue+tlnZg0EGca/4s15kb9xJEJHbfF3Ebdt+MZ1tsxhxvMklQAD + WZr68K44VuG1MXH0CFINgIk5NgN66bvvJtkRF6tkAaADw2j7HeBXTEZGsKzTGjnvVm1+y5B7GamK + mlJn21z7XCtCPhfG5wvt8/sJYR/HfrM7BtIdQY60HeU8ppMoSQOT5svCheW/PO5/BfBJpQa5bdGa + 1Q82wggzPiqiKtZiSGGZEyPe2AAzJ1iNQYSkupKDqjGbGwMLkBuLIF9Jh9JXEj2dWEpjvqKEu+El + wrABvVBw4eswirDfAAlinCaR9uBVorKCduBnRRzI5toz5VOxLGcpBLlrPH85nfOooDUfMpaoLwxA + vkqEFFux9AkXCmwKR/9JhOil84zyAAV4jYtpMquzWv1higAusgGC9ikXbxs6WqVitmzcCm0CU5xR + mi5yEBNVgVAFUZkamsKpIvDMHlWBjRF7hhGvzWObaKviPKPMFrOs8gteFDyaUOos2ctiOZ1yolYH + ttxP1qYSKctfyL/oDp7yKKLC7lKcdFsAQu9NMJSdXmfcCbnjxX7XCWPedvr9rueITixkNx6HMiCu + Zlbi2HLt4DdXSgqZoRB0n0hnnmepeLuhMqgcHfBsF0f5Q7pgg2oarVl3EoI4EP5YCt7p9rgMeF/E + POz3ojHv9KOw1ToVJ2oXPOsb/xz/5TpnymeavjhOObRwlwvnHiZzfJd4kVteVrKpM+d8QSbFepUL + UO7g48WZE7rzGTHmakdo/zWutpT2X+NqS2rfNQZYibLRoUuaCxX87Czls+9ytpgkc3W1iMWV3ZUS + 727AejH73TLP5vLoBkgUUR9A30Hqi0Jqbjodo9vEu4uh0Aa/oa1HEtoab6GB+Fznh1c42sPAe4Wj + /6HxKxzZ4KiKGobmGVYE1e/KK/iDfu/Rnz0cmBVc/4xV3cXK56wwZiV6/m6gtHVEPRuzJVTYKfBs + zDboHfwEAAD//8IhAW86puaVZRbl50GahxChlFLoHCqES1To5edCTKiGMaG1AxmlNdL0rz7MXB2l + 3MSKoNTi0hyQwUh2gwcMi0ocSyDuKMsvod48BcQwuKFAuzISi8PyweOtsKkE0EwJaBQTZCXcIaiu + NUJxLlQDOHhqa2sBAAAA//8DAHg6ZrGyHwAA + headers: + Atl-Request-Id: + - 4f077939-7f23-46e5-83d9-69da48a7ed15 + Atl-Traceid: + - 4f0779397f2346e583d969da48a7ed15 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:37 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=281,atl-edge-internal;dur=13,atl-edge-upstream;dur=268,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - e5c85f349a5c18f5462bc73d1dc1807b + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15999 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXWXPbNhD+Kxg+phIvSbbMmU7HtZXEreu6spI8OB4PTK5IxCTAAqCOxvnv3SVF + KT6Y1u40owfi2gO7335YfXZgVXKZOJGjQSagIXktIE9MT/ICTM/EGRS8p0rQ3AolTQ8SYQuwvBdn + XKaQq7S3AG1wD5IplBoMSLs5G1fGqmJOCq8D3w98V8OfFRg7W5dwrnlsRQxOzxFkPxgdHBzgxEA+ + x2lmbWkiz0tgDrFN1CflcptzYwSXrgTroSXr8VJ4oSeMqcBrFdzCGuXPZpOLWT8YjfdxqXbBONFn + x6BvlYm5hVTpdXOHBGcoEfrhsB+E/YE/C8ZRMIwG++5oMPoB/fbJSTJi0fFazQudJHkP9fnh9tqb + SQIm1qKkwOHqITMFz/MeS4SxQsaWlQJiYGrOlkrfuiQdK/lO58/0opKC0sXza77glmtvIWDp1W7t + HNxsBf4gGP9kxF/wY4Fprwq0SrBAkzNubilX1Y2lUTTnuYGe0wie4L1q2Z6TCQSOjrP1KSwAffW/ + 9BwrEFklosSJZIV3dB7AZOB3bQTtRqnVJ7zqCzOxka7zUGe2zQNNvkLP7rrvpLAWFRhna5sg/Gt9 + 1qi5XXJNQDaiKHOBDicPQoKJquE3HK+G42e6+42UtTfZJmzoE9zD4Soc/r9WGljUIEWDwd4q2Pse + BletxUG4GoTfw+IG+V++PIZj2IXTQbsxF6v3DTli9i+vEA1pqiFFvvnHIhi1G3gBlVcNLzx9dK9r + Y79jI+zcGHdtHDx2p6HNZpVIqX4hnKgf4JRbfDgawn1+fTZ0viNwr1Gnqfrq4ZGqKHABkfIHWhAy + dSKrK8AsoVL7HhNLNdg4V+sj/VrETRw/P1ojX1HYZKrKk2NhypyvNzVMmdeAlyWaeOqRCMNB+0g8 + DFsXlYVbKnu4sQVVqYXSwq5fGMRW3Ktfmn//VoiCp2A8kjCtEoELmUgz1yzSHSm+xZWWPUPncX2E + 2zLI+Q0Q/1EFPOwJusAbdGE0GFNEMm4mpYhPhbx9TTvHUFL/IuM2a3Uul/XedkUqOcH2hd/kMAVu + GiTozcg5P3335uTs+vTkaHJ2MbmeTKe/T/F+WKcGQ4IHZhmwcyR6aRnZZcIwJfM1Q9IQOSllVrFf + hObsXEOBrMEqg6h1nyKPAAvK8e+E75fJp8hpXkXMHoZ/V1X32AITkQrJ84eHNt3XJrw1rnP0riUc + zGwqYXu6KqlsO5E83m+R3DRKLwRfI7x9YO/3Ns/D4w5vP/P4FtvNFnKt8sbW0aaj+08Ot21hUzNo + JGz7AQlLqm6VK33WeHOTV9BPNbLErilS7Fg1yVZFiQ2xtE+DftRFC6MtLXwr4/fD+VF+/TtkqVZV + SY3iayETJEbDsFbYDYBkZWUySGqUnkwP6XsDTMgFGSCYJQz/CjB8tCCJSFkWuuwNqfsoX9XfVxG7 + 3KoVMmJzjGEW+e7A9e8o3hjuXMU8z5Sx0dgf+968OX5du+UN9vwrFGSXFxBXRE/srVr2reoQxmc5 + qfBZDq+Yxy4DY9kfFdcWNJvIFIuywBB3iML2gBfU0mfnv7HDCsufXcRcdkhRk+cd+FdNMO/u2AX2 + rbWfOD56P6k/H5pPm2OabF55Gs6ERSYg0RpTOEJFjMiS3bFL1NEPkdz6wV4QHNReEEblInEltvpu + qhbeosolotYiq3j3z1+RiqHfxJrk4iW4hbAaXKVTD0ubE9wFtqtECR4edTNb5CRXpwq/dbJIzxTS + KucYyhX9a6vdPwYp/gYAAP//7FnbTttAEP2VFVJREsXGsZ0rQjQoRVCJqipqH+gLG++auHXiyHHC + Q/n4nllvlsRkaUvVKg8IlItnZy8zs2fOTHhKwXMt8xWKM+aw2jkpNtlhWhxDue36dYvxtKuP/KBN + Cw6RWFeySbZRlJg9kE0ba4sOGsoo9Iw1RkvJRohAPHyP28n8fpMBoNpsO7rXf5OWa8JbfQ/cf3we + bHykcARX/FvGCGGx11/qsRpe6rtO/eyZWQNBhudf8ea8yN9YEqGjpvi7iNs2fOM6W+Yw43mSSoCB + LE19eFccq/DaGDh6BKkGwMQsmwG99N13k+yIi1WyANCBYbT9DvArJiMjWNZpjZx3qya/Zci9jLaK + mlJn21z7XG+EfC6Mzxfa5/cTwj6O+WZ3DKQ7ghxpO8p5TCtRkgYmzZeFC8t/eZz/CuCTSg1y26I1 + qx9shBFGfFREVazFkMIyJ0a8MQFGTqCNhwhJdSUHVWM2Nx4sQG4sgnwlHUpfSfR0YCmN+YoS7oaX + CMMG9ELBha/DKMJ8AySIcZpE2oNXicoK2oGfFXEgm2vPlKdiWc5SCHLXeP5yOudRQTofMpaoLwxA + vkqEFFux9AkXCmwKS/9JhGjVeUZ5gAK8xsU0mdVZrf4wRQAX2QBB+5SLtw0drVIxWzZuhZvZuMjB + P1ShQYVCdagp1yqC0BROFYFn0/BsjNgzjHhtHttAWxXnmc1sMcsqv+BFwaMJpc6SvSyW0yknanVg + y/1kbSqRsvyF/Ivu4CmPIirsLsVJtwUg9N4EQ9npdcadkDte7HedMOZtp9/veo7oxEJ243EoA+Jq + RhPLlrqD39SUFDJDIeg+0Z55nqXi7caWQeVogWe7OMof0gUbVMNIZ91JCOJA+GMpeKfb4zLgfRHz + sN+LxrzTj8JW61ScqFlw1jf+Of5LPWfKZ5q+OE75aOEuF849TOb4LvEit7ysZFNnzvmCTAp9lQtQ + 7uDjxZkTuvMZMeZqR2j/d1xtKe3/jqstqX3fMVBMlI0OXdJcqOBnZymffZezxSSZq6tFLK7srpRA + eAPWi9Hvlnk2l0c3QKKI+gD6DlJfFFJz02kZ3SbeXQyFNvgNbT2S0NZ4Cw3E5zo/vMLRHgbeKxz9 + jx2/wpENjqqoYWieYUXY+l15BX/Q7z36s4cFs4Lrn7Gqs1j5nBXGrETP3w2Uto6oZ2O2hAo7BZ45 + ckUQ9A5+AgAA///CIQFvOqbmlWUW5edBmocQoZRS6BwqhEtU6OXnQkyohjGhtQMZpTXS9K8+zFwd + pdzEiqDU4tIckMFIdoMHDItKHEsg7ijLL6HePAXEMLihQLsyEovD8sHjrbCpBNBMCWgUE2Ql3CGo + rjVCcS5UAzh4amtrAQAAAP//AwDNg8Y6sh8AAA== + headers: + Atl-Request-Id: + - fbf1c9e1-3b13-411d-9b12-05594b9d0a7f + Atl-Traceid: + - fbf1c9e13b13411d9b1205594b9d0a7f + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:38 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=254,atl-edge-internal;dur=14,atl-edge-upstream;dur=240,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 5ee8648a6ba691541d5e1c66d605d835 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"description": "Event test_added has occurred.", "title": "Test created + for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, + "url_ui": "http://localhost:8080/test/90", "url_api": "http://localhost:8080/api/v2/tests/90/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 90, "url_ui": "http://localhost:8080/test/90", "url_api": "http://localhost:8080/api/v2/tests/90/"}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '844' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.41.0 + X-DefectDojo-Event: + - test_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"844\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.41.0\"\n ],\n \"X-Defectdojo-Event\": + [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.7:54808\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for + Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/90\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/90/\\\", \\\"product_type\\\": {\\\"name\\\": + \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 90, \\\"url_ui\\\": \\\"http://localhost:8080/test/90\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/90/\\\"}}\",\n \"files\": + {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added + has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": + \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"product\": + {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": + \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n + \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": + \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": + 90,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/90/\",\n + \ \"url_ui\": \"http://localhost:8080/test/90\"\n },\n \"title\": + \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/tests/90/\",\n \"url_ui\": + \"http://localhost:8080/test/90\",\n \"user\": null\n }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Mon, 30 Dec 2024 17:14:38 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": + null, "url_ui": "http://localhost:8080/test/90", "url_api": "http://localhost:8080/api/v2/tests/90/", + "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", + "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": + "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": + "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter + Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": + "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": + 90, "url_ui": "http://localhost:8080/test/90", "url_api": "http://localhost:8080/api/v2/tests/90/"}, + "finding_count": 5, "findings": {"new": [{"id": 232, "title": "Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": + "http://localhost:8080/finding/232", "url_api": "http://localhost:8080/api/v2/findings/232/"}, + {"id": 233, "title": "2222Regular Expression Denial of Service - (Negotiator, + <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/233", + "url_api": "http://localhost:8080/api/v2/findings/233/"}, {"id": 234, "title": + "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= + 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= + 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= + 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": + "High", "url_ui": "http://localhost:8080/finding/234", "url_api": "http://localhost:8080/api/v2/findings/234/"}, + {"id": 235, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "High", "url_ui": "http://localhost:8080/finding/235", "url_api": + "http://localhost:8080/api/v2/findings/235/"}, {"id": 236, "title": "2222Remote + Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 + < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 + < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 + < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", "severity": + "High", "url_ui": "http://localhost:8080/finding/236", "url_api": "http://localhost:8080/api/v2/findings/236/"}], + "reactivated": [], "mitigated": [], "untouched": []}}' + headers: + Accept: + - application/json + Accept-Encoding: + - gzip, deflate + Auth: + - Token xxx + Connection: + - keep-alive + Content-Length: + - '2502' + Content-Type: + - application/json + User-Agent: + - DefectDojo-2.41.0 + X-DefectDojo-Event: + - scan_added + X-DefectDojo-Instance: + - http://localhost:8080 + method: POST + uri: http://webhook.endpoint:8080/post + response: + body: + string: "{\n \"args\": {},\n \"headers\": {\n \"Accept\": [\n \"application/json\"\n + \ ],\n \"Accept-Encoding\": [\n \"gzip, deflate\"\n ],\n \"Auth\": + [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n + \ ],\n \"Content-Length\": [\n \"2502\"\n ],\n \"Content-Type\": + [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.41.0\"\n ],\n \"X-Defectdojo-Event\": + [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.7:54810\",\n + \ \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": + \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated + 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/90\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/90/\\\", \\\"product_type\\\": + {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": + {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": + {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": + \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 90, \\\"url_ui\\\": \\\"http://localhost:8080/test/90\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/90/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 232, \\\"title\\\": \\\"Regular + Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/232\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/232/\\\"}, {\\\"id\\\": 233, \\\"title\\\": + \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", + \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/233\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/233/\\\"}, {\\\"id\\\": + 234, \\\"title\\\": \\\"Remote Code Execution - (Pg, < 2.11.2 || >= + 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= + 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= + 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= + 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/234\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/234/\\\"}, {\\\"id\\\": + 235, \\\"title\\\": \\\"Regular Expression Denial of Service - (Fresh, < + 0.5.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/235\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/235/\\\"}, {\\\"id\\\": + 236, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 || >= + 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= + 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= + 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= + 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/236\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/236/\\\"}], \\\"reactivated\\\": + [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n + \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has + occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st + Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n + \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": + 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n + \ \"id\": 232,\n \"severity\": \"High\",\n \"title\": + \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": + \"http://localhost:8080/api/v2/findings/232/\",\n \"url_ui\": \"http://localhost:8080/finding/232\"\n + \ },\n {\n \"id\": 233,\n \"severity\": \"High\",\n + \ \"title\": \"2222Regular Expression Denial of Service - (Negotiator, + <= 0.6.0)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/233/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/233\"\n },\n + \ {\n \"id\": 234,\n \"severity\": \"High\",\n \"title\": + \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= + 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= + 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= + 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/234/\",\n \"url_ui\": + \"http://localhost:8080/finding/234\"\n },\n {\n \"id\": + 235,\n \"severity\": \"High\",\n \"title\": \"Regular Expression + Denial of Service - (Fresh, < 0.5.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/235/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/235\"\n },\n + \ {\n \"id\": 236,\n \"severity\": \"High\",\n \"title\": + \"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || + \ >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 + || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 + || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n + \ \"url_api\": \"http://localhost:8080/api/v2/findings/236/\",\n \"url_ui\": + \"http://localhost:8080/finding/236\"\n }\n ],\n \"reactivated\": + [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n + \ \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n + \ \"url_ui\": \"http://localhost:8080/product/2\"\n },\n \"product_type\": + {\n \"id\": 2,\n \"name\": \"ebooks\",\n \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n + \ \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": + {\n \"id\": 90,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/90/\",\n + \ \"url_ui\": \"http://localhost:8080/test/90\"\n },\n \"title\": + \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/90/\",\n + \ \"url_ui\": \"http://localhost:8080/test/90\",\n \"user\": null\n }\n}\n" + headers: + Access-Control-Allow-Credentials: + - 'true' + Access-Control-Allow-Origin: + - '*' + Content-Type: + - application/json; charset=utf-8 + Date: + - Mon, 30 Dec 2024 17:14:38 GMT + Transfer-Encoding: + - chunked + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA5yQX0vDMBTFv0te3br8abs2bzLBKTqFdi+KSJrcYjVNSpMOxth3N8Ghe1TfLvf8 + zj2He0CNcLAdNeLozfvB8cVCQQvSK/tuE+G1cK4TJjHg0Qypzg1a7P/BVzDuOgkK3Mca9LAC42H8 + 65GVNa2ewEj4nXMHo+usCTDBmCQ4wfNqc/lYrR/qH3Uz9U2YEH+O0AzP8EvIhEHbfR9a1vshpq20 + nVQwNVOn1ZcF8WCgy+VpeSV8BCmm6ZzQOSlrQjkjnLAEY3yBAxz8LvwBxrrrz1mGa1JwknJWJMsy + /2Zlf2NaG0CcZjhlNBesaYqsKElWEpVRJiUtQOVEQCtEmjdnAV7HhNtuFPGFQZ+0v7NSxPUB6dOE + wLxuK3Q8L/ZkTVSu72t0/AQAAP//AwDwqwPDIAIAAA== + headers: + Atl-Request-Id: + - 8ca3d81a-84bf-42ac-85e8-3af90a8d8ecd + Atl-Traceid: + - 8ca3d81a84bf42ac85e83af90a8d8ecd + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:38 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=151,atl-edge-internal;dur=14,atl-edge-upstream;dur=138,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 97cb89a8d2b2fe30fa6c9c0b672e7f90 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15997 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXWXPbNhD+Kxg+phIvSY7MmU7HdZTEreu6suw8OB4PTK5IxCTAAqCOxvnv3SVF + KT6Y1u409gNx7YHdbz+sPjuwKrlMnMjRIBPQkLwVkCemJ3kBpmfiDAreUyVoboWSpgeJsAVY3osz + LlPIVdpbgDa4B8kUSg0GpN2cjStjVTEnhdeB7we+q+HPCoydrUs41Ty2Igan5wiyH4z291/jxEA+ + x2lmbWkiz0tgDrFN1CflcptzYwSXrgTroSXr8VJ4oSeMqcBrFdzCGuVPZpOzWT8YjUe4VLtgnOiz + Y9C3ysTcQqr0urlDgjOUCP1w2A/C/sCfBeMoGEaD0B0HwQ/ot09OkhGLjtdqXugkyXuozw+3195M + EjCxFiUFDlcPmCl4nvdYIowVMrasFBADU3O2VPrWJelYyXOdP9OLSgpKF8+v+YJbrr2FgKVXu7Vz + cLMV+INg/JMRf8GPBaa9KtAqwQJNzri5pVxVN5ZG0ZznBnpOI3iE96ple04mEDg6ztbHsAD01f/S + c6xAZJWIEieSFd7ReQCTgd+1EbQbpVaf8KovzMRGus5Dndk2DzT5Cj27655LYS0qMM7WNkH41/qs + UXO75JqAbERR5gIdTh6EBBNVw284Xg3Hz3T3Gylrb7JN2NCnCgiHq3D4/1ppYFGDFA0Ge6tg73sY + XLUWB+FqEH4Pixvkf/nyGI5hF04H7cZcrC4acsTsX14hGtJUQ4p8849FMGo38AIqrxpeeProXtfG + 646NsHNj3LWx/9idhjabVSKl+oVwon6AU27x4WgI9/n12dD5jsC9Rp2m6quHh6qiwAVEyh9oQcjU + iayuALOESu0FJpZqsHGu1kf6tYibOH5+tEa+orDJVJUnb4Qpc77e1DBlXgNelmjiqUdiuB+2j8TD + sHVRWbilsocbW1CVWigt7PqFQWzFvfql+fdvhSh4CsYjCdMqEbiQiTRzzSLdkeJ7XGnZM3Qe10e4 + LYOc3wDxH1XAw56gC7xBF0aDMUUk42ZSivhYyNu3tPMGSupfZNxmrc7lst7brkglJ9i+8JscpsBN + gwS9GTmnx+fvjk6uj48OJydnk+vJdPr7FO+HdWowJHhglgE7RaKXlpFdJgxTMl8zJA2Rk1JmFftF + aM5ONRTIGqwyiFr3KfIIsKAc/074fpkMIqd5FTF7GP5dVd1jC0xEKiTPHx7adF+b8Na4ztG7lnAw + s6mE7emqpLLtQvJoz2+R3DRKLwRfI7x9YO/3Ns/D4w5vP/P4FtvNFnKt8sbW4aaj+08Ot21hUzNo + JGz7AQlLqm6VK33SeHOTV9BPNbLErilS7I1qkq2KEhtiaZ8G/aiLFkZbWvhWxu+H86P8+v+ApVpV + JTWKb4VMkBgNw1phNwCSlZXJIKlRejQ9oO8NMCEXZIBgljD8KcDw0YIkImVZ6LJ3pO6jfFV/X0Xs + cqtWyIhJjJcV3Cod+e7IHdxR0DHmuYp5niljo7E/9r15I3Nd++YNRuMrlGaXZxBXxFHsvVr2reoQ + xrc5qfBtDq+Yxy4DY9kfFdcWNJvIFCuzwDh3iML2gBfU0ienv7GDCjmAncVcdkhRp+ft+1dNRO/u + 2Bk2r7WfOD68mNSfD82nTTRNNk89DWfCIh2QaA0sHKEiRozJ7tgl6uiHSAF97JLDoPaCgCoXiSux + 33dTtfAWVS4Ruhapxbt//opUDHx/KxcvwS2E1eAqnXpY35wwL7BnJV7w8Kib2SInuV2+cFJnjJSF + +DeFtMo5xvRvAAAA///sWW1v2jAQ/ivWpFaASApJCIWq6qhY1U5rNa3aPnRfMLED2UISJYTuw378 + nnNMeCmUjqpVJ00gILbPPp/vnvM9/KIaTu2jL6OAh+RKtzKdoVRjBqvclDPU2WE4PTnFNK7ZqG6x + pT75I8u2af0eku1M1slU6prMNtnFxT5bdufJdtHjlV2cp9vF2WmXF7eJtc0mCLi503Vryj7Uxmr9 + XLI+IhWNH4FizOrUGYC8xVZRYP4aN80SBtSzbb7aaWMLfYW8AMUfMaOcBK13yrEKPqqb9v/o7lkN + EYn27/gy9goOLAl/UlM8LzxXj6B2G+cpjHkRhBLwKQuDH46mJ9zzZDJVPxfutyTYX8B8DXBcqhED + /zVwmkF8xMUsyJAqJOXbNjKAT0aHG80vBnSkg8UKA4YrDCP9UZrrS0uq3UFrR+4gSnfItDvw6RQZ + OKuz+3HgjRluzqMRQDgHALKEY61oxDhDUeNBENciL+U+6THoqY0an3g0ygHHAzaWXEByxpFDzWK3 + 7NtCoWvgfSiXk8tq/7yk6i67JIZ8VmWCmPejezTvbq7OgJFjiKMRTq7Cvbv7YAjzu/RB/oVH2laG + WZJ8GAaePrTrQKVSfWZf1W2LLKwPo1CGAWZCdKR685C7miTcm5LMTcwC9cCQ+GaBkGLFnb4gpnAF + xdJ/4xRaNIkpb5KPV7iYBFGVVaq/J/Dhadwt/XYjaLw4YFh7AoZFgGE9EzD2yhoPAGPfvLV8vq8N + GO5/wHgFwHD+LcBwS9EdgPGQ8WiVRf96wbut5mk6yzXPNIXLKDqH6Jj1oSUpttbhlPTUWkdjm0Rj + G+/QKHmHuXm2DdzGlTVKZVbq9/UqTkXHmGqTokbM8smEUwH77tEKi0xObFSc7lnqEidxBo8lDu1K + nLabAMTGgd2T7rE7dB1uNHyrbTg+bxmdTrthCNcXsu0PHWlTWVxKYtlCtvtESUl+0xOCooZ05mkc + ivdLKqNqpgUeJczVoUgThbcaRjJz0tb2bWENpeBu+5hLm3eEz53OsTfkbsdzms0zcapmwV4PrAu8 + CzljwiNdJBpG0ZSZeWbcw2SGZVL1aRYRSzY1Es4zMinkVU7gYYafl+eGYyYRkRPr5Pvb13idvX/7 + Gq+z/29dY0CZKDhlzR5dKudn5yGPfsooGweJCi0qBAsiu0DDuzii0R/yNE7k0R3gyCPKVccg/QWF + 3jLSaRn9j9xm3snZhsHOEh39BwAA//9ClcA1x2ECL+eLoJXEaHE0CBMeoeIIAAAA//8ajC4eLY5o + 7WL6FUfopQa8rQdvGgGdng7JgtWgqXUo2wBoYX5JInTFALopOBt1OIsxnK09I+wFJa7JJwNczVtQ + qYBVwgDuZTQJY1w6jOHtx9S8ssyi/DxIGxEilFIKXa4C4RIVevm5EBOqYUxo7UBGaY200kYfZq6O + Um5iRVBqcWkOyGAku8FzM0UljiUQd5Tll1BvShhiGNxQoF0ZicVh+eCpLdisLWhSGjRhBLIS7hBU + 1xqhOBeqARw8tbW1AAAAAP//AwBczEFZHSUAAA== + headers: + Atl-Request-Id: + - 4192167c-e4b7-49e6-9e55-ba26460df8cb + Atl-Traceid: + - 4192167ce4b749e69e55ba26460df8cb + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:39 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=275,atl-edge-internal;dur=13,atl-edge-upstream;dur=263,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 91bf791ffbfaf4ae86600c8cbd9258e9 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA5yQUUvDMBSF/0teXbubpN3avMkEp+gU2r0oImlzi9U0KU06GGP/3RSH7lF9u9zz + nXsO90Aq6XA7aCLIm/e9E/O5wgZrr+y7jaXX0rlWmtigJzOiWtdruf8HX+Cwa2tU6D7WqPsVGo/D + X4+srGn0iKbG3zl3OLjWmgBTABpDDFGxuXws1g/lj7oZuypMRDxP0Axm8BIysdd234WW5b6f0lba + jiqYqrHV6stCRDCw5fK0vJJ+AhmwJKIsonlJmeBUUB4DwAUEOPhd+AMOZdudsxxKmgmaCJ7HS+Df + bN3dmMYGEJIUEs4WkldVlmY5TXOqUsbrmmWoFlRiI2WyqM4CvJ4SbttBTi8M+qj9na3ltD4QfZoI + mtdtQY7nxZ6smZTr+5IcPwEAAP//AwDhjs6NIAIAAA== + headers: + Atl-Request-Id: + - 44e53aec-25aa-4ae2-bcd4-fe76445d7374 + Atl-Traceid: + - 44e53aec25aa4ae2bcd4fe76445d7374 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:39 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=163,atl-edge-internal;dur=19,atl-edge-upstream;dur=144,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - afa02db93ac1ccbed0c06cfcaac2bbab + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15997 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xX23LbNhD9FQwfU4k3SY7MmU7HdZTEreu6spI8OB4PTK5IxBTAAKAujfPv3SVF + KpbNTO1OYz8Qt71g9+zB6osD64LLxIkcDTIBDclrAXliepIvwPRMnMGC91QBmluhpOlBIuwCLO/F + GZcp5CrtLUEb3INkCoUGA9Juz8alsWoxJ4XXge8HvqvhcwnGzjYFnGseWxGD03ME2Q9Gh4cvcWIg + n+M0s7YwkeclMIfYJuqTcrnNuTGCS1eC9dCS9XghvNATxpTgNQpuYYPyZ7PJxawfjMYjXKpcME70 + xTHoW2libiFVelPfIcEZSoR+OOwHYX/gz4JxFAyjQeiOg+An9NsnJ8mIRccrNc90kuQ91OeH7bW3 + kwRMrEVBgcPVI2YWPM97LBHGChlbVgiIgak5Wyl965J0rOQ7nT/Ri1IKShfPr/mSW669pYCVV7m1 + c3C7FfiDYPyLEX/DzwtMe7lAqwQLNDnj5pZyVd5YGkVznhvoObXgCd6rku05mUDg6DjbnMIS0Ff/ + a8+xApFVIEqcSJZ4R2cPJgO/2Si0+oQ3embAt9JVuKsENuGmyTcg2d3qnRTWogLjtLYJqb9XZ42a + 2xXXhFcjFkUu0OFk7+aYjwplw/F6OH6iu9/JTHOTNi9Dn4AeDtfh8P+1Ume/wiIaDA7WwcGPMLhu + LA7C9SD8ERa3AP/69SEcgy6chl0bg2ZjLtbva3JEWFxeIUzSVEOKfPOgCPACKi/r8n9c66hr46Br + 42XHRti5Me7aOHzoZ02b9SqRUvVCOFE/wCm3+HDUhPv0wq3pfEfgXq1OU1lWw2NVUuACIuUPtCBk + 6kRWl4DpQ6X2PWacirN2rtJH+rWI6wB/ebBGvqKwyVSZJ6+EKXK+2RY3QUIDXpb447FHYngYNo/E + fthaKtvf6AJV2IKq0EJpYTfPDGIj7lUvzb9/K8SCp2A8kjCNEoELmUgz1yzTHVu+xZWGVkPnYeGE + bRnk/AaIGKkC9nuCLvAGXRgNxhSRjJtJIeJTIW9f084rKKh/kXGTtSqXq2qvXZFKTrB94Tc5TIGb + Ggl6O3LOT9+9OTm7Pj05npxdTK4n0+mfU7wf1qnBkOCBWQbsHF8AaRnZZcIwJfMNQzYROSllVrHf + hObsXMMC6YSVBlHrPsYqARaU498J3y+SQeTUryJmD8O/q6p7bIGJSIXk+f6hbfe1DW+F6xy9awgH + M5tKaE+XBZVtF5JHB36D5LpReib4auH25b3f2zwNjzu8/crjW2w3G8g1ymtbx9uO7j853LSFdc2g + kbBpFCSsqLpVrvRZ7c1NXkI/1cgSu6ZIsVeqTrZaFNgQS/s46EctLXwvsftCLWXcD+dH+e3/EUu1 + KgtqFF8LmSAxGoa1wm4AJCtKk0FSofRkekTfG2BCLskywSxh+FOA4aMFSUTKstBlb0jdR/mi+r6I + 2GWrVsiISYyXFdwqHfnuyB3cUdAx5rmKeZ4pY6OxP/a9eS1zXfnmDUbjK5RmlxcQl8RR7K1a9a3q + EMZHOynx0Q6vmMcuA2PZXyXXFjSbyBQrc4Fx7hCF9oAXVNJn53+woxI5gF3EXHZIUQvoHfpXdUTv + 7tgFNq+Vnzg+fj+pPh/qT5NommyfehrOhEU6INEKWDhCRYwYk92xS9TRD5EC+tglh0HlBQFVLhNX + Yr/vpmrpLctcInQtUot3//wVqRj4fisXr8BdCKvBVTr1sL45YV5gM0u84OFRN7OLnOR2+cJJlTFS + FuLfFNIy5xjTfwAAAP//7Fltb9owEP4r1qRWgEgKSQiFquqoWNVOazWt2j50XzCxgWwhifJC92E/ + fs85L7yUlI6qVSdNrYDYPvt8vnvO9+QX1XBqH0Ppu9wjV7qV0QKlGtNY7aacockOveTkFNPYeqte + Ycv85I8M06T1B0i2C9kkU6n7M9tmFxv77Ji9J9slH6/sYj3dLtZOu7y4TYwqmyDgCqfrN5R9qI01 + hqlkQ0QqGj8CxZjRazIAeYeto0DxN2vrJQyoZ1N/tdPGFoYKeQGKPwJGOQla75RjNXzUt+3/0d2z + BiIS7d/xpe0VHFgS/qSmeF54rh9B4zZIIxjzwvUk4FNmBj+cJifccWSYqJ9L91sRHC5hvgE4LtUI + gP85cOpucMTFwo2RQyTl2y4ywISMDjcqLgZ0pKPlCiOGKwwj/VGa55eWKHeHXDtyB1G6Q5y7A08S + ZOC4ye5nrjNjuDlPpwDhFADIQo61/CnjDEWNA0Fci5yIT0iP0UBtVPvE/WkKOB6xmeQCkguOHKpn + u2XflgpdA+89uZpc1vuLkqq/6pIY8lmVCaLoR/e06G6vz4CRM4ijEU6uwr2/+2AI8/v0Qf6FR9pW + jFnCdOy5Tn5o165KpfmZfVW3LbJwfhiZMgww46EjyjcPuat5yJ2EZG4C5qoHhsS3cIUUa+70BTGF + KyiW/hunyEXDgPIm+XiNi7nr11mt/nsOH06Cfum3W0HjxQHD2BMwDAIM45mAsVfWeAAY++at1fN9 + bcCw/wPGKwCG9W8Bhl2K7gCMh4xHpyz6NwveKiqkbVV1lIQXVUlJBF9SPA/xNBtDW1XcmFXyVpsS + VbxDq+QdCvNUDaziylrlmmv1+2Z5p6JjRrVJViPG6XzOqYB992iFRSYnNiqI9ix1iZM4g8cSh3Yl + TrttAGLrwBxI+9ge2xbXWhOjq1kT3tF6vW5LE/ZEyO5kbEmTyuJSEstmsv0nSkrym4EQFDWkM48C + T7xfURlVMy3wKJOuDkXqKLzVMJIp2FxzYgpjLAW3u8dcmrwnJtzqHTtjbvccq90+E6dqFuz1wLjA + fyanzbmfF4maljXFehpr9zCZZuhUfepZxJJNtZDzmEwKeZUTuBfj5+W5ZumhT+TEJiv/9jXepPXf + vsabrwXeusZALJFxyjl7dKmcn5173P8p/Xjmhiq0qBDMiOwM9O4Cn0Z/SKMglEd3gCOHKNc8Bund + FHrLSKdl8jdy23knqwqDrRU6+g8AAAD//0KVwDXHYQIv54uglcRocTQIEx6h4ggAAAD//xqMLh4t + jmjtYvoVR+ilBrytB28aAZ2eDsmC1aA5dyjbAGhhfkkidMUAuim4WnsGuIoxAyPs5SHORiCuVqwJ + rlkpA1ytWFBxgVXCGKcEvP2YmleWWZSfB2kjQoRSSqHLVSBcokIvPxdiQjWMCa0dyCitkVba6MPM + 1VHKTawISi0uzQEZjGQ3eG6mqMSxBOKOsvwS6k0JQwyDGwq0KyOxOCwfPLUFm7UFTUqDJoxAVsId + gupaIxTnQjWAg6e2thYAAAD//wMA9dwEEB0lAAA= + headers: + Atl-Request-Id: + - cdbffae6-fb4f-4e0c-a5bb-0aa041adcf20 + Atl-Traceid: + - cdbffae6fb4f4e0ca5bb0aa041adcf20 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:40 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=269,atl-edge-internal;dur=14,atl-edge-upstream;dur=255,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 6f204f3e534fde1214913f0c22d929e0 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: !!binary | + H4sIAAAAAAAAA+xW32/TMBD+V6o8V0vbVWOqhBBiIE2gCWndXtCETHJZb3PsYDttyrT/nXPixO5a + RjpgvCxP9vl+fOf77uK7CKqCiTSaRYWSN5AYHQ39cvblziug1iWYdQFWRQPPSLYwptCzOE4hI4NU + 3sgDZjjTGpk4EGBiBdrErMB4Ejuv8XhEH7lA67Td3MKadmfz9+dz2gmWA20vBBpDDmxAtmSGqQvF + CdVdND2upsd7xi8FLkFpxr82vuIlwiq2CXXQ3MF4NB29opiTaTWZ/tsobzT+gNc6Z5xTwPFRNT56 + joBVG/FwUh1OniNiDimWeXQ/DHlk+fUEJnUeai5NQi7ZTQo6UVgYlIKkbwd1rsNBitqgSMygQEhg + ILPBSqrbA2udSEHM2hPFI9fgAXYXcTg+3riIjuRzpm9pVwqjmNCcGUjPNk50+c3Y1SxjXMMwWiAo + ppLF+hMsgUCPhr5HMwSe2nZxC2oVXeY5U2u7VPC9RAWkaFRJnnSygJzZE4uVzLVRKK5tzLU2kFuJ + s77v8J47SduzrQYBY/oEMlZyc8l4CR1gWRBgWw1bcKq3ia5CGvRC5rUDcF7o4Z1a2WDeaDYIQ9te + GK9o3HAuV5DWSi88fYSNjeEp5VXb7qDnva12wRQIs1lq52F3rTmKOlxba+fAF/pzI2iL7M57Vrhj + YSLzQgqyrHvl99iYUsxyHQkVmXj7EGvg1ON954Ut5kCvL26WpjYS2HgKcrmEaAdbbWYb7OqT2nbz + hy58IieBtM0k1OybSlsC98/oNQZa3ZAYThQwo1Ny1Oj2ewDbvtQnjYA/e/Q4azvNPjbDVmZmRUy3 + F4B5wZHmvC/pyxvpbwb8f2+kemJmWF2Sh4aUffr34Wiy8Zt+7Hol9On75QNWA6fsZ1Oouk/jDN2I + enw4FQqlQvPgVfKrzDrtjbZ3srDvO7W28TvBVgLNgNnGvwPwExu/iR2PbUn6/7gxZ9egY2uhWydI + ggVeL8j7TwAAAP//vJfBboMwDIZfpeqht8K6tpdJqNph0iax087VBNQCNgqMkHU99N0XxwmE0mms + QTvWjZMvtnF+O+wTW7S68SMZ8QTZV0Qw7GClRhkHtk+qMW+tMZfjYNL31gV91rJHoi6tUVfjoIqK + 7HL6xUFDrqwh16NB9krUlzaNup6etihNzC/RDv0/SwH1Imd1sZfT1at4xherYR0syLEJkfNUCj+n + PH6lzIkrgDwpStGHnLe0Cu7iZA5lGs2V/iUXktfitLbZPYhFE58WKTXZQ7vQ9n7s29iVsyAE0g4D + bnT22vTVo9qtRfbJoHnV/6Lf8rpAdZxBDQPT2FTCwrlxaSOX8Viktt58cKiO3uDLX1LUgjmo6yBK + 9oOHlvN4GP5GTAxrG5d7cynFpuM97B50g6goj+14jUV0ZT4Nf4PfsBp5Fb9hN5GTd5vezgY2KVZz + tCsK/h2qTcQrnPSUyH/aeTOWFIcXHuKASkOhh4+7aWZkUa4SVOhpL+dZNruqXJowI3Ccg2xjvweZ + M6g65aC9jWLQpqYUWoNdFPFwl3YLwgxcBjimb5Qc9eQY8tdoUOdAwbo9fQMAAP//AwBWYTYNTBYA + AA== + headers: + Atl-Request-Id: + - 9d9b0250-1902-48a3-afa0-a9c29f65059e + Atl-Traceid: + - 9d9b0250190248a3afa0a9c29f65059e + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:40 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=326,atl-edge-internal;dur=20,atl-edge-upstream;dur=288,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - df682c09b2ac5779442bcc3c869a3826 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/358] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || + CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] + | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] + | Inactive, Verified, Risk Accepted |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] + | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Inactive, Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* Jan. + 29, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* High\n *Due + Date:* Jan. 29, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* Jan. 29, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n"}, "update": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '3379' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15997 + response: + body: + string: '' + headers: + Atl-Request-Id: + - 719e079e-76f2-41d0-8213-a326e15369b6 + Atl-Traceid: + - 719e079e76f241d08213a326e15369b6 + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:41 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=524,atl-edge-internal;dur=15,atl-edge-upstream;dur=510,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 553c26703689b1379605fa8a65b6e6ce + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15997 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXWXPbNhD+Kxg+phIvSYnMmU7HdZTEreu6spI8OB4PTK5IxCTAAKCOxv7v3eUh + xbaUqd1p7Afi2gO7335YfXVgVXKZOJGjQSagIXkjIE9MT/ICTM/EGRS8p0rQ3AolTQ8SYQuwvBdn + XKaQq7S3AG1wD5IplBoMSNuejStjVTEnhVeB7we+q+FLBcbO1iWcaR5bEYPTcwTZD0YHB69wYiCf + 4zSztjSR5yUwh9gm6rNyuc25MYJLV4L10JL1eCm80BPGVOB1Cm5gjfKns8n5rB+MxiNcql0wTvTV + MehbZWJuIVV63dwhwRlKhH447Adhf+DPgnEUDKNB6I6D4Cf02ycnyYhFx2s1z3SS5D3U54eba7eT + BEysRUmBw9VDZgqe5z2WCGOFjC0rBcTA1Jwtlb5xSTpW8r3On+hFJQWli+dXfMEt195CwNKr3do6 + 2G4F/iAY/2LE3/BzgWmvCrRKsECTM25uKFfVtaVRNOe5gZ7TCB7jvWrZnpMJBI6Os/UJLAB99e96 + jhWIrBJR4kSywjs6D2Ay8LuNUqvPeKNnBryVrsNdJ7ALN02+Acn2Vu+lsBYVGGdjm5D6e33WqLld + ck14NaIoc4EOJw9ujvmoUTYcr4bjJ7r7ncx0N9nkZegT0MPhKhz+v1aa7NdYRIPBy1Xw8kcYXHUW + B+FqEP4Iiy3A7+4ewzHYh9Ow25iL1YeGAzH7F5ePTw66kzxNNaTIN4+KAC+g8qop/93mRvs2Xu7b + eLVnI9y7Md63cfDYz4Y2m1UipfqFcKJ+gFNu8eFoCPfphdvQ+ZbAvUadprKsh0eqosAFRMofaUHI + 1ImsruCu5WnSpkXchPProzXyDI+aTFV58lqYMufrtpRxGd2yHxAzVN5tNDTgZYk/dj0Sw4OweyQe + hm1DZQ839oEq3ICq1EJpYdfPDGIn7tUvzb9/K0TBUzAeSZhOicCFTKSZaxbpli3f4UpHq6HzuHDC + Depzfg1EjDtKg/hkZyCCfRgNxhSRjJtJKeITIW/e0M5rKKl/kXGXxzq7y3pvsyKVnGD7wq9zmAI3 + DTZ0O3LOTt6/PT69Ojk+mpyeT64m0+mfU7wf1qnBkOCBWQbsDF8AaRnZZcIwJfM1QzYROSllVrHf + hObsTEOBdMIqg6h1d7FKgAXl+LfC98tkEDnNq4jZw/Bvq+oeW2AiUiF5/vBQ23214a2RnqN37Zwy + m0rYnK5KKtudSB767njod0huGqVngq8R3ry893ubp+Fxi7dfeXyD7WYHuU55Y+uo7ej+k8NdW9jU + DBoJu0ZBwpKqW+VKnzbeXOcV9FONvLFtihR7rZpkq6LEhlja3aAf7aOF0YYWvpfx++H8JL/9P2Sp + VlVJjeIbIRMkRsOwVtg1gGRlZTJIapQeTw/pew1MyAUZIJglDH8KMHzNIIlIWRa67C2p+yRf1N8X + EbvYqBUyYhLjZQW3Ske+O3IHtxR0jHmuYp5nytho7I99b97IXNW+eYPR+BKl2cU5xBVxFHunln2r + 9gjjo51U+GiHl8xjF4Gx7K+KawuaTWSKlVlgnPeIwuaAF9TSp2d/sMMKOYCdx1zukaIW0DvwL5uI + 3t6yc2xeaz9xfPRhUn8+Np8u0TRpewAazoRFOiDRGlg4QkWMGJPdsgvU0Q+RAvrYJYdB7QUBVS4S + V2K/76Zq4S2qXCJ0LVKLd//8JakY+P5GLl6CWwirwVU69bC+OWFeYDNLvODhUTezRU5y23zhpM4Y + KQvxbwpplXOM6T8AAAD//+xZbU/bMBD+KxbSUFs1IU3SlBYhBuoQTANNoO0D+1I3dtuMNImSpuzD + fvyec9z0hRa6IhCTJlDb2D77fH7uOd/lF+Vwah9dGQU8JCjdynSKVI0ZrHJdzlBn++Hk6BjTeKZV + 3WBLffIHtuPQ+pcRJX1TWSdjqRt0nd0E2T079X2ZEALXGcrDxptOe2tD6fHKUO72hnKfNdSrG8ne + 2khwyRksOzVlMGpjtW4uWRe+jMbP4Dlmt+sMVN9kyzwx+xs1zJIo1LNjvhkesIWu4mbQ5s+YUdSC + 1s/KsQo+quv2/+TuWQ0+i/Yf+DJ2ch8sCYCpKV7mwMtHULuN8xTGPA9CCYKVhcH3h5Mjrs5b/Zzj + cUGwOw8ENRB2qUaMCKGp1QziAy6mQYZgIikitxAjBmR0wGh2daAj7c1X6DFcchjpj+RdX2tSDQet + HcFBlHDINBz4ZIIYndXZwyjwRwy37eEQNJ2DIlnCsVY0ZJwh7fEhiIuTn/IB6dErgG184dEwB2H3 + 2EhyAckpR5Q1i92y73OFrhARQrkYfpb7Z9lYZxGSGPJVJRJi1o/u4ay7sTwDRo4gjkaAXPl/5/mD + oajQoQ/CFx5pWxlmSfJ+GPj60K4CFWz1mX1T9zGysD6MQhkG3gnRkerNQ+5ynIAWSOY6ZoF6YAiN + 00BIsQSnG/gULqlY+m9AoUWTmCIrYbzCxTiIqqxS/T0Ghidxp8TtWtJ4dcKwdyQMmwjDfiFh7BRG + HhHGroFs8XzfmjC8/4TxBoTh/luE4ZWizxDG45pIsywLrKbEm7KihrupoyyJUbo0SYElVQmi2s7K + ULcsYK10WJvKatamyoRVViZm5tk0cFM1zSqVUQ4wogRFp+uLGf9q3pfl4zGnFHfvyRyMTE71qjjd + MRmmqsUJEEtVtktx3GqAEK0Pzqn0Dr2+53LDGtgtwx3wptFutyxDeAMhW4O+Kx1KnEtJLFvIdraU + lISbUyHIa0hnnsah+LigMvJqWuDJWrs6FGkiNVfDSGZW73UGjrD7UnCvdcilw9tiwN32od/nXtt3 + G40TcaxmwV4/2Of4L+SMMY90GmkYRVNm5pnxAJMZtkn5qVl4LNnUSDjPyKSQVzGBhxl+XpwZrplE + VL5Yrdu/f41XC//vX+PVFwfvXWMwlijq0Lq+dKHAz85CHt3LKBsFiXItyguLUndBendxRKM/5Wmc + yIM70JFPRVntg/T2Cr2lp9My+p3d+sqUa+39AQAA///CXmSZ4BqwNoEPWKNLwMv5ImglMVocDbqE + BwAAAP//Gi2O6OPi0eIIV3GEXmrA23rwphDQ6emQLFgNmpWHsg2AFuaXJELXFKCbgrNRh7MYw9na + M8JeUOKanjLA1bwFlQpYJQxwNW+NcekwhrcfU/PKMovy8yANSIhQSil0QQuES1To5edCTKiGMaG1 + AxmlNdJaHH2YuTpKuYkVQanFpTkgg5HsBs/eFJU4lkDcUZZfQr1JY4hhcEOBdmUkFoflgye/YDO9 + oGlr0JQSyEq4Q1Bda4TiXKgGcPDU1tYCAAAA//8DAAx1jO0/JQAA + headers: + Atl-Request-Id: + - a1b01d83-32e0-4f6a-acfc-62f38e8c3ac1 + Atl-Traceid: + - a1b01d8332e04f6aacfc62f38e8c3ac1 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:41 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=256,atl-edge-internal;dur=13,atl-edge-upstream;dur=243,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 3d9fdc9adc5ef8cd9d146d7d0021e730 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"transition": {"id": 41}, "fields": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '40' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1585/transitions + response: + body: + string: '' + headers: + Atl-Request-Id: + - f6090579-d3a1-47e4-845b-0daa1da060ec + Atl-Traceid: + - f6090579d3a147e4845b0daa1da060ec + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - text/html;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:42 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=521,atl-edge-internal;dur=13,atl-edge-upstream;dur=509,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 1e16775b2750e8a744328dac2de8cdba + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA5yQUUvDMBSF/0te3bqbtN26vMkEp+gU2r0oImlyi9U0KU06GGP/3QSH7lF9u9zz + nXsO90Bq4XA7aMLJm/e947OZwgalV/bdJsJr4VwrTGLQkwlRreu12P+DL3HYtRIVuo816n6FxuPw + 1yMraxo9opH4O+cOB9daE2AKQBNIYFpuLh/L9UP1o27Grg4T4c8RmsAEXkIm9truu9Cy2vcxbaXt + qIKpHlutviyEBwNbLE7LK+EjyIBlU8qmdFlRxlPKaZoAwAUEOPhd+AMOVdudsylUtOA04xlLcka/ + WdndmMYGELIcspTNRVrXRV4sab6kKmeplKxANacCGyGyeX0W4HVMuG0HEV8Y9FH7OytFXB+IPk0E + zeu2JMfzYk/WROX6viLHTwAAAP//AwAo3mwLIAIAAA== + headers: + Atl-Request-Id: + - b5ac5806-ed9a-4df2-a37d-172a4104c151 + Atl-Traceid: + - b5ac5806ed9a4df2a37d172a4104c151 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:42 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=156,atl-edge-internal;dur=16,atl-edge-upstream;dur=140,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 25cd54cc2c69e8f9e6fd4dede99112f0 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15997 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXbVPjNhD+Kxp/pCF+SyDxTKfDQLijpZSGAB84JiPsja3DkXySHJIe/Peu/BYI + MS10esMMtiXti3affXbz3YJlRnlkBZYEHoGE6JhBGqkOp3NQHRUmMKcdkYGkmgmuOhAxPQdNO2FC + eQypiDsLkAr3IBpDJkEB19XZMFdazGdG4dR1HNfpSviWg9KTVQbnkoaahWB1LGbsu/3hcB8/FKQz + /Ey0zlRg2xHMINSR+Cq6VKdUKUZ5l4O20ZK2acZsz2ZK5WDXCu5hhfJnk9HFZNftD/q4VLigrOC7 + pdC3XIVUQyzkqrxDhF8o4Tleb9f1dn1n4g4Ctxf03O7+nvcT+u0YJ40RjY4Xaj7opJG3UZ/jNdeu + PiJQoWSZCRyuHhA1p2naIRFTmvFQk4xBCETMyIOQ910jHQp+KdN3epFzZtJF0yldUE2lvWDwYBdu + rR2stlzHdwe/KPYX/DzHtOdztGpggSYnVN2bXOV32rwFM5oq6Fil4Aneq5DtWAlD4MgwWZ3CAtBX + 56ljaYbIyhAlVsBzvKO1ARPfqTcyKb7ijT4Y8Eq6CHeRwDrc5uMZSNa3uuRMa1SgrMa2QepvxVkl + ZvqBSoNXxeZZytDhaOPmmI8CZb3Bsjd4p7tvZKa+SZOXnmOA7vWWXu//tVJmv8AiGnT3lu7ejzC4 + rC363tL3foTFCuBPT6/h6Lbh1Gvb8OuNGVteleSIsLi5RZjEsYQY+eYfi6Bfb+DNRJqXvPChOlgr + 2F4KL5nnGumFJFSROwBOQoFIBw0REZzohClSsIThn6pmjpD4rS1R22u72H7Lhte6MWjbGL6O0Vtc + 7g9rLjccWjQ0K9h18ZNq7HNlf3h/fMvus+43dqlOGhYpXg9FbvLsmh5ybRYYj61AyxyeqrZitEkW + 1kneXDOe4VGViDyNjpjKUrqqmAeX0S19hRA3bFTFSQKGweT4VRx8r9sbNj1tM6AN825utNWA19RA + JpmQTK8+GMRa3C4a479vbWxOY1C2kVC1EoYLCYuTrlrEa6B+xpUa+t4WxHp+XRPTnWBn6hb/h94+ + fj7umAOO92zDRC+ld2D43hT25qjTBn+3DeXuwEQOC2+UsfCU8ftjs3MEmRnLeFjnu0DBQ7HXrHDB + RziV0bsUxkBViSFZvVnnp5efTs6mpyeHo7OL0XQ0Hv8xRueRfhSGDg9MEiDn2Ni4JsYuVjgWe7oi + SJIsNUqJFuRXJik5lzBHliS5QnR3t5GliyVpOY/McbLID6yy2WOWMU2mLsubvyBBTFjMOE03D1VD + ZRXeoiJS9K7mUURAzKE5nWem8Lci/uUUV85/HwRpKdzMby+J83243SDQjWGwNHRYTan/ydt61LX9 + yohfDz9RaTgUqZBnpS+YF+AbrhVZxjaA71xvR3u/jTf6DW+8leqXcfzCn/8dkFiKPDOD7zHjETKn + WnenLFcJtiYDz5PxgXneAWF8YQwYfEUEf9oQbMIQBUZZ4nXJJ6PuC98pnjsBuWnUMh4QjrHSjGoh + A6fb7/qPJuAY71SENE2E0sHAGTj2rJSZFr7Zfn9wi9Lk5gLC3JAY+SwedrVoEcYhJMpxCPFuiU1u + XKXJnzmVGiQZ8RhLco5xbhGF5oDtFtJn57+TgxyLn1yElLdImZHWHjq3ZUQfH8kFDuOFn/h+eDUq + HtflQ8z/BgAA///sWW1P2zAQ/ivWJFBbNWmapCktQoypQmMaaIJtX9CkurGbRqRJlZeyD/z4Pee8 + 9AVKuyIQk1aqksQ++3z3+DnfJXc03RRHF7r87qfgARJVoMIVBmJEqeyB3WIMzcTe13DqN9tKCwJp + OBd6iPxF96J5a54FIWCbglNaq/1/0RCWYVRy7r3Up34aSz2KvRY2Nie8+zicEyG00FWfpNOA5Bb+ + wo3yGA1m4nMtvSzgsOlvyknVOgYy9HlAULqR8RypJ9NY7aoaockOg/T4BMM4ulHfYMvC8y3Tsmj+ + i5CS2LlskrFURtBk135yx85cV84IgU8ZysHCO1ZvZ0MV/ZWh7N0NZW811KsbydzZSNiSJSz7DWUw + esYag0yyAfYyHn4BxzGz12Tg+A5b5Ynyb9LWK6JQ95b+ZnjAEgaKl9kAxMwoXEHrrXKshp/6U+t/ + dvWsgT2L57f4p+21fTAlAKaGeNkGXnVB4ybKYhjz3A8kCFbmBj/00mOu/K0uF3hcEhwsAkEDhF2p + ESFCFNSq+1GLi7mfIJhICsVdxIgxGR0wKs8M5NLhYoYhw+mGkf4yLs8zcQGHQjuCg6jgkBRw4GnK + 3bukye4nvjthOI57Hmg6A0WyGcdcocc4QxrnQhAnJjfmY9JjmANb+8pDLwNhD9lEcgHJOQ+QPOWr + ZT8XCl0iIgRyOfystpdJZH8ZkujyTWUaomxHs1c2t1dHQM8JxPEQIFf7v7/dMRQV+vRD+MItLSvB + KLNsFPhu4bRLXwXbwmc/1EGMLFw4I1eGgXcCNMTF4iF3MZ2BFkjmKmK+umEIjXNfSLECp2vsKZxO + MfXfgKIQnUUUWQnjNS6mflhntfrDFBhOo36F2ydJ49UJw9yTMEwiDPOFhLFXGHlEGPsGsmX/vjVh + OP8J4w0Iw/63CMOpRLcQxuOiSaeq9q3nwpuyora9nBWlMSCjKkJU41nvWpUB1xrsqva11mBskjA2 + lSSMqiRRmmdTx02FOKNSZiW1X8/z1O6YUPaSZ5FJNp1ySm8/PJuDkcmpoBXFeybCVK44BWKpDHch + TrptEKJxYJ1J58gZOTbXjLHZ1ewx72i9XtfQhDMWsjse2dKiZLySxLS5bH9HSUm4OROCdg3pzOMo + EB+XVEZeTRM8++5AOUXqXpx3I5myfm2NLWGOpOBO94hLi/fEmNu9I3fEnZ5rt9un4kSNgrUemOf4 + 5nLalIdFGqlp+aNEzxLtHibTTJ3yUz3fsWRTbcZ5QiaFvIoJPEhw+fmTZuuzkAps6+8h3r/G6y8y + 3r/G6y9CXk/jPwAAAP//oo6LgUVZCmSgGjq05AFO/ApOOYl52al5xRmZBeCsBeoXQsbCIaVhFGjI + yUrJtbQovyBVPwpYHCWDRm2heRA0GweUhed0kDXQOUjsI1MmuMpgE1wj2ia4ZnVM4OV8EbSSGAbF + EQAAAP//Gi2OBoOLR4sjWruYfsUReqkBb+vBm0ZAp6dDsmA1aJUBlG0AtDC/JBG6RgLdFJyNOpzF + GM7WnhH2ghLXvJQBruYtqFTAKmEA9zKahDEuHcbw9mNqXllmUX4epI0IEUophS7QgXCJCr38XIgJ + 1TAmtHYgo7RGWlukDzNXRyk3sSIotbg0B2Qwkt3gmZuiEscSiDvK8kuoN6sMMQxuKNCujMTisHzw + rBdsKhg0r52TD+pKIDkE1bVGKM6FagAHT21tLQAAAP//AwAFNZ+HDyYAAA== + headers: + Atl-Request-Id: + - 66411ef1-53f3-4b01-b82a-391c6f594660 + Atl-Traceid: + - 66411ef153f34b01b82a391c6f594660 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:42 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=303,atl-edge-internal;dur=14,atl-edge-upstream;dur=289,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 0409d2da8377b9cd3d5c40555da28354 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: !!binary | + H4sIAAAAAAAAA+xW32/TMBD+V6o8V0vbVWOqhBBiIE2gCWndXtCETHJZb3PsYDttyrT/nXPixO5a + RjpgvCxP9vl+fOf77uK7CKqCiTSaRYWSN5AYHQ39cvblziug1iWYdQFWRQPPSLYwptCzOE4hI4NU + 3sgDZjjTGpk4EGBiBdrErMB4Ejuv8XhEH7lA67Td3MKadmfz9+dz2gmWA20vBBpDDmxAtmSGqQvF + CdVdND2upsd7xi8FLkFpxr82vuIlwiq2CXXQ3MF4NB29opiTaTWZ/tsobzT+gNc6Z5xTwPFRNT56 + joBVG/FwUh1OniNiDimWeXQ/DHlk+fUEJnUeai5NQi7ZTQo6UVgYlIKkbwd1rsNBitqgSMygQEhg + ILPBSqrbA2udSEHM2hPFI9fgAXYXcTg+3riIjuRzpm9pVwqjmNCcGUjPNk50+c3Y1SxjXMMwWiAo + ppLF+hMsgUCPhr5HMwSe2nZxC2oVXeY5U2u7VPC9RAWkaFRJnnSygJzZE4uVzLVRKK5tzLU2kFuJ + s77v8J47SduzrQYBY/oEMlZyc8l4CR1gWRBgWw1bcKq3ia5CGvRC5rUDcF7o4Z1a2WDeaDYIQ9te + GK9o3HAuV5DWSi88fYSNjeEp5VXb7qDnva12wRQIs1lq52F3rTmKOlxba+fAF/pzI2iL7M57Vrhj + YSLzQgqyrHvl99iYUsxyHQkVmXj7EGvg1ON954Ut5kCvL26WpjYS2HgKcrmEaAdbbWYb7OqT2nbz + hy58IieBtM0k1OybSlsC98/oNQZa3ZAYThQwo1Ny1Oj2ewDbvtQnjYA/e/Q4azvNPjbDVmZmRUy3 + F4B5wZHmvC/pyxvpbwb8f2+kemJmWF2Sh4aUffr34Wiy8Zt+7Hol9On75QNWA6fsZ1Oouk/jDN2I + enw4FQqlQvPgVfKrzDrtjbZ3srDvO7W28TvBVgLNgNnGvwPwExu/iR2PbUn6/7gxZ9egY2uhWydI + ggVeL8j7TwAAAP//vJfBboMwDIZfpeqht8K6tpdJqNph0iax087VBNQCNgqMkHU99N0XxwmE0mms + QTvWjZMvtnF+O+wTW7S68SMZ8QTZV0Qw7GClRhkHtk+qMW+tMZfjYNL31gV91rJHoi6tUVfjoIqK + 7HL6xUFDrqwh16NB9krUlzaNup6etihNzC/RDv0/SwH1Imd1sZfT1at4xherYR0syLEJkfNUCj+n + PH6lzIkrgDwpStGHnLe0Cu7iZA5lGs2V/iUXktfitLbZPYhFE58WKTXZQ7vQ9n7s29iVsyAE0g4D + bnT22vTVo9qtRfbJoHnV/6Lf8rpAdZxBDQPT2FTCwrlxaSOX8Viktt58cKiO3uDLX1LUgjmo6yBK + 9oOHlvN4GP5GTAxrG5d7cynFpuM97B50g6goj+14jUV0ZT4Nf4PfsBp5Fb9hN5GTd5vezgY2KVZz + tCsK/h2qTcQrnPSUyH/aeTOWFIcXHuKASkOhh4+7aWZkUa4SVOhpL+dZNruqXJowI3Ccg2xjvweZ + M6g65aC9jWLQpqYUWoNdFPFwl3YLwgxcBjimb5Qc9eQY8tdoUOdAwbo9fQMAAP//AwBWYTYNTBYA + AA== + headers: + Atl-Request-Id: + - 41ded392-d26b-47ee-ba8a-80754af6e1b5 + Atl-Traceid: + - 41ded392d26b47eeba8a80754af6e1b5 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:43 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=298,atl-edge-internal;dur=13,atl-edge-upstream;dur=286,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 10525d059506a4ca8e129cd0d74cc199 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/358] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || + CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] + | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] + | Inactive, Verified, Risk Accepted |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] + | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Inactive, Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* Jan. + 29, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233]\n*Defect + Dojo link:* http://localhost:8080/finding/233 (233)\n*Severity:* High\n *Due + Date:* Jan. 29, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* Jan. 29, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n"}, "update": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '3379' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15997 + response: + body: + string: '' + headers: + Atl-Request-Id: + - 9a5ace92-2904-49c8-93f0-9edbfc562563 + Atl-Traceid: + - 9a5ace92290449c893f09edbfc562563 + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:43 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=263,atl-edge-internal;dur=12,atl-edge-upstream;dur=251,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 126927b3cdee0003fae54352fbaf97a1 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15997 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXbVPjNhD+Kxp/pCF+SyDxTKfDQO6OllIaAnzgmIywN7YOW3IlOSQ9+O9d+Q0I + MVPo9IYZbEvaF+0+++zmuwWrnPLICiwJPAIJ0ScGaaR6nGageipMIKM9kYOkmgmuehAxnYGmvTCh + PIZUxL0lSIV7EE0hl6CA6/psWCgtsoVROHcdx3X6Ev4qQOnZOoczSUPNQrB6FjP23eF4vI8fCtIF + fiZa5yqw7QgWEOpIfBN9qlOqFKO8z0HbaEnbNGe2ZzOlCrAbBXewRvnT2eR8tusOR0NcKl1QVvDd + UuhboUKqIRZyXd0hwi+U8BxvsOt6u74zc0eBOwgGbn9/z/sJ/XaMk8aIRsdLNR900sjbqM/x2mvX + HxGoULLcBA5XD4jKaJr2SMSUZjzUJGcQAhELci/kXd9Ih4JfyPSdXhScmXTRdE6XVFNpLxnc26Vb + Tw7WW67ju6NfFPsbfs4w7UWGVg0s0OSMqjuTq+JWm7dgQVMFPasSPMZ7lbI9K2EIHBkm6xNYAvrq + PPYszRBZOaLECniBd7Q2YOI7zUYuxTe80QcDXkuX4S4T2ITbfDwDydOtLjjTGhUoq7VtkPpbeVaJ + hb6n0uBVsSxPGTocbdwc81GibDBaDUbvdPeNzDQ3afMycAzQvcHKG/y/Vqrsl1hEg+7eyt37EQZX + jUXfW/nej7BYA/zx8TUc3S6cel0bfrOxYKvLihwRFtc3CJM4lhAj37wqAryASIuq/D8E9ycF2xH/ + kmCukEVIQhW5BeAkFAho0BARwYlOmCIlGRiaqUvjCPnd2hKcYVcM9ro29js2vM6NUdfG+HXw3uJy + f9xwueHQsqFZwa6Ln1Rjn6v6w/sDX3Wfp35jV+qkYZHy9VAUJs+u6SFXZoHx2Aq0LOCxbitGm2Rh + k/3NNeMZHlWJKNLoiKk8peuaeXAZ3dKXCHHDRnWcJGAYTPJfxcH3+oNx29M2A9oy7+ZGVw14bQ3k + kgnJ9PqDQWzE7bIx/vvWxjIag7KNhGqUMFxIWJz01TJ+QvAXXGlqwtsCZc9vimW+E+zM3fL/2NvH + z4cdc8Dxnm2Y6KX0Fgzfm8LeHHW64O92odwdmchhRU5yFp4wfvfJ7BxBbsYyHjb5LlFwX+61K1zw + CU5l9DaFKVBVYUjWb9bZycXn49P5yfHh5PR8Mp9Mp39M0XmkH4WhwwOzBMgZNjauibGLpY8skK4J + kiRLjVKiBfmVSUrOJGTIkqRQiO7+NrJ0sSQt54E5Th75gVU1e8wypsnUZXXzFySICYsZp+nmoXqo + rMNbVkSK3jU8igiIObSni9wU/lbEv5ziqvnvgyCthNv57SWjvg+3G8y6MQxWhg7rKfU/eduMurZf + G/Gb4SeqDIciFfK08gXzAnzDtTLL2B/wnevtaB+2vPFWRjeFWk55Gcev/PnfAYmlKHIz+H5iPELm + VE9tKy9Ugj3LwPN4emCet0AYXxrLBl8RwZ82BJswRIFRlnh98tmo+8p3yudOQK5btYwHhGOsNKNa + yMDpD/v+gwk4xjsVIU0ToXQwckaOvahk5qVvtj8c3aA0uT6HsDAkRr6I+10tOoRxCIkKHEK8G2KT + a1dp8mdBpQZJJjzGkswwzh2i0B6w3VL69Ox3clBg8ZPzkPIOKTPS2mPnporowwM5x2G89BPfDy8n + 5eOqeojsHwAAAP//7FltT9swEP4r1iRQWzVpmqQpLUKMqUJjGmiCbV/QpLqxm0akSZWXsg/8+D3n + vPQFSrsiEJNWqpLEPvt89/g53yV3NN0URxe6/O6n4AESVaDCFQZiRKnsgd1iDM3E3tdw6jfbSgsC + aTgXeoj8RfeieWueBSFgm4JTWqv9f9EQlmFUcu691Kd+Gks9ir0WNjYnvPs4nBMhtNBVn6TTgOQW + /sKN8hgNZuJzLb0s4LDpb8pJ1ToGMvR5QFC6kfEcqSfTWO2qGqHJDoP0+ATDOLpR32DLwvMt07Jo + /ouQkti5bJKxVEbQZNd+csfOXFfOCIFPGcrBwjtWb2dDFf2VoezdDWVvNdSrG8nc2UjYkiUs+w1l + MHrGGoNMsgH2Mh5+Accxs9dk4PgOW+WJ8m/S1iuiUPeW/mZ4wBIGipfZAMTMKFxB661yrIaf+lPr + f3b1rIE9i+e3+KfttX0wJQCmhnjZBl51QeMmymIY89wPJAhW5gY/9NJjrvytLhd4XBIcLAJBA4Rd + qREhQhTUqvtRi4u5nyDKSArFXcSIMRkdMCrPDOTS4WKGIcPphpH+Mi7PM3EBh0I7goOo4JAUcOBp + yt27pMnuJ747YTiOex5oOgNFshnHXKHHOEMa50IQJyY35mPSY5gDW/vKQy8DYQ/ZRHIByTkPkFXl + q2U/FwpdIiIEcjn8rLaXSWR/GZLo8k1lGqJsR7NXNrdXR0DPCcTxECBX+7+/3TEUFfr0Q/jCLS0r + wSizbBT4buG0S18F28JnP9RBjCxcOCNXhoF3AjTExeIhdzGdgRZI5ipivrphCI1zX0ixAqdr7Cmc + TjH134CiEJ1FFFkJ4zUupn5YZ7X6wxQYTqN+hdsnSePVCcPckzBMIgzzhYSxVxh5RBj7BrJl/741 + YTj/CeMNCMP+twjDqUS3EMbjokmnqvat58Kbqilte1NDVU2jPCqNgSVVKqLiz1pXY1Phza6KYusS + m0oSRlWSKM2zqeOmQpxRzbmS2q8ngGp3TCh7ybPIJJtOOaW3H57NwcjkVNCK4j0TYSpXnAKxVIa7 + ECfdNgjROLDOpHPkjByba8bY7Gr2mHe0Xq9raMIZC9kdj2xpUTJeSWLaXLa/o6Qk3JwJQbuGdOZx + FIiPSyojr6YJnn13oJwidS/Ou5FMWb+2xpYwR1Jwp3vEpcV7Yszt3pE74k7PtdvtU3GiRsFaD8xz + fHM5bcrDIo3UtPxRomeJdg+TaaZO+ame71iyqTbjPCGTQl7FBB4kuPz8SbP1WUgFtvX3EO9f4/UX + Ge9f4/UXIa+n8R8AAAD//6KOi4ElVgpkoBo6tOQBTvwKTjmJedmpecUZmQXgrAXqF0LGwiGFXhRo + yMlKybW0KL8gVT8KWBwlg0ZtoXkQNBsHlIXndJA10DlI7CNTJrjKYBNcI9omuGZ1TODlfBG0khgG + xREAAAD//xotjgaDi0eLI1q7mH7FEXqpAW/rwZtGQKenQ7JgNWiVAZRtALQwvyQRukYC3RRcrT0D + XMWYgRH28hBnIxBXK9YE14SVAa5WLKi4wCphjFMC3n5MzSvLLMrPg7QRIUIppdAFOhAuUaGXnwsx + oRrGhNYOZJTWSGuL9GHm6ijlJlYEpRaX5oAMRrIbPHNTVOJYAnFHWX4J9WaVIYbBDQXalZFYHJYP + nvWCTQWD5rVz8kE9BiSHoLrWCMW5UA3g4KmtrQUAAAD//wMAzRuEcA8mAAA= + headers: + Atl-Request-Id: + - 6da0074d-7215-4b0a-bcfc-62252d20dc75 + Atl-Traceid: + - 6da0074d72154b0abcfc62252d20dc75 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:44 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=244,atl-edge-internal;dur=13,atl-edge-upstream;dur=231,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 12478648e1d68887c9a00708877ca4c8 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA5yQUUvDMBSF/0teXbskTbsubzLBKTqFdi+KSJrcYjVNSpMOxth/N8Ghe1TfLvd8 + 557DPaBGONiOGnH05v3g+HyuoAXplX23qfBaONcJkxrwaIZU5wYt9v/gKxh3nQQF7mMNeliB8TD+ + 9cjKmlZPYCT8zrmD0XXWBJhgTFKc4qTaXD5W64f6R91MfRMmxJ8jNMMz/BIyYdB234eW9X6IaStt + JxVMzdRp9WVBPBjoYnFaXgkfQYopSwhNyLImlGeEkyzFGF/gAAe/C3+Ase76czbDNSk5YZyxNCfF + Nyv7G9PaAGKWY5bRQmRNU+blkuRLonKaSUlLUAUR0ArBiuYswOuYcNuNIr4w6JP2d1aKuD4gfZoQ + mNdthY7nxZ6sicr1fY2OnwAAAP//AwA1PnHcIAIAAA== + headers: + Atl-Request-Id: + - 0c64ba81-a893-428d-a03a-8da3f30eb7f1 + Atl-Traceid: + - 0c64ba81a893428da03a8da3f30eb7f1 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:44 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=161,atl-edge-internal;dur=13,atl-edge-upstream;dur=148,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 239a1b811565e786b52148c893e582e2 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15998 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXWXPbNhD+Kxg+dVKJl45InOl0XEdJnLquKyvJg+PxQOSKREwCLADqaJz/3l1S + lGI7Smt3GnvGxLUHdr/9sP7kwLrkMnEiR4NMQEPyUkCemI7kBZiOiTMoeEeVoLkVSpoOJMIWYHkn + zrhMIVdpZwna4B4kUyg1GJB2ezaujFXFghReB74f+K6GPyswdrYp4Vzz2IoYnI4jyH4wGI9HODGQ + L3CaWVuayPMSWEBsE/VRudzm3BjBpSvBemjJerwUXugJYyrwWgU3sEH5s9nkYtYNBqMhLtUuGCf6 + 5Bj0rTIxt5AqvWnukOAMJUI/7HeDsNvzZ8EoCvpRb+D6o+BH9NsnJ8mIRcdrNU90kuQ91OeHu2tv + JwmYWIuSAoerR8wUPM87LBHGChlbVgqIgakFWyl945J0rORbnT/Si0oKShfPr/mSW669pYCVV7u1 + d3C7Ffi9YPSzEX/BTwWmvSrQKsECTc64uaFcVXNLo2jBcwMdpxE8wXvVsh0nEwgcHWebU1gC+up/ + 7jhWILJKRIkTyQrv6NyDSc8/tBG0G6VWH/GqT8zEVrrOQ53ZNg80+QI9++u+lcJaVGCcnW2C8K/1 + WaMWdsU1AdmIoswFOpzcCwkmqoZff7Tujx7p7jdS1t5kl7C+/xzdCPvrsP//WmlgUYMUDQbDdTD8 + HgbXrcVeuO6F38PiFvmfPz+EY3gIp712YyHW7xpyxOxfXiEa0lRDinzzj0UwaDfwAiqvGl74+tHh + oY3nBzbCgxujQxvjh+40tNmsEinVL4QTdQOccosPR0O4j6/Phs73BO416jRVXz08VhUFLiBSfk8L + QqZOZHUFmCVUat9hYqkGG+dqfaRfi7iJ46cHa+QrCptMVXnyQpgy55ttDVPmNeBliSYePhJ99/n+ + kbgftkNUFu6o7P7GDlSlFkoLu3liEFtxr35p/v1bIQqegvFIwrRKBC5kIs1cs0z3pPgaV1r2DJ2H + 9RHuyiDncyD+owq43xMcAm9wCKPBiCKScTMpRXwq5M1L2nkBJfUvMm6zVudyVe/tVqSSE2xf+DyH + KXDTIEFvR8756dtXJ2fXpyfHk7OLyfVkOv19ivfDOjUYEjwwy4CdI9FLy8guE4YpmW8YkobISSmz + ir0RmrNzDQWyBqsMotb9GnkEWFCOfyt8v0zmkdO8ipg9DP++qu6wBSYiFZLn9w9tu69teGtc5+hd + SziY2VTC7nRVUtkeQvJoOGyR3DRKTwRfI7x7YO/2No/D4x5vv/D4BtvNFnKt8sbW8baj+08Ot21h + UzNoJGz7AQkrqm6VK33WeDPPK+imGlli3xQp9kI1yVZFiQ2xtF8H/eAQLQx2tPCtjN8N5wf55e8R + S7WqSmoUXwqZIDEahrXC5gCSlZXJIKlRejI9ou8cmJBLMkAwSxj+K8Dw0YIkImVZ6LJXpO6DfFZ/ + n0XscqdWyIiVaTRwA9e/pWBjrHMV8zxTxkYjf+R7i+bsde2T1xuMr1CKXV5AXBE3sddq1bXqgDC+ + yUmFb3J4xTx2GRjL/qi4tqDZRKZYkQXG94Ao7A54QS19dv4bO6qw9tlFzOUBKerwvLF/1UTy9pZd + YNNa+4nj43eT+vO++bQJpsn2iafhTFikARKtAYUjVMSIKdktu0Qd3RBLvxsM/VFYe0EAlcvEldjn + u6laessqlwhZi5Ti3T1/RSrG/Z1YvAK3EFaDq3TqYVlzgrrAVpXowBv33cwWOUmVKf6p80QqQvyZ + QqEs4DUSYJM1poNkWJf9cJ7+DQAA///sWN9v2zYQ/lcOCBDImkPPsmxjDvwQJH3YsBbD0u5lHmBF + ZmJtsuToR5qi6/++70iKomKrRZM9Jgkc+Y5HHr873n3UkE7T6pwCMR6LgOj0rjpf0kT8CGOlmIiZ + CKlRhK0iFFMxb+TTVj4VmKuRz1o5P05bOXtn5GMxa+VBKw/c8ZNWPhGTVh628rDdwLxdlx8duV2X + H4NBT26YTB4FkxkjegHS8CCHHHpF9+lYnOffGWcz/v+K82uMnx3jsC/GKIRNUVj4Kt4sI/+qlnSF + CgrhL+guFPw0JDTYKXWrc/O7HQtbntX3iXg9ly+M2Qx1279SvR5t+O+cmAUhHt+0Iw8fg2OR/Wpc + yUcvgPxP/Dt7xnHFgjj3aoKXtYVuavnXeV3EEumVSp8b9Bn66C4pJeO6v3MGXrU0wke7t8si90rT + oEWSj6LNQ1KCiuAOMA0CMIxbhhjHoSGezDXW+7s1gdTBv4wiKnQax5zG0qYx70EW0U2Sck+ttlFF + eYyFSvq4BTupQK+NIaN2E5WS8oLucU/7RLgrx3wKS8weF9EtOwA6Vu8yYvYl1EEDQS8kgaFT9TFv + TGIqY5lFuMkwZcFSSbwlEAGw9zT5R4K/32KVCG7v92kSq1eXhho1DqcS+ODI8gXAHaW3Bp/qrIxu + USqY75+VNQ+Bf+V9apYzyJS0i2Cc5GAGjvOlWGXB4ewwyoB0yc7APVx5C7BFzGvRYbZmfYgMUoWs + 6iJDbuOprNOK0XV8wLijTggG8OQEV5cc8cTfZZ7Fcl+tsvV6vcr4OljRZ7rEzsB6vtCS+F1uUkjv + 9OQxmCO19P9BMzbWI5cE7mzMPFaqJ2E2x5LGgOFa0vr6za9vLt/TmC6u6fS+zqvzFX705CNfS3AI + j6n90Qrn8gfeapmnUuC24CH7Y9zghMweBn+xN6DQMMlGI229Vg5opxSAHvwYkieLYsgIDmjJJ4c+ + Y2azJ8y1Yce/DAw49IdNFHoL0op8IT5qrrx5D7TolHEwxZ5CDk1fKbdGB8Xcag7KuaN5UtAdzZOS + 7mieFHVH86SsW81BYXc03dIOnH5TL3g2DUgLM9KAZFDBfA5cjJHBhBdy4WKMDChG1cDFGFlQHE3T + 8hpUOioGyaLS0TBIFpWOhkGyqHQ0DJJFxdFokCwqHY0GyUkm4LVFJnFKnmnCtzgs9HxXWfAHuhO+ + XcR8DpCY9Q2Ov+kBbxN18zMtwLdXmUA8iscFfVBvC7gAmWLfhAQVM4WmEK7RpM9IR+uoTdhno8N4 + 1GbaZ6MDfNRm1mejI2JtyKN33IFUd7IdTiXBUEd8qMquDjG3migtc9rrBBbEPMIuOu9bVIX064ua + hECXOljAxO7n3T6KK47bu5wS9YWQAg/JRm7aNo+Bv4MUFRLVvPyePm9M9zlfuZmmeNFml2QD8gb/ + 7kBDqnxhqcdRPvvKZZ0D7Ba8b3PZ8JlcNmQuG76My/4HAAD//6JKW5bcri9yuqV1W9ZwtC1bAAAA + AP//7Jpda8IwFIb/yhh4mS5tY2sH4hQ23F/w7jRJ59B+0A/295fT1GAzs41dFVbwQkyOPR6bty+8 + z+xlZy87e1mHrI+82UjYR97sWtpnL3uZ1+xlZy87DS/rm9IfvOzX/H5pImw7vnUleD67TvDaGvip + hxMQLrC3GsTDWmAGtrAWqKuCulJ0alL0y3hcG13kBzXNjNJoO5OEtgV+xMRNJ55Nl+eAcez9zbwQ + R41MRVn/MbBFd7IBzpEEeRXr2FdOli7CrYxWURoxIDQLYsIyWJIkiSkRUSZknKVMhhjumkp1WV37 + +MtKiffLVgjVS4M9Q12exdNVy7xETu577Kv/M6T3VuttWHNBj8IsFEEqBUTxCmQIiciAJSueQpRw + 5vsbse6/Rf3WRfCiXrqO5FAMkSch+qPG6xryoUZGAg+zVE+rJc6UVAANjlTV925enUv1dr8jzKsK + jNhthGz6HdsM2vQ7thm2qXesJExoMmpgIPb9zX+3O0NxkkVzfK/6o4WxmcaxtAoeygJ3P3d1WcmH + g5IhjuDQcAYRpFSr5qTjZQau9DY9wVzay1xQFXOReszoez08HP6vHH0CAAD//xrECW+0OKKHi0eL + I1zFEXqpAW/jwZtEQKenQ7JgNWiBOJRtALQwvyQRuu4d3RScjTmcxRjOVp4R9oIS1xJKA1zNWlCp + gFXCAO5lNAljXDqM4e3G1LyyzKL8PEjbECKUUgrddAHhEhV6+bkQE6phTGjtQEZpjbRfRB9mro5S + bmJFEGSUCcVu8ArDohLHEog7yoCdG3KXRWIsbIYYBjcUaFdGYnFYPniBJmztMWhpNWjZI8hKuENQ + XWuE4lyoBnDw1NbWAgAAAP//AwCO49xa4zMAAA== + headers: + Atl-Request-Id: + - 57c4eab3-8435-4db0-aa35-378e5e3e7129 + Atl-Traceid: + - 57c4eab384354db0aa35378e5e3e7129 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:44 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=266,atl-edge-internal;dur=17,atl-edge-upstream;dur=254,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 30e772099d6fb3d4cb4805201ef115fb + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: !!binary | + H4sIAAAAAAAAA+xW32/TMBD+V6o8V0vbVWOqhBBiIE2gCWndXtCETHJZb3PsYDttyrT/nXPixO5a + RjpgvCxP9vl+fOf77uK7CKqCiTSaRYWSN5AYHQ39cvblziug1iWYdQFWRQPPSLYwptCzOE4hI4NU + 3sgDZjjTGpk4EGBiBdrErMB4Ejuv8XhEH7lA67Td3MKadmfz9+dz2gmWA20vBBpDDmxAtmSGqQvF + CdVdND2upsd7xi8FLkFpxr82vuIlwiq2CXXQ3MF4NB29opiTaTWZ/tsobzT+gNc6Z5xTwPFRNT56 + joBVG/FwUh1OniNiDimWeXQ/DHlk+fUEJnUeai5NQi7ZTQo6UVgYlIKkbwd1rsNBitqgSMygQEhg + ILPBSqrbA2udSEHM2hPFI9fgAXYXcTg+3riIjuRzpm9pVwqjmNCcGUjPNk50+c3Y1SxjXMMwWiAo + ppLF+hMsgUCPhr5HMwSe2nZxC2oVXeY5U2u7VPC9RAWkaFRJnnSygJzZE4uVzLVRKK5tzLU2kFuJ + s77v8J47SduzrQYBY/oEMlZyc8l4CR1gWRBgWw1bcKq3ia5CGvRC5rUDcF7o4Z1a2WDeaDYIQ9te + GK9o3HAuV5DWSi88fYSNjeEp5VXb7qDnva12wRQIs1lq52F3rTmKOlxba+fAF/pzI2iL7M57Vrhj + YSLzQgqyrHvl99iYUsxyHQkVmXj7EGvg1ON954Ut5kCvL26WpjYS2HgKcrmEaAdbbWYb7OqT2nbz + hy58IieBtM0k1OybSlsC98/oNQZa3ZAYThQwo1Ny1Oj2ewDbvtQnjYA/e/Q4azvNPjbDVmZmRUy3 + F4B5wZHmvC/pyxvpbwb8f2+kemJmWF2Sh4aUffr34Wiy8Zt+7Hol9On75QNWA6fsZ1Oouk/jDN2I + enw4FQqlQvPgVfKrzDrtjbZ3srDvO7W28TvBVgLNgNnGvwPwExu/iR2PbUn6/7gxZ9egY2uhWydI + ggVeL8j7TwAAAP//vJfBboMwDIZfpeqht8K6tpdJqNph0iax087VBNQCNgqMkHU99N0XxwmE0mms + QTvWjZMvtnF+O+wTW7S68SMZ8QTZV0Qw7GClRhkHtk+qMW+tMZfjYNL31gV91rJHoi6tUVfjoIqK + 7HL6xUFDrqwh16NB9krUlzaNup6etihNzC/RDv0/SwH1Imd1sZfT1at4xherYR0syLEJkfNUCj+n + PH6lzIkrgDwpStGHnLe0Cu7iZA5lGs2V/iUXktfitLbZPYhFE58WKTXZQ7vQ9n7s29iVsyAE0g4D + bnT22vTVo9qtRfbJoHnV/6Lf8rpAdZxBDQPT2FTCwrlxaSOX8Viktt58cKiO3uDLX1LUgjmo6yBK + 9oOHlvN4GP5GTAxrG5d7cynFpuM97B50g6goj+14jUV0ZT4Nf4PfsBp5Fb9hN5GTd5vezgY2KVZz + tCsK/h2qTcQrnPSUyH/aeTOWFIcXHuKASkOhh4+7aWZkUa4SVOhpL+dZNruqXJowI3Ccg2xjvweZ + M6g65aC9jWLQpqYUWoNdFPFwl3YLwgxcBjimb5Qc9eQY8tdoUOdAwbo9fQMAAP//AwBWYTYNTBYA + AA== + headers: + Atl-Request-Id: + - 84de3dfd-f2a0-456e-b62b-b838547ab5a1 + Atl-Traceid: + - 84de3dfdf2a0456eb62bb838547ab5a1 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:45 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=239,atl-edge-internal;dur=14,atl-edge-upstream;dur=225,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 305e27bba95c34e5249ed4a944255b0a + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of + Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/359] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || + CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] + | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236] | Inactive, + Verified, Risk Accepted |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] + | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/234] | Inactive, + Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* Jan. 29, 2025 + \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - (Pg, + < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < + 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= + 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 + < 7.1.2)|http://localhost:8080/finding/236]\n*Defect Dojo link:* http://localhost:8080/finding/236 + (236)\n*Severity:* High\n *Due Date:* Jan. 29, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, + < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < + 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= + 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 + < 7.1.2)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Jan. 29, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n"}, "update": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '7161' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15998 + response: + body: + string: '' + headers: + Atl-Request-Id: + - 6dec3db8-17f2-43bf-9896-8ad397bd7f53 + Atl-Traceid: + - 6dec3db817f243bf98968ad397bd7f53 + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:45 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=464,atl-edge-internal;dur=14,atl-edge-upstream;dur=451,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 840d2e4cf8388149bfc2996debaeb132 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15998 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXWW/bRhD+Kws+FanES5IjESgK11ESt67rykry4BjGihxRG5O77O5SR+P8986Q + IhVbVlC7aGzA3Gvubw5/dmBdcJk4kaNBJqAheS0gS0xH8hxMx8QLyHlHFaC5FUqaDiTC5mB5J15w + mUKm0s4StME7SCZQaDAg7fZtXBqr8jkxvAl8P/BdDX+VYOx0U8CF5rEVMTgdR5D8YDAaDXFjIJvj + dmFtYSLPS2AOsU3UJ+Vym3FjBJeuBOuhJOvxQnihJ4wpwWsY3MIG6c+n48tpNxgMj/CoUsE40WfH + oG6libmFVOlNbUOCO6QI/bDfDcJuz58GwyjoR72B6w+DH1Fvn5QkIRYVr9g8U0mi95CfH7ZmbzcJ + mFiLghyHp8fM5DzLOiwRxgoZW1YIiIGpOVspfesSdazkO509UYtSCgoXz274kluuvaWAlVeptVNw + exX4vWD4sxF/w085hr3MUSrBAkVOubmlWJUzS6tozjMDHacmPEW7KtqOsxAIHB0vNmewBNTV/9Jx + rEBkFYgSJ5Il2ug8gEnPby4KrT6hRc90+Ja6cncVwMbdtPkKJDur3klhLTIwTiubkPpb9daouV1x + TXg1Ii8ygQonDyzHeFQo6w/X/eET1f1GZBpL2rj0/ZeoRthfh/3/V0od/QqLKDA4WgdH30PgupHY + C9e98HtI3AL8y5d9OAaHcBo2F3Oxfl/XQIz+1fX+y17zkqephhTrzV4SoAEqK+v0f1zc4NDF0aGL + lwcuwoMXw0MXo30967JZn1JRqjqEE3WDba2kkGgR1yZ93jujREFvm4Uqs+SVMEXGN9t0wmOMrX2P + caMU24rgFptRXcSfXgzqFrFrCl7NTlOqV8sTVVIwKuU/0IGQqRNZXZI2sQY0lurHfpPouy93TeKh + 29pS9vDiEKjCFlSFFkoLu3mmwQ25V3Waf98rRM5TMB5RmIaJwIOFSBeuWaa7avkWT5qyGjr7iRO2 + qM/4DKgwPpIaVE8edURwCKPBkDyy4GZciPhMyNvXdPMKCppfZNxgqELWqrprT6SSYxxf+CyDCXBT + 41JvV87F2bs3p+c3Z6cn4/PL8c14MvljgvZhnhp0CT6YLoBdYAeQlpFcJgxTMtswrCYiI6bMKvar + 0JxdaMixnLDSIMLcx6pKgAnl+HfC94tkFjl1V8Tooft3WXWvWmAgUiF59vDRdvraurfCeYbabfcU + 2VRC+7osKG0fRXJ/4A6CXoPkelB6Jvhq4rbz3p9tnobHHd5+4fEtjpsN5BrmtayT7UT3nxRuxsI6 + Z1BI2AwKElaU3SpT+rzWZpaV0E011qzdUKTYK1UHW+UFDsTSPg76QVsWvhXYh0Rtybjvzo/y699j + lmpVFjQovhYywSJmGOYKmwFIVpRmAUmF0tPJMX1nwIRckmSCWcLwXwGG3QySiJgtQpe9IXYf5Yvq + +yJiVy1bISNWpNHADVz/jpyNvs5UzLOFMjYa+kPfm9dvbyqdvN5gdI1U7OoS4pJqE3urVl2rDhBj + s05KbNbhNfPYVWAs+7Pk2oJmY5liRubo3wOk0D7wgor6/OJ3dlxi7rPLmMsDVDT6eSP/uvbk3R27 + xKG10hPXJ+/H1edD/WkCTJtt76flVFgsA0RaAQpXyIhRpWR37Ap5dENM/W5w5A/DSgsCqFwmrsQ5 + 303V0luWmUTIWiwp3v3318Ri1G/J4hW4ubAaXKVTD9OaE9QFzrBUDrxR313YPCOqIsU/VZyIRYg/ + E8iVBTQjATZeYziIhnXZDxfpPwAAAP//7FhRb9tGDP4rBAIEsuacZ1m2MQd+KJI+dFiLodn2Mg+w + Il9irbKk6KQ0Rdf/vo+n0+kU2+ma7jFJ4MjkUUd95JEfNaTTtDqnQIzHIiA6va3OlzQRP8JYKyZi + JkJqFWGnCMVUzFv5tJNPBe7VymednC+nnZy9M/KxmHXyoJMH7vpJJ5+ISScPO3nYPcC825cvHbnd + ly+DwZHcMJk8CiYzRvRNxsPrvRxy8PUkMKT3ifpAr+JYFnySDgV+/o2BN+v/r8C/BP3ZQQ//c9BR + KtuysfB1ArCM/Mta0iVqLIQ/o/9Q8NOQ0IKn1K/f7e92LGwB198n4uXkfmcQZ6js/qVmA2jUf+fE + PAnx+KodefgYHIrsk3ElH90C8j/x7+wZ5xcbohDoG3xf4+inln+V12UskV6p9LmFn6HT7hIlGdfi + 1ll42RENH4TAbovcU6aFiyQfRZv7RIHFYEqYBgE4yA1DjOPQUlNmI+vidk2gffAvo4jKJo1jTmNp + 05ifQZbRdZJy1622UUV5jI0UfdyCv1Qg4MaQUbuOlKS8pDvMlZ8I03TMh1Lh7nEZ3bADIGz1LiPm + Z0IfNFD4UhI4PFUf89YkJhXLLMKsw6QGWyXxlkAVwO/T5IMEw7/BLhHcLoo0ifXLTUOeWodTCXxw + ZHlEcFc1jwaf6kxFN6gcPBGcqZqXwD91l5rtDDKKdhGMkxzcwXFeiVUW7N8dRhmQVuwM3MMAW4Iz + 4r4WHeZz1ofIIFXKqi4z5DauVJ1WjK7jA9YddEIwgCcnGG5yxBN/F3nGdW+VrdfrVcYDY0Wf6QJP + Bl70hZbEb3uTUnqnJw/BHKnV/B+0a+Nm5ZLAro2Zx0p9JczDsaQ1YLiWtL56/cvri99oTK+u6PSu + zqvzFX6am4/8RoJDeEjtj1Y4lz/wo6o8lQLzhIfsjzHjCZndD/5ib0CyYZKNRo31WjvQOKUB9ODH + kDxZlkNGcEBLPjn0GXc2z4R7bdjxLwMDDv1hE4XegtYiX4iPmitvXyEtemUcXPJIIYfmWCm3RnvF + 3Gr2yrmjeVTQHc2jku5oHhV1R/OorFvNXmF3NP3SDpx+1a9rNi1IC7PSgGRQwf0cuBgjgwlv5MLF + GBlQjKqFizGyoDiatuW1qPRUDJJFpadhkCwqPQ2DZFHpaRgki4qjaUCyqPQ0DUhOMgGvLTKJU/Ks + YYCL/ULP08yCP9Cd8I1pjIJRUV/j+Jse8DbRs6FpAb4ddgLxIB4W9Lt+n8AFyBT7NiSomCk0pXCN + JseMmmgdtAmP2TRhPGgzPWbTBPigzeyYTRMRa0MeveMOpLuT7XA6CYZNxIe67DYh5lYTpSqnoklg + Qcwj7KbzY5vqkD69qUkIdKm9DUzs3uwKMFaO27ucEv2FkAL3yUZuujaPhe9BikqJaq6+pc8b0yLn + oZxpihdtdkk2IG/wzw40pMoXlnoc5LMvXNY5wG7B+zqXDZ/JZUPmsuFTXPZfAAAA//+iU1uW3L4w + crqldVvWcNi3ZQEAAAD//+yaXWuDMBSG/8oY9DLOj1TroHQtbHR/oXfHJK6j9QM/2N9fjkmDZM02 + eiVU8EJMjjkezfGF95m17KxlZy07a9lxvWYtO2vZ+9KygQn9Q8v+dPiXxuS2DV6X9R9Q14ABPNAV + 7Bpgp4FBQErCmuq7WBBqOA07wvjslyq4Jrp8d9/FhvhmTeg6YEe03bT5PPavbXuz7YsC0LB9vOoo + YqmRuqiaGy1dVCcbYAy5jne+TgKpZP1FtBXxKs5iCsTPw4TQHJYkTROf8DjnIskzKiK0f02kXFbF + Pv8zUuD3suVc5tJiztBUZ/4ySplVSNL9TowNb0l4H42ahjEXainKIx5mgkOcrEBEkPIcaLpiGcQp + o0Gw4evhLvJZF+GbPFQcKaDUpigh6lLr9S35kiUjoYduq6e6JdaU1AAtllTGD2pe7kt5ut8R6tUl + mvA2fTb9jG18bfoZ2/jb1DOWnYorkktTEvvh43/YnaE8ibI9ftbD1kIXTcFVqtkdqhJnv/ZNVYun + g+xPDNEivQeRwZSjZqfjMpo8vc5XUFfvpS7sihrsqtH/gLvrOt8AAAD//xoK6Wu01KGHi0dLHVyl + DnqpgavxZwJv48GbQEA/pUPyZjVobTmUbQB0SX5JInRlPLopuFp5BriKMQMj7OUhrkWWBjg9gLMV + iKv1CipHsEoY45SAtxtT88oyi/LzIA1HiFBKKXRbBoRLTOiVATsV5C5YxFgeDDEMbijQpozE4rB8 + 8NJJ2BplYD6AOLkaxoRWR2Q7ALyFRR9mro5SbmJFEGRYC8Wz4EWPRSWOJRCPgxZfgxZGgrwOF0fV + bISiG6oB7Nra2loAAAAA//8DAO+eS8MFNAAA + headers: + Atl-Request-Id: + - 8272cc14-c522-4abb-8f48-7108c7f8579e + Atl-Traceid: + - 8272cc14c5224abb8f487108c7f8579e + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:46 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=270,atl-edge-internal;dur=16,atl-edge-upstream;dur=254,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 494e39b2e1dd88f221ef7edde39a9b62 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"transition": {"id": 41}, "fields": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '40' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1586/transitions + response: + body: + string: '' + headers: + Atl-Request-Id: + - 530481fc-667c-47b6-a5fd-5a62650cc955 + Atl-Traceid: + - 530481fc667c47b6a5fd5a62650cc955 + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - text/html;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:46 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=453,atl-edge-internal;dur=13,atl-edge-upstream;dur=441,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 16632a6015865094d4ed20a01bfbf0a0 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA5yQUUvDMBSF/0teXbskbdcubzLBKTqFdi+KSJrcYjRNSpMOxth/N8Ghe1TfLvd8 + 557DPaCWO9iOGjH05v3g2HwuoQPhpX23KfeaO6e4SQ14NENSuUHz/T/4GsadEiDBfaxBDyswHsa/ + HllZ0+kJjIDfOXcwOmVNgAnGJMUpTurN5WO9fmh+1M3Ut2FC7DlCMzzDLyETBm33fWjZ7IeYttJ2 + ksHUTkrLLwtiwUDL8rS84j6CFNM8ITQhy4ZQlhFGshRjfIEDHPwu/AHGRvXnbIYbUjGSs7xMKS2/ + WdHfmM4GEOcFzjO64FnbVkW1JMWSyIJmQtAK5IJw6DjPF+1ZgNcx4VaNPL4w6JP2d1bwuD4gfZoQ + mNdtjY7nxZ6sicr1fYOOnwAAAP//AwDS3jB9IAIAAA== + headers: + Atl-Request-Id: + - 6f18b881-f23d-402d-b09e-e316f2b32c97 + Atl-Traceid: + - 6f18b881f23d402db09ee316f2b32c97 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:47 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=158,atl-edge-internal;dur=19,atl-edge-upstream;dur=141,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 6505b5ac6aa402714432ba8139056e39 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15999 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXWXPbNhD+Kxg+phIvSbbMmU7HtZXEreu6spI8OB4PTK5IxCTAAqCOxvnv3SVF + KT6Y1u40owfi2gO7335YfXZgVXKZOJGjQSagIXktIE9MT/ICTM/EGRS8p0rQ3AolTQ8SYQuwvBdn + XKaQq7S3AG1wD5IplBoMSLs5G1fGqmJOCq8D3w98V8OfFRg7W5dwrnlsRQxOzxFkPxgdHBzgxEA+ + x2lmbWkiz0tgDrFN1CflcptzYwSXrgTroSXr8VJ4oSeMqcBrFdzCGuXPZpOLWT8YjfdxqXbBONFn + x6BvlYm5hVTpdXOHBGcoEfrhsB+E/YE/C8ZRMIwG++5oMPoB/fbJSTJi0fFazQudJHkP9fnh9tqb + SQIm1qKkwOHqITMFz/MeS4SxQsaWlQJiYGrOlkrfuiQdK/lO58/0opKC0sXza77glmtvIWDp1W7t + HNxsBf4gGP9kxF/wY4Fprwq0SrBAkzNubilX1Y2lUTTnuYGe0wie4L1q2Z6TCQSOjrP1KSwAffW/ + 9BwrEFklosSJZIV3dB7AZOB3bQTtRqnVJ7zqCzOxka7zUGe2zQNNvkLP7rrvpLAWFRhna5sg/Gt9 + 1qi5XXJNQDaiKHOBDicPQoKJquE3HK+G42e6+42UtTfZJmzoE9zD4Soc/r9WGljUIEWDwd4q2Pse + BletxUG4GoTfw+IG+V++PIZj2IXTQbsxF6v3DTli9i+vEA1pqiFFvvnHIhi1G3gBlVcNLzx9dK9r + Y79jI+zcGHdtHDx2p6HNZpVIqX4hnKgf4JRbfDgawn1+fTZ0viNwr1Gnqfrq4ZGqKHABkfIHWhAy + dSKrK8AsoVL7HhNLNdg4V+sj/VrETRw/P1ojX1HYZKrKk2NhypyvNzVMmdeAlyWaeOqRCMNB+0g8 + DFsXlYVbKnu4sQVVqYXSwq5fGMRW3Ktfmn//VoiCp2A8kjCtEoELmUgz1yzSHSm+xZWWPUPncX2E + 2zLI+Q0Q/1EFPOwJusAbdGE0GFNEMm4mpYhPhbx9TTvHUFL/IuM2a3Uul/XedkUqOcH2hd/kMAVu + GiTozcg5P3335uTs+vTkaHJ2MbmeTKe/T/F+WKcGQ4IHZhmwcyR6aRnZZcIwJfM1Q9IQOSllVrFf + hObsXEOBrMEqg6h1nyKPAAvK8e+E75fJp8hpXkXMHoZ/V1X32AITkQrJ84eHNt3XJrw1rnP0riUc + zGwqYXu6KqlsO5E83m+R3DRKLwRfI7x9YO/3Ns/D4w5vP/P4FtvNFnKt8sbW0aaj+08Ot21hUzNo + JGz7AQlLqm6VK33WeHOTV9BPNbLErilS7Fg1yVZFiQ2xtE+DftRFC6MtLXwr4/fD+VF+/TtkqVZV + SY3iayETJEbDsFbYDYBkZWUySGqUnkwP6XsDTMgFGSCYJQz/CjB8tCCJSFkWuuwNqfsoX9XfVxG7 + 3KoVMmJzjGEW+e7A9e8o3hjuXMU8z5Sx0dgf+968OX5du+UN9vwrFGSXFxBXRE/srVr2reoQxmc5 + qfBZDq+Yxy4DY9kfFdcWNJvIFIuywBB3iML2gBfU0mfnv7HDCsufXcRcdkhRk+cd+FdNMO/u2AX2 + rbWfOD56P6k/H5pPm2OabF55Gs6ERSYg0RpTOEJFjMiS3bFL1NEPkdz6wV4QHNReEEblInEltvpu + qhbeosolotYiq3j3z1+RiqHfxJrk4iW4hbAaXKVTD0ubE9wFtqtECR4edTNb5CRXpwq/dbJIzxTS + KucYyhX9a6vdPwYp/gYAAP//7FnbTttAEP2VFVJREsXGsZ0rQjQoRVCJqipqH+gLG++auHXiyHHC + Q/n4nllvlsRkaUvVKg8IlItnZy8zs2fOTHhKwXMt8xWKM+aw2jkpNtlhWhxDue36dYvxtKuP/KBN + Cw6RWFeySbZRlJg9kE0ba4sOGsoo9Iw1RkvJRohAPHyP28n8fpMBoNpsO7rXf5OWa8JbfQ/cf3we + bHykcARX/FvGCGGx11/qsRpe6rtO/eyZWQNBhudf8ea8yN9YEqGjpvi7iNs2fOM6W+Yw43mSSoCB + LE19eFccq/DaGDh6BKkGwMQsmwG99N13k+yIi1WyANCBYbT9DvArJiMjWNZpjZx3qya/Zci9jLaK + mlJn21z7XG+EfC6Mzxfa5/cTwj6O+WZ3DKQ7ghxpO8p5TCtRkgYmzZeFC8t/eZz/CuCTSg1y26I1 + qx9shBFGfFREVazFkMIyJ0a8MQFGTqCNhwhJdSUHVWM2Nx4sQG4sgnwlHUpfSfR0YCmN+YoS7oaX + CMMG9ELBha/DKMJ8AySIcZpE2oNXicoK2oGfFXEgm2vPlKdiWc5SCHLXeP5yOudRQTofMpaoLwxA + vkqEFFux9AkXCmwKS/9JhGjVeUZ5gAK8xsU0mdVZrf4wRQAX2QBB+5SLtw0drVIxWzZuhZvZuMjB + P1ShQYVCdagp1yqC0BROFYFn0/BsjNgzjHhtHttAWxXnmc1sMcsqv+BFwaMJpc6SvSyW0yknanVg + y/1kbSqRsvyF/Ivu4CmPIirsLsVJtwUg9N4EQ9npdcadkDte7HedMOZtp9/veo7oxEJ243EoA+Jq + RhPLlrqD39SUFDJDIeg+0Z55nqXi7caWQeVogWe7OMof0gUbVMNIZ91JCOJA+GMpeKfb4zLgfRHz + sN+LxrzTj8JW61ScqFlw1jf+Of5LPWfKZ5q+OE75aOEuF849TOb4LvEit7ysZFNnzvmCTAp9lQtQ + 7uDjxZkTuvMZMeZqR2j/d1xtKe3/jqstqX3fMVBMlI0OXdJcqOBnZymffZezxSSZq6tFLK7srpRA + eAPWi9Hvlnk2l0c3QKKI+gD6DlJfFFJz02kZ3SbeXQyFNvgNbT2S0NZ4Cw3E5zo/vMLRHgbeKxz9 + jx2/wpENjqqoYWieYUXY+l15BX/Q7z36s4cFs4Lrn7Gqs1j5nBXGrETP3w2Uto6oZ2O2hAo7BZ45 + ckUQ9A5+AgAA///CIQFvOqbmlWUW5edBmocQoZRS6BwqhEtU6OXnQkyohjGhtQMZpTXS9K8+zFwd + pdzEiqDU4tIckMFIdoMHDItKHEsg7ijLL6HePAXEMLihQLsyEovD8sHjrbCpBNBMCWgUE2Ql3CGo + rjVCcS5UAzh4amtrAQAAAP//AwDNg8Y6sh8AAA== + headers: + Atl-Request-Id: + - 904e4ef1-3592-4a5a-8181-33462edf9e17 + Atl-Traceid: + - 904e4ef135924a5a818133462edf9e17 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:47 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=274,atl-edge-internal;dur=23,atl-edge-upstream;dur=251,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - cae621907ca553677f1a76ab38220c39 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: !!binary | + H4sIAAAAAAAAA+xW32/TMBD+V6o8V0vbVWOqhBBiIE2gCWndXtCETHJZb3PsYDttyrT/nXPixO5a + RjpgvCxP9vl+fOf77uK7CKqCiTSaRYWSN5AYHQ39cvblziug1iWYdQFWRQPPSLYwptCzOE4hI4NU + 3sgDZjjTGpk4EGBiBdrErMB4Ejuv8XhEH7lA67Td3MKadmfz9+dz2gmWA20vBBpDDmxAtmSGqQvF + CdVdND2upsd7xi8FLkFpxr82vuIlwiq2CXXQ3MF4NB29opiTaTWZ/tsobzT+gNc6Z5xTwPFRNT56 + joBVG/FwUh1OniNiDimWeXQ/DHlk+fUEJnUeai5NQi7ZTQo6UVgYlIKkbwd1rsNBitqgSMygQEhg + ILPBSqrbA2udSEHM2hPFI9fgAXYXcTg+3riIjuRzpm9pVwqjmNCcGUjPNk50+c3Y1SxjXMMwWiAo + ppLF+hMsgUCPhr5HMwSe2nZxC2oVXeY5U2u7VPC9RAWkaFRJnnSygJzZE4uVzLVRKK5tzLU2kFuJ + s77v8J47SduzrQYBY/oEMlZyc8l4CR1gWRBgWw1bcKq3ia5CGvRC5rUDcF7o4Z1a2WDeaDYIQ9te + GK9o3HAuV5DWSi88fYSNjeEp5VXb7qDnva12wRQIs1lq52F3rTmKOlxba+fAF/pzI2iL7M57Vrhj + YSLzQgqyrHvl99iYUsxyHQkVmXj7EGvg1ON954Ut5kCvL26WpjYS2HgKcrmEaAdbbWYb7OqT2nbz + hy58IieBtM0k1OybSlsC98/oNQZa3ZAYThQwo1Ny1Oj2ewDbvtQnjYA/e/Q4azvNPjbDVmZmRUy3 + F4B5wZHmvC/pyxvpbwb8f2+kemJmWF2Sh4aUffr34Wiy8Zt+7Hol9On75QNWA6fsZ1Oouk/jDN2I + enw4FQqlQvPgVfKrzDrtjbZ3srDvO7W28TvBVgLNgNnGvwPwExu/iR2PbUn6/7gxZ9egY2uhWydI + ggVeL8j7TwAAAP//vJfBboMwDIZfpeqht8K6tpdJqNph0iax087VBNQCNgqMkHU99N0XxwmE0mms + QTvWjZMvtnF+O+wTW7S68SMZ8QTZV0Qw7GClRhkHtk+qMW+tMZfjYNL31gV91rJHoi6tUVfjoIqK + 7HL6xUFDrqwh16NB9krUlzaNup6etihNzC/RDv0/SwH1Imd1sZfT1at4xherYR0syLEJkfNUCj+n + PH6lzIkrgDwpStGHnLe0Cu7iZA5lGs2V/iUXktfitLbZPYhFE58WKTXZQ7vQ9n7s29iVsyAE0g4D + bnT22vTVo9qtRfbJoHnV/6Lf8rpAdZxBDQPT2FTCwrlxaSOX8Viktt58cKiO3uDLX1LUgjmo6yBK + 9oOHlvN4GP5GTAxrG5d7cynFpuM97B50g6goj+14jUV0ZT4Nf4PfsBp5Fb9hN5GTd5vezgY2KVZz + tCsK/h2qTcQrnPSUyH/aeTOWFIcXHuKASkOhh4+7aWZkUa4SVOhpL+dZNruqXJowI3Ccg2xjvweZ + M6g65aC9jWLQpqYUWoNdFPFwl3YLwgxcBjimb5Qc9eQY8tdoUOdAwbo9fQMAAP//AwBWYTYNTBYA + AA== + headers: + Atl-Request-Id: + - 4bb43564-4423-41b8-9466-145193f67b9e + Atl-Traceid: + - 4bb43564442341b89466145193f67b9e + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:47 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=277,atl-edge-internal;dur=14,atl-edge-upstream;dur=264,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - a924d760ab797f32fa5a1afaeaaf2806 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group + of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: + [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/360] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || + CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] + | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/235] + | Inactive, Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* Jan. + 29, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial + of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* High\n *Due + Date:* Jan. 29, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service when + parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - + 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + [(admin) ()|mailto:]\n"}, "update": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '1975' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15999 + response: + body: + string: '' + headers: + Atl-Request-Id: + - f33d4c94-aa5f-46ae-aa8e-b1c59ca37fed + Atl-Traceid: + - f33d4c94aa5f46aeaa8eb1c59ca37fed + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:48 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=448,atl-edge-internal;dur=19,atl-edge-upstream;dur=420,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 354f60827b4f96e929f2c076f4199e91 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15999 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXWXPbNhD+Kxg+phIvSY7MmU7HtZXEreu6spI8OB4PTK5IxCTAAqCOxv7v3eUh + xYfS2p1m9EBce2D32w+rLw6sSi4TJ3I0yAQ0JG8E5InpSV6A6Zk4g4L3VAmaW6Gk6UEibAGW9+KM + yxRylfYWoA3uQTKFUoMBaduzcWWsKuak8Crw/cB3NfxZgbGzdQlnmsdWxOD0HEH2g9H+/j5ODORz + nGbWlibyvATmENtEfVYutzk3RnDpSrAeWrIeL4UXesKYCrxOwQ2sUf50Njmf9YPR+DUu1S4YJ/ri + GPStMjG3kCq9bu6Q4AwlQj8c9oOwP/BnwTgKhtHgtTsajH5Av31ykoxYdLxW80InSd5DfX64uXY7 + ScDEWpQUOFw9YKbged5jiTBWyNiyUkAMTM3ZUukbl6RjJd/r/JleVFJQunh+xRfccu0tBCy92q2t + g+1W4A+C8U9G/AU/Fpj2qkCrBAs0OePmhnJVXVsaRXOeG+g5jeAx3quW7TmZQODoOFufwALQV/+u + 51iByCoRJU4kK7yj8wAmA7/bKLX6jDd6YcBb6TrcdQK7cNPkK5Bsb/VeCmtRgXE2tgmpv9ZnjZrb + JdeEVyOKMhfocPLg5piPGmXD8Wo4fqa738hMd5NNXoY+oTocrsLh/2ulyX6NRTQY7K2Cve9hcNVZ + HISrQfg9LLYAv7t7DMdgF07DXRuDbmMuVh8ackRYXFwiTNJUQ4p8849FMOo28GYqrxpeePro3q6N + 1zs2wp0b410b+4/daWizWSVSql8IJ+oHOOUWH46GcJ9fuA2dbwnca9RpKst6eKgqClxApPyRFoRM + ncjqCu5aniZtWsRN1L48WiPP8KjJVJUnR8KUOV+3pYzL6Jb9gJih8m6joQEvS/zx1CMRhoPukXgY + tg2VPdzYBapwA6pSC6WFXb8wiJ24V780//6tEAVPwXgkYTolAhcykWauWaRbtnyHKx2ths7jwgk3 + ZZDzayBipAp42BPsAm+wC6PBmCKScTMpRXwi5M0b2jmCkvoXGXd5rLO7rPc2K1LJCbYv/DqHKXDT + YEO3I+fs5P3b49Ork+PDyen55Goynf4+xfthnRoMCR6YZcDO8AWQlpFdJgxTMl8zZBORk1JmFftF + aM7ONBRIJ6wyiFr3KVYJsKAc/1b4fpl8jpzmVcTsYfi3VXWPLTARqZA8f3io7b7a8NZIz9G7jnAw + s6mEzemqpLJ9EsnDsRvuhR2Sm0bpheBrhDcv7/3e5nl43OLtZx7fYLvZQa5T3tg6bDu6/+Rw1xY2 + NYNGwq5RkLCk6la50qeNN9d5Bf1UI29smyLFjlSTbFWU2BBL+zToR7toYbShhW9l/H44P8mvfwcs + 1aoqqVF8I2SCxGgY1gq7BpCsrEwGSY3S4+kBfa+BCbkgAwSzhOFfAYaPFiQRKctCl70ldZ/kq/r7 + KmIXG7VCRmyOMcwi3x24/i3FG8Odq5jnmTI2Gvtj35s3x69qt7zBnn+JguziHOKK6Im9U8u+VTuE + 8b1OKnyvw0vmsYvAWPZHxbUFzSYyxaIsMMQ7RGFzwAtq6dOz39hBheXPzmMud0hR9+ft+5dNMG9v + 2Tn2rbWfOD78MKk/H5tPl2OatK88DWfCIhOQaI0pHKEiRmTJbtkF6uiHSG79YC8I9msvCKNykbgS + W303VQtvUeUSUWuRVbz75y9JxdBvYk1y8RLcQlgNrtKph6XNCe4C+1iiBA+PupktcpKrU4XfOlmk + ZwpplXMM5Yr+tdXuH4EUfwMAAP//7FnbTttAEP2VVSVQEsXGcZyEBCEKoggqUVWg9oG+sPGuiYsT + W7YTHsrH98x6syQmS1uqVnlAoFx29jKemT1zZsITCp5rmS9QnDGHNc5oYZvtJuUBFvdcv2kxnnb1 + nt/t0YEXMyrwFrJN1lFsuc2u4uKeHYehzCjaHsnIraWJRy1lJRpjrdO5ZKcISQx+xHVl/rDNgFg9 + th7uy79JxzXxrr533X/8gFD8VAEL7vz3lBHkQtdfrmMNvDQ3PfWLz8xaiDqMf8Ob86oAwJGIJbXF + 34XguuFb1+k8hxnP4kQCHWRl6t278kDF28rE0yfUagFdzLEp4EyDgRune1ws4gLIB8rR8/sAtIiM + jGBZ5jly3q3a/JYhGTNSFUWmTr+59rlWhHwujM8L7fOHCYEhx36zOwYWHkKOPB7mPKKTKGsDpLJ5 + 6cLyX5/2vwQaJVKj3rpoSfNHK2GEGZ8VcxVLMaSwzKERr2yAmROsxiBCUt3RUd2Y7ZWBAmzHIsgX + 0qF8FofPJ1bSiC8oA694iUBtRC8UXPhKV7SAOtl8nMSh9uBlrNKEduAXxSTI5toz1VOxNGcJBLlr + PH8xzYAEtOZTymL1hQHZF7GQYi2WrnChQK9w9J9EiF6apZQYKMAbXEzjWZM1mo9TBHCZjhC0z8l5 + z/DTOjezpedOYBOYao3ydpmDqaiShIqM2tTAVFI1gWf2qAtsFNkzFHlpHttEW1nnGWXWqGadcPCy + 5OGEcmlFZ4r5dMqJa72zkQGyNtVMaf5KQkZ38IiHIVV6F+Jw0AEQejvdY9nf74/7AXe8yB84QcR7 + znA48BzRj4QcRONAdom8mZU4tlo7+s2VkkLmWAi6T6Qzz9NEvF9RGdyODnix36P8IV3QQzWN1ix7 + Dt2oK/yxFLw/2Oeyy4ci4sFwPxzz/jAMOp0jcah2wbPu+Gf4r9Y5Uz7TfMZxqqHCnRfOA0zm+C4R + Jbe6rGRTJ+O8IJNivcoFqH/w8fzECdxsRhS63jvafo3rzaft17jevNp2jQFWouqF6BrnXAU/O0n4 + 7F7OikmcqatFpK5qt1R4dwMajNkf5nmayb0bIFFIjQF9B6mDCqm56XSM7htvro4CG/wGtqZJYOvE + BQbic50f3uBoCwPvDY7+h8ZvcGSDozpqGJpnWBFUv6uu4A/6ZUh/9nBgWnL9u1Z9Fyufs8KYlej5 + m4HS1iL1bMyWUGGjwHtitj8BAAD//0KVMMalwxjedEzNK8ssys+DNA8hQiml0ElVCJeo0MvPhZhQ + DWNCawcySmuk+WB9mLk6SrmJFUGpxaU5IIOR7AaPIBaVOJZA3FGWX0K9iQuIYXBDgXZlJBaH5YMH + YGGzDaCpE9CwJshKuENQXWuE4lyoBnDw1NbWAgAAAP//AwA8odpCwx8AAA== + headers: + Atl-Request-Id: + - e0531eeb-9979-46ca-a2d6-bb4db28c1f59 + Atl-Traceid: + - e0531eeb997946caa2d6bb4db28c1f59 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:48 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=291,atl-edge-internal;dur=15,atl-edge-upstream;dur=277,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 29144bfb620aff50a0811e16df8a70ef + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"transition": {"id": 41}, "fields": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '40' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1587/transitions + response: + body: + string: '' + headers: + Atl-Request-Id: + - 89bd7774-427a-4461-b2fc-f7326466b937 + Atl-Traceid: + - 89bd7774427a4461b2fcf7326466b937 + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - text/html;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:49 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=513,atl-edge-internal;dur=14,atl-edge-upstream;dur=499,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 1fe414e6e121d9bdb366059b1c6d0675 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA5yQUUvDMBSF/0teXbskbbc2bzLBKTqFdi+KSJrcYjRNSpMOxth/N8HB9qi+Xe75 + zj2He0Atd7AdNWLow/vBsflcQgfCS/tpU+41d05xkxrwaIakcoPm+3/wNYw7JUCC+1qDHlZgPIx/ + PbKyptMTGAG/c+5gdMqaABOMSYpTnNSb6+d6/dSc1c3Ut2FC7DVCMzzDbyETBm33fWjZ7IeYttJ2 + ksHUTkrLHwtiwUCXy9PyhvsIUkzzhNCEVA2hLCOMZCnG+AoHOPhd+AOMjeov2Qw3pGQkZ3mVVssz + K/o709kA4rzAeUYXPGvbsigrUlREFjQTgpYgF4RDx3m+aC8CvI4J92rk8YVBn7R/sILH9QHp04TA + vG9rdLws9mJNVG4fG3T8BgAA//8DAF8wrQMgAgAA + headers: + Atl-Request-Id: + - db1a6ced-5634-4988-bdf9-3c4a6d3f56f2 + Atl-Traceid: + - db1a6ced56344988bdf93c4a6d3f56f2 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:50 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=139,atl-edge-internal;dur=15,atl-edge-upstream;dur=125,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 177f4088db778be657711f625dbd342d + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15998 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXbVPjNhD+Kxp/TEP8loTgmU6HgXBHSykNAT5wTEaxN7YOR/JJckh68N+7smMH + QkwLnd4wg21J+6LdZ5/dfLdgmVEeWYElgUcgITphkEaqzekcVFuFCcxpW2QgqWaCqzZETM9B03aY + UB5DKuL2AqTCPYhGkElQwPX6bJgrLeYzo3DiOo7rdCR8y0Hp8SqDC0lDzUKw2hYz9t3ewcEAPxSk + M/xMtM5UYNsRzCDUkfgqOlSnVClGeYeDttGStmnGbM9mSuVgVwruYYXy5+Ph5XjP7Q36uFS4oKzg + u6XQt1yFVEMs5Kq8Q4RfKOE5XnfP9fZ8Z+wOArcbdPudbnfwE/rtGCeNEY2OF2o+6KSRt1Gf49XX + Xn9EoELJMhM4XD0kak7TtE0ipjTjoSYZgxCImJEHIe87RjoU/Eqm7/Qi58yki6YTuqCaSnvB4MEu + 3No4uN5yHd8d/KLYX/DzHNOez9GqgQWaHFN1b3KVT7V5C2Y0VdC2SsFTvFch27YShsCRYbI6gwWg + r85T29IMkZUhSqyA53hHawsmvtO04VYbmRRf8aofzMRaushDkdkqD+bjGXo2173iTGtUoKzatoHw + b8VZJWb6gUoDZMXmWcrQ4WgrJJioAn7dwbI7eKe7b6SsukmdsK6zj2543aXX/X+tlLAoQIoG3f7S + 7f8Ig8vKou8tfe9HWFwj/+npNRy9Jpz61caMLa9LcsTs394hGuJYQox8849F0Ks28AIizUte+BDc + Nwp2I/4l89wgvZCEKjIF4CQUCGjQEBHBiU6YIgVLGP5Zl8YxEr+1Izj9povtN2x4jRuDpo2D1zF6 + i8v9mssNhxYNzQr2XPykGvtc2R/eH9+y+2z6jV2qk4YsitcjkZs8u6aH3JgFxmMr0DIHjBsq1deI + Q0MZ5WUKfUa/ZGGV9u014ysKq0TkaXTMVJbS1ZpyTC4kYBhMjl/Fwe929gduFYftgDYxr1cz7/ZG + XQOZZEIyvfpgECtxu2iM/761sTmNQdlGQlVKGC4kLE46ahFvgPoZVyroezsQ6/lVTUxaQWvilv/d + fr8/aT22zAnHe7ZjwpfSKRheN5W9Pes04d9tgrk7MKHDyhtmLDxj/P7E7BxDZuYyHlbpLZL+UOzV + K1zwIY5ldJrCCKgqISPXb9bF2dWn0/PJ2enR8PxyOBmORn+M0HnkH4WxwwPjBMgFNjCuibGLJY7V + nq4IkiFLjVKiBfmVSUouJMyRDUmuEN6dXaToYk1aziNznCyaBlbZ7THNmCdTmOXNX7AgZixmnKbb + h9ZT5Tq8RQGk6F1FpAiBmEN9Os9M5e+EfDHG7VeQLwfAD6K0FK4HuJfM+T7gbjHo1jRYGjpaj6n/ + ydtq1rX9tRG/GnKi0nAoUiHPS18wL8C3XCuyjH0A37nejfZeE3H0auJ4K9Uv4/iFP/87JLEUeWYm + 3xPGI6ROtWlPWa4S7E0GnqejQ/OcAmF8YQwYfEUEf9sQ7MIQBUZZ4nXIJ6PuC28Vz1ZAbmu1jAck + i4Nex+04jybQGOdUhDRNhNLBwBk49qw8Oyl8sv3ewR1KkdtLCHPDXuSzeNjTokEYh4woxyHDuyM2 + uXWVJn/mVGqQZMhjLMU5xrdBFOoDtltIn1/8Tg5zLHpyGVLeIGVGVvvAuSsj+fhILnEKL/zE96Pr + YfG4KR9VgsnfAAAA///sWN9v2zYQ/lcOCBDInk3V8q/FgR+KOA8d1qJIur3UBazIjC1UlhRRcjK0 + /d/3HUVRUmx3a7unoU5gS3c88vTd8e6jcGM4C1++C3PsfzbVyYQrTERcS+kzvcccfQ97vj+YvPjV + 015wcsb7tYhxcBGbZO/uiyhGuuaoJW57/Aee4mJkzYJHKXZhnkmRZBsX+9nnNA/BvbkOuBcjsc13 + EVulG3zpOPEUHj43cpfkEo+xlnT9hHCwDfXJebvp0XmUX5InBgPhEZ1v8ss5DcULGGvFUKBAUKUY + 1YqRGItpJR/X8rHAXJV8Usv5clzL2TsjH4hJLfdqudccP6zlQzGs5aNaPqofYFqvy5cNuV2XL73O + idwwmex6wwkj+irm0/he9jj4+gTTo5tQfaSXQSBT3knHAj/9xsCb8f9V4H8G/buDPvrXQUeprMrG + rKsTgGXUXRSSFqixEP6G3kPeRY/Qe8fUrt/V33YgbAHX90Pxc+f+YBAnqOzdhWYCtAAVICZIiMc/ + 2pGDr86xyH41rtRFt4D8PX7637F/sSAKgZ7gxxpHO7W6t0mRBRLpFckut/A+Ou0uVJJxTTeNgYua + aHRBCOyyyD1lWrgIE9df70MFsoJzxNjzwEHuGWJsh4qTMhtZpZsVzscx/IvJp6xM44DTWNo05meQ + mX8XRtx1862fUxJgIUWPW8knalkZMmp3vpKUZPSAs95fpFIZ8KZUmD3I/Ht2AFyt2MXE9EzojQbu + nkkCeaf8MalMAlKBjH2chpjUYKkw2BKoAoh9FH6UoPb3WMWH22kahYF+W2vIU+VwJIEPtiyfDZqj + ykeDT0Ws/HtUDj4K9FXBQ+CfeojMcgYZRTsfxmEC7tBwXoll7B3ODqMYSCt2Bu7h2JyBT2Jeiw7z + OeuDb5DKZF5kMXIbV6qIcka34QPGHXVCMIBnZzjVJIgn/q+SmOveMl6tVsuYj5Q5faIrPBl40Rea + E7++DjPpnJ89eVOkVvnbqcYG5cg5xfLRmDms1FfCPBxLKgOGa06r2+vfr6/e0YBe3tL5Q5Hkl0t8 + ysndbinBJjym7rpL7Mtf+FFVEkkRJRsH2R/gcCdkvO98YG9AsmESu25pvdIOlE5pAB340SNHZlmP + EezQnHcOfcLM5pkw15od/9Ix4NCfNlHoNWgt8oV4qzXl1auvWauMg0ueKOTQnCrl1uigmFvNQTlv + aJ4V9IbmWUlvaJ4V9YbmWVm3moPC3tC0SztweqtfEq0rkGZmpAHJoIL5GnAxRgYTXqgJF2NkQDGq + Ci7GyILS0FQtr0KlpWKQLCotDYNkUWlpGCSLSkvDIFlUGpoSJItKS1OC1Egm4LVFJnFK9ksGODss + 9HyamfEXuhPumMYoGKXFHba/6QGvQ302NC2gaw87nngSTzP6Q79I4AJkin0VElTMCJpMNI2Gp4zK + aB21GZ2yKcN41GZ8yqYM8FGbySmbMiLWhhx6wx1Idyfb4XQS9MqI93TZLUPMrcaPVEJpmcCCmEfY + RaenFtUh/fqiJiHQpQ4WMLF7tUvBWDlubxIK9Q0hBfbhWq7rNo+BNyBFmUQ1V9/S541pmvChnGmK + 4693Ydwhp/N5BxqSJzNLPY7y2f8Dl/0bAAD//0KI07Uta0JmW9YE1JY1GQRtWXL7wsjpltZtWUP0 + tiwAAAD//+ya32qDMBTGX2UUehkXNdVaKF0LG90r9O6YxHW0VfEPe/3lGBu6rNlGr8oIeCEmxxyP + 5vjB9/Na1mtZr2W9lvVa1mtZr2X/jZYNTegvWvY7AzAz8Irt7Lo8vpBdenxdA/wwAA4IKNhTDdVi + DTCDclgD1BVBXQY7NQb7uTyuiS6uhJpkvhjVtmsJXQd8j56c9kTb/nQCNGsnVx1FLDVyGVVzo52L + 6mQFnCNN8iqWaaiULJ3Ga5nMkzxhQGgRpYQVMCNZllIikkLItMiZjNFSNpFqWR27+GOkxO9lLYTK + pcWcoamO4ukiZV4hGvgz6Ta8DBm8NXoaxpxpq7iIRZRLAUk6BxlDJgpg2ZznkGScheFKLIe7qGed + Ri/q0HHkBOVoihKiL7VB35IPVTISBei2BrpbYk1JDdBiSVX8oObVvlSn2w1hQV0iJ2JTc/efsY3d + 3X/GNrZ37xmrFiY0XTUCEtvh43/YHKE8yLLdv9fD1kIXTSNdugvuEJxYTJ77pqrl4061IY7w0bgH + kR1Vo2an4zIjSnudr2Cu3stcYBZzwYnM9Pdm/DmM7egTAAD//xotjgZTwhstjujh4tHiCFdxhF5q + wNt48CYR0OnpkCxYDVoTD2UbAC3ML0mELvVHNwVnYw5nMYazlWeEvaDEtbrSAFezFlQqYJUwgHsZ + TcIYlw5jeLsxNa8ssyg/D9I2hAillEL3mUC4RIVefi7EhGoYE1o7kFFaI22R0YeZq6OUm1gRBBll + QrEbvP6wqMSxBOKOMmDnhtwVkxiLoyGGwQ0F2pWRWByWD167CVu/DFqenZMP6kIgOQTVtUYozoVq + AAdPbW0tAAAA//8DAJUrt8bWNAAA + headers: + Atl-Request-Id: + - b27d138d-f7ed-4536-adf8-1396efe38db2 + Atl-Traceid: + - b27d138df7ed4536adf81396efe38db2 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:50 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=286,atl-edge-internal;dur=11,atl-edge-upstream;dur=275,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - bfb0f0ea272e55a771394a4293d86614 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: !!binary | + H4sIAAAAAAAAA+xW32/TMBD+V6o8V0vbVWOqhBBiIE2gCWndXtCETHJZb3PsYDttyrT/nXPixO5a + RjpgvCxP9vl+fOf77uK7CKqCiTSaRYWSN5AYHQ39cvblziug1iWYdQFWRQPPSLYwptCzOE4hI4NU + 3sgDZjjTGpk4EGBiBdrErMB4Ejuv8XhEH7lA67Td3MKadmfz9+dz2gmWA20vBBpDDmxAtmSGqQvF + CdVdND2upsd7xi8FLkFpxr82vuIlwiq2CXXQ3MF4NB29opiTaTWZ/tsobzT+gNc6Z5xTwPFRNT56 + joBVG/FwUh1OniNiDimWeXQ/DHlk+fUEJnUeai5NQi7ZTQo6UVgYlIKkbwd1rsNBitqgSMygQEhg + ILPBSqrbA2udSEHM2hPFI9fgAXYXcTg+3riIjuRzpm9pVwqjmNCcGUjPNk50+c3Y1SxjXMMwWiAo + ppLF+hMsgUCPhr5HMwSe2nZxC2oVXeY5U2u7VPC9RAWkaFRJnnSygJzZE4uVzLVRKK5tzLU2kFuJ + s77v8J47SduzrQYBY/oEMlZyc8l4CR1gWRBgWw1bcKq3ia5CGvRC5rUDcF7o4Z1a2WDeaDYIQ9te + GK9o3HAuV5DWSi88fYSNjeEp5VXb7qDnva12wRQIs1lq52F3rTmKOlxba+fAF/pzI2iL7M57Vrhj + YSLzQgqyrHvl99iYUsxyHQkVmXj7EGvg1ON954Ut5kCvL26WpjYS2HgKcrmEaAdbbWYb7OqT2nbz + hy58IieBtM0k1OybSlsC98/oNQZa3ZAYThQwo1Ny1Oj2ewDbvtQnjYA/e/Q4azvNPjbDVmZmRUy3 + F4B5wZHmvC/pyxvpbwb8f2+kemJmWF2Sh4aUffr34Wiy8Zt+7Hol9On75QNWA6fsZ1Oouk/jDN2I + enw4FQqlQvPgVfKrzDrtjbZ3srDvO7W28TvBVgLNgNnGvwPwExu/iR2PbUn6/7gxZ9egY2uhWydI + ggVeL8j7TwAAAP//vJfBboMwDIZfpeqht8K6tpdJqNph0iax087VBNQCNgqMkHU99N0XxwmE0mms + QTvWjZMvtnF+O+wTW7S68SMZ8QTZV0Qw7GClRhkHtk+qMW+tMZfjYNL31gV91rJHoi6tUVfjoIqK + 7HL6xUFDrqwh16NB9krUlzaNup6etihNzC/RDv0/SwH1Imd1sZfT1at4xherYR0syLEJkfNUCj+n + PH6lzIkrgDwpStGHnLe0Cu7iZA5lGs2V/iUXktfitLbZPYhFE58WKTXZQ7vQ9n7s29iVsyAE0g4D + bnT22vTVo9qtRfbJoHnV/6Lf8rpAdZxBDQPT2FTCwrlxaSOX8Viktt58cKiO3uDLX1LUgjmo6yBK + 9oOHlvN4GP5GTAxrG5d7cynFpuM97B50g6goj+14jUV0ZT4Nf4PfsBp5Fb9hN5GTd5vezgY2KVZz + tCsK/h2qTcQrnPSUyH/aeTOWFIcXHuKASkOhh4+7aWZkUa4SVOhpL+dZNruqXJowI3Ccg2xjvweZ + M6g65aC9jWLQpqYUWoNdFPFwl3YLwgxcBjimb5Qc9eQY8tdoUOdAwbo9fQMAAP//AwBWYTYNTBYA + AA== + headers: + Atl-Request-Id: + - 143dae7a-752d-4675-b944-d0c11d98120d + Atl-Traceid: + - 143dae7a752d4675b944d0c11d98120d + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:50 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=327,atl-edge-internal;dur=12,atl-edge-upstream;dur=315,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 410a178f5c013a18def67fb7d4945df1 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of + Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/359] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || + CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] + | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236] | Inactive, + Verified, Risk Accepted |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] + | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/234] | Inactive, + Verified, Risk Accepted |\n\n*Severity:* High\n\n *Due Date:* Jan. 29, 2025 + \n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Remote Code Execution - (Pg, + < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < + 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= + 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 + < 7.1.2)|http://localhost:8080/finding/236]\n*Defect Dojo link:* http://localhost:8080/finding/236 + (236)\n*Severity:* High\n *Due Date:* Jan. 29, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, + < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < + 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= + 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 + < 7.1.2)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Jan. 29, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n"}, "update": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '7161' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15998 + response: + body: + string: '' + headers: + Atl-Request-Id: + - 53b61aa9-36e3-4e04-8824-e88e50b2631c + Atl-Traceid: + - 53b61aa936e34e048824e88e50b2631c + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:51 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=272,atl-edge-internal;dur=14,atl-edge-upstream;dur=260,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 5b3f7d6fe31945a5272ad8727cb08129 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15998 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXbVPjNhD+Kxp/pCF+yQvGM50OA7k7WkppCPCBYzKKvbF1OJIrySHpwX/vym+B + EDOFTm+YwbakfdHus89uvluwyiiPrMCSwCOQEH1ikEaqw+kCVEeFCSxoR2QgqWaCqw5ETC9A006Y + UB5DKuLOEqTCPYjGkElQwHV1NsyVFou5UTh1Hcd1uhL+ykHpyTqDC0lDzUKwOhYz9t3B4aGPHwrS + OX4mWmcqsO0I5hDqSHwTXapTqhSjvMtB22hJ2zRjtmczpXKwawX3sEb588nocrLvDvwhLhUuKCv4 + bin0LVch1RALuS7vEOEXSniO1993vf2eM3H9wO0H/WG33/d/Qr8d46QxotHxQs0HnTTyNupzvOba + 1UcEKpQsM4HD1SOiFjRNOyRiSjMeapIxCIGIOXkQ8r5rpEPBr2T6Ti9yzky6aDqlS6qptJcMHuzC + rY2D1Zbr9Fz/F8X+hp8XmPZ8gVYNLNDkhKp7k6t8ps1bMKepgo5VCp7ivQrZjpUwBI4Mk/UZLAF9 + dZ46lmaIrAxRYgU8xztaWzDpOfVGJsU3vNEHA15JF+EuEliH23w8A8nmVlecaY0KlNXYNkj9rTir + xFw/UGnwqtgiSxk6HG3dHPNRoKzvr/r+O919IzP1TZq89J0DdMPrr7z+/2ulzH6BRTToDlfu8EcY + XNUWe96q5/0IixXAn55ew9Ftw6nXttGrN+ZsdV2SI8Li9g5hEscSYuSbV0WAFxBpXpb/h+C+UbAb + 8S8J5gZZhCRUkRkAJ6FAQIOGiAhOdMIUKcjA0ExVGifI79aO4AzaYjBs2zho2fBaN/y2jcPXwXuL + y3sNlxsOLRqaFey7+Ek19rmyP7w/8GX32fQbu1QnDYsUr8ciN3l2TQ+5MQuMx1agZQ4YUFSqrxGg + hkvKyxT6jH7JwhoP22vGVxRWicjT6ISpLKXriotMkiRgGEzyX8Wh1+8e+G4dh+2ANsy7vdFWA15T + A5lkQjK9/mAQa3G7aIz/vrWxBY1B2UZC1UoYLiQsTrpqGW8Q/AVX6prwdkDZ69XFMt0L9qZu+d8d + DofTvcc9c8Lxnu2Y8KV0BobwTWVvzzpt+HfbYO76JnRYkqOMhWeM338yOyeQmbmMh3V6i6Q/FHvN + Chd8hGMZnaUwBqpKyMjqzbo4u/p8ej49Oz0enV+OpqPx+I8xOo/8ozB2eGCSALnAzsY1MXax9pEG + 0jVBlmSpUUq0IL8yScmFhAXSJMkVwru7iy1drEnLeWSOk0WzwCq7PaYZ82QKs7z5CxbEjMWM03T7 + UDVVVuEtCiBF72oiRQjEHJrTeWYqfyfkizHuoIZ8OQB+EKWlcDPAvaTU9wF3i1q3psHS0HE1pv4n + b+tZ1+5VRnr19BOVhkORCnle+oJ5Ab7lWpFlbBD4zvVutA8a4ngro9tCDam8jONX/vzviMRS5JmZ + fD8xHiF1qk3fynKVYNMy8DwdH5nnDAjjS2PZ4Csi+NuGYBeGKDDKEq9LPht1X/le8dwLyG2jlvGA + ZHEw6Lpd59EEGuOcipCmiVA68B3fsefl2Wnhk90bHN6hFLm9hDA37EW+iId9LVqEcfqIcpw+vDti + k1tXafJnTqUGSUY8xlJcYHxbRKE5YLuF9PnF7+Qox6InlyHlLVJmlrUPnbsyko+P5BKn8MJPfD++ + HhWPm/JRJ5j8AwAA///sWN9v2zYQ/lcOCBDInk3V8q/FgR+KOA8d1qJIur3UBazIjC1UlhRRcjK0 + /d/3HUVRUmx3a7unoU5gS3c88vTd8e6jcGM4C1++C3PsfzbVyYQrTERcS+kzvcccfQ97vj+YvPjV + 015wcsb7tYhxcBGbZO/uiyhGuuaoJW57/Aee4mJkzYJHKXZhnkmRZBsX+9nnNA9ByrkOuBcjsc13 + EVulG3zpOPEUHj43cpfkEo+xlnT9hHCwDfXJebvp0XmUX5InBgPhEZ1v8ss5DcULGGvFUKBAUKUY + 1YqRGItpJR/X8rHAXJV8Usv5clzL2TsjH4hJLfdqudccP6zlQzGs5aNaPqofYFqvy5cNuV2XL73O + idwwmex6wwkj+irm0/he9jj4+mjTo5tQfaSXQSBT3knHAj/9xsCb8f9V4H8G/buDPvrXQUeprMrG + rKsTgGXUXRSSFqixEP6G3kPeRY/Qe8fUrt/V33YgbAHX90Pxc+f+YBAnqOzdhWYCtAAVICZIiMc/ + 2pGDr86xyH41rtRFt4D8PX7637F/sSAKgZ7gxxpHO7W6t0mRBRLpFckut/A+Ou0uVJJxTTeNgYua + aHRBCOyyyD1lWrgIE9df70MFFoNzxNjzwEHuGWJsh4qTMhtZpZsVDs4x/IvJp6xM44DTWNo05meQ + mX8XRtx1862fUxJgIUWPW8lHbVkZMmp3vpKUZPSAs95fpFIZ8KZUmD3I/Ht2AFyt2MXE9EzojQbu + nkkCeaf8MalMAlKBjH2chpjUYKkw2BKoAoh9FH6UoPb3WMWH22kahYF+W2vIU+VwJIEPtiyfDZqj + ykeDT0Ws/HtUDj4K9FXBQ+CfeojMcgYZRTsfxmEC7tBwXoll7B3ODqMYSCt2Bu7h2JyBM2Jeiw7z + OeuDb5DKZF5kMXIbV6qIcka34QPGHXVCMIBnZzjVJIgn/q+SmOveMl6tVsuYj5Q5faIrPBl40Rea + E7++DjPpnJ89eVOkVvnbqcYG5cg5xfLRmDms1FfCPBxLKgOGa06r2+vfr6/e0YBe3tL5Q5Hkl0t8 + ysndbinBJjym7rpL7Mtf+FFVEkkRJRsH2R/gcCdkvO98YG9AsmESu25pvdIOlE5pAB340SNHZlmP + EezQnHcOfcLM5pkw15od/9Ix4NCfNlHoNWgt8oV4qzXl1auvWauMg0ueKOTQnCrl1uigmFvNQTlv + aJ4V9IbmWUlvaJ4V9YbmWVm3moPC3tC0SztweqtfEq0rkGZmpAHJoIL5GnAxRgYTXqgJF2NkQDGq + Ci7GyILS0FQtr0KlpWKQLCotDYNkUWlpGCSLSkvDIFlUGpoSJItKS1OC1Egm4LVFJnFK9ksGODss + 9HyamfEXuhPumMYoGKXFHba/6QGvQ302NC2gaw87nngSTzP6Q79I4AJkin0VElTMCJpMNI2Gp4zK + aB21GZ2yKcN41GZ8yqYM8FGbySmbMiLWhhx6wx1Idyfb4XQS9MqI93TZLUPMrcaPVEJpmcCCmEfY + RaenFtUh/fqiJiHQpQ4WMLF7tUvBWDlubxIK9Q0hBfbhWq7rNo+BNyBFmUQ1V9/S541pmvChnGmK + 4693Ydwhp/N5BxqSJzNLPY7y2f8Dl/0bAAD//0KI07Uta0JmW9YE1JY1GQRtWXL7wsjpltZtWUP0 + tiwAAAD//+yayWrDMBCGX6UEcpTrRfESCGkCLekr5DaW5KYkXvBCX78ayxGtGrWlJ1MEPhhLY43H + 1viH/3Na1mlZp2WdlnVa1mlZp2X/jZYNdOgPWvYrA7DS8Irp7NrggIDaBjQcgq5g3wI7j+QDkgvG + VN/GkVDNeJgRNoPd1wb7tTy2iTauxNdrfjKqTTsT+h7YCT055Yl2Q1kCmrWLm44ilhq5jLr9o52L + 6mQLjCFN8sw3SSCVrL+MdiJO4zymQPwiTAgtYEWyLPEJjwsukiKnIkJLWUfKZVXs+peRAr+XHecy + lw5zhra+8IcPKbMa0cDvEbjxZQjvpVXTMOaKYUVFxMNccIiTFEQEGS+AZinLIc4YDYIt34x3kc+6 + DJ/koeJICdVkihKiLnXe0JE3WTISeui2eqpbYk1JA9BhSWX8qOblvpSnhz2hXlMhJ2LidPPP2OTx + 5p+xyfPNPWPZqbiiqyZA4jB+/Hf7C1RnUXWn12bcWuiiKaRLNbsjghPrxePQ1o24P8o2xBA+mvYg + QqVyVO90XGZCaW/zFdTWe6kNzKI2OJHq/t5OP4epHb0DAAD//xotjgZTwhstjujh4tHiCFdxhF5q + wNt48CYR0OnpkCxYDVosD2UbAC3ML0mELvVHNwVXK88AVzFmYIS9PMTZ+MPVejXBtezSAFfrFVRc + YJUwxikBbzem5pVlFuXnQdqGEKGUUug+EwiXqNDLz4WYUA1jQmsHMkprpC0y+jBzdZRyEyuCIKNM + KHaD1x8WlTiWQNxRBuzckLtiEmNxNMQwuKFAuzISi8PywWs3YeuXQcuzc/JBPQUkh6C61gjFuVAN + 4OCpra0FAAAA//8DAOG+Je3WNAAA + headers: + Atl-Request-Id: + - afa796d5-550a-41f4-bea7-3ff7deb8eb60 + Atl-Traceid: + - afa796d5550a41f4bea73ff7deb8eb60 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:51 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=263,atl-edge-internal;dur=15,atl-edge-upstream;dur=251,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 9370ba7908b6e2fe64781d82ceba632b + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA5yQUUvDMBSF/0teXbskbbc2bzLBKTqFdi+KSJrcYjRNSpMOxth/N8Ghe1TfLvd8 + 557DPaCWO9iOGjH05v3g2HwuoQPhpX23KfeaO6e4SQ14NENSuUHz/T/4GsadEiDBfaxBDyswHsa/ + HllZ0+kJjIDfOXcwOmVNgAnGJMUpTurN5WO9fmh+1M3Ut2FC7DlCMzzDLyETBm33fWjZ7IeYttJ2 + ksHUTkrLLwtiwUCXy9PyivsIUkzzhNCEVA2hLCOMZCnG+AIHOPhd+AOMjerP2Qw3pGQkZwVJl1X1 + zYr+xnQ2gDgvcJ7RBc/atizKihQVkQXNhKAlyAXh0HGeL9qzAK9jwq0aeXxh0Cft76zgcX1A+jQh + MK/bGh3Piz1ZE5Xr+wYdPwEAAP//AwBv7vEDIAIAAA== + headers: + Atl-Request-Id: + - b90295c3-ea3e-4c26-8ac3-4dfdf70ff9d3 + Atl-Traceid: + - b90295c3ea3e4c268ac34dfdf70ff9d3 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:51 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=158,atl-edge-internal;dur=12,atl-edge-upstream;dur=146,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 86633b8006fb86ae66349ba4d25a438c + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15997 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXbVPjNhD+Kxp/pCF+SyDxTKfDQO6OllIaAnzgmIywN7YOW3IlOS89+O9d+S0Q + EqbQ6Q0z2Ja0L9p99tnNdwuWOeWRFVgSeAQSok8M0kh1OM1AdVSYQEY7IgdJNRNcdSBiOgNNO2FC + eQypiDtzkAr3IBpDLkEB1/XZsFBaZDOjcOo6jut0JfxVgNKTVQ4XkoaahWB1LGbsu/3h8BA/FKQz + /Ey0zlVg2xHMINSR+Ca6VKdUKUZ5l4O20ZK2ac5sz2ZKFWA3Ch5ghfLnk9HlZN/tD/q4VLqgrOC7 + pdC3QoVUQyzkqrpDhF8o4Tleb9/19n1n4g4Ctxf03O7hgfcT+u0YJ40RjY6Xaj7opJG3UZ/jtdeu + PyJQoWS5CRyuHhGV0TTtkIgpzXioSc4gBCJmZCHkQ9dIh4JfyfSdXhScmXTRdErnVFNpzxks7NKt + tYP1luv47uAXxf6GnzNMe5GhVQMLNDmh6sHkqrjX5i2Y0VRBx6oET/FepWzHShgCR4bJ6gzmgL46 + Tx1LM0RWjiixAl7gHa0NmPhOs5FL8Q1v9MGA19JluMsENuE2H89Asr7VFWdaowJltbYNUn8rzyox + 0wsqDV4Vy/KUocPRxs0xHyXKeoNlb/BOd9/ITHOTNi89xwDd6y293v9rpcp+iUU06B4s3YMfYXDZ + WPS9pe/9CIs1wJ+eXsPR3YVTr9mYseV1xYGY/du71yf95iSNYwkx8s2rIsALiLSoyv9DcF8r2I74 + lwRzgyxCEqrIPQAnoUBAg4aICE50whQpycDQTF0aJ8jv1pbg9HcF52DXxuGODW/nxmDXxvB18N7i + cn/YcLnh0LKhWcG+W1O7CaVkYZOBzTVT13h/lYgijU6YylO6qqsflxdUY6esOsz7U1f1r3XHsit1 + 0vBQ+XosCoOU0tUbs8B4bAVaFsY2KtXXCHHDRnWcJGAYTPJfxcH3ur1h29M2A9oy7+bGrhrw2hrI + JROS6dUHQ9CI22Vj/PetjWU0BmUbCdUoYbiQsDjpqnm8RvAXXGlqwtsCZc9vimW6F+xN3fL/0DvE + z8c9c8Dxnm2Y6KX0Hgzfb6l4Q5NbA+buQrk7MJHDihzlLDxj/OGT2TmB3IxlPGywViJwUe61K1zw + EU5l9D6FMVBV4VfWb9bF2dXn0/Pp2enx6PxyNB2Nx3+M0XmkH4WhwwOTBMgFNjauibGLpY8skK4I + kiRLjVKiBfmVSUouJGTIkqRQiM3uNrJ0sSQt55E5Th75gVU1e8wypsnU5RYSxITFjNN081A9VNbh + LSskRe/qb4OAmEN7ushN4W9F/Msprpr/PgjSSrid314y6vtwu8GsG8NgZei4nlL/k7fNqGv7tRG/ + GX6iynAoUiHPK18wL8A3XCuzjP0B37nejvZ+yxtvZXRTqOWUl3H8yp//HZFYiiI3g+8nxiPkPbVu + W3mhEuxZBp6n4yPzvAfC+NxYNviKCP60IdidIQqMssTrks9G3Ve+Vz73AnLbqmU8IBxjpRnVQgZO + t9/1H03AMd6pCGmaCKWDgTNw7FklMy19s/3+4A6lye0lhIUhMfJFLPa12CGMQ0hU4BDi3RGb3LpK + kz8LKjVIMuIxlmSGcd4hCu0B2y2lzy9+J0cFFj+5DCnfIWVGWnvo3FURfXwklziMl37i+/H1qHzc + VA+R/QMAAP//7FltT9swEP4r1iRQWzVpmqQpLUKMqUJjGmiCbV/QpLqxm0akSZWXsg/8+D3nvPQF + SrsiEJNWqpLEPvt89/g53yV3NN0UZxq6/O6n4AESVaDCFQZiRKnsgd1iDM3E3tdw6jfbSgsCaTgX + eoj8RfeieWueBSFgm4JTWqv9f9EQlmFUcu691Kd+Gks9ir0WNjYnvPs4nBMhtNBVn6TTgOQW/sKN + 8hgNZuJzLb0s4LDpb8pJ1ToGMvR5QFC6kfEcqSfTWO2qGqHJDoP0+ATDOLpR32DLwvMt07Jo/ouQ + kti5bJKxVEbQZNd+csfOXFfOCIFPGcrBwjtWb2dDFf2VoezdDWVvNdSrG8nc2UjYkiUs+w1lMHrG + GoNMsgH2Mh5+Accxs9dk4PgOW+WJ8m/S1iuiUPeW/mZ4wBIGipfZAMTMKFxB661yrIaf+lPrf3b1 + rIE9i+e3+KfttX0wJQCmhnjZBl51QeMmymIY89wPJAhW5gY/9NJjrvytLhd4XBIcLAJBA4RdqREh + QhTUqvtRi4u5nyDKSArFXcSIMRkdMCrPDOTS4WKGIcPphpH+Mi7PM3EBh0I7goOo4JAUcOBpyt27 + pMnuJ747YUgFPA80nYEi2YxjrtBjnCGNcyGIE5Mb8zHpMcyBrX3loZeBsIdsIrmA5JwHyKry1bKf + C4UuERECuRx+VtvL7LK/DEl0+abyBFG2o9krm9urI6DnBOJ4CJCr/d/f7hiKCn36IXzhlpaVYJRZ + Ngp8t3Dapa+CbeGzH+ogRhYunJErw8A7ARriYvGQu5jOQAskcxUxX90whMa5L6RYgdM19hROp5j6 + b0BRiM4iiqyE8RoXUz+ss1r9YQoMp1G/wu2TpPHqhGHuSRgmEYb5QsLYK4w8Iox9A9myf9+aMJz/ + hPEGhGH/W4ThVKJbCONx0aRTFffWc+FN1ZS2vZwupTEgo+o5VF9a77qpvmZsarCroti6RFWSKK2w + qeOmEoWxqRBnVHOqDTChBKXI05dT/fWEMMmmU07p7YdnczAyORW0onjPRJjKFadALBXRLsRJtw1C + NA6sM+kcOSPH5poxNruaPeYdrdfrGppwxkJ2xyNbWpSMV5KYNpft7ygpCTdnQtCuIZ15HAXi45LK + yKtpgmffHShvSd2L824kU9avrbElzJEU3OkecWnxnhhzu3fkjrjTc+12+1ScqFGw1gPzHN9cTpvy + sEgjNS1/lOhZot3DZJqpU36q5zuWbKrNOE/IpJBXMYEHCS4/f9JsfRZSgW39PcT713j9Rcb713j9 + RcjrafwHAAD//6KOi4FFWQpkkBw6tOQBTvwKTjmJedmpecUZmQXgrAXqF0JGsiGlYRRoyMlKybW0 + KL8gVT8KWE4lg0ZtoXkQNBsHlIXndJA10DlI7CNTJrjKYBNcI9om8BHtImhdMJxLHQAAAAD//xot + dejo4tFSh9Yupl+pg15q4GoEmsDbevCmENBP6ZC8WQ1aZQBlGwBdkl+SCF0jgW4KrtaeAa5izMAI + e3mIa17KAKcHcLYG4T5D14GrmWiMUwLefkzNK8ssys+DNCAhQiml0AU6EC4xoVeWX0K9uViIYXBD + gTZlJBaH5YNnm2DTv8B8AHFyNYwJrY7IdgB4MZM+zFwdpdzEiqDU4tIckMFIngVPFRWVOJZAPA6a + 187JB3UlkMRRNRuh6IZqALu2trYWAAAA//8DAE4+G1IPJgAA + headers: + Atl-Request-Id: + - b836cecf-34f7-450c-80e7-ce1253b69e07 + Atl-Traceid: + - b836cecf34f7450c80e7ce1253b69e07 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:52 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=276,atl-edge-internal;dur=14,atl-edge-upstream;dur=262,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - d49ffac1d9854ea198ea904f36c9b299 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA5yQX0vDMBTFv0teXbsk/bMubzLBKTqFdi+KSJrcYjRNSpMOxth3N8Ghe1TfLvf8 + zj2He0Atd7AdNWLozfvBsflcQgfCS/tuU+41d05xkxrwaIakcoPm+3/wNYw7JUCC+1iDHlZgPIx/ + PbKyptMTGAG/c+5gdMqaABOMSYpTnNSby8d6/dD8qJupb8OE2HOEZniGX0ImDNru+9Cy2Q8xbaXt + JIOpnZSWXxbEgoEuFqflFfcRpJjmCaEJWTaEsowwkqUY4wsc4OB34Q8wNqo/ZzPckIqRnBU0rary + mxX9jelsAHFe4DyjJc/atiqqJSmWRBY0E4JWIEvCoeM8L9uzAK9jwq0aeXxh0Cft76zgcX1A+jQh + MK/bGh3Piz1ZE5Xr+wYdPwEAAP//AwCH7Ko5IAIAAA== + headers: + Atl-Request-Id: + - 859638ec-ebe7-429a-b93c-96412e0f731b + Atl-Traceid: + - 859638ecebe7429ab93c96412e0f731b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:52 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=159,atl-edge-internal;dur=17,atl-edge-upstream;dur=143,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - a8214d3d9be735c9964d7305b09f5bce + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15997 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXbVPjNhD+Kxp/pCF+SyDxTKfDQLijpZSGAB84JiPsja3DkXySHJIe/Peu/BYI + MS10esMMtizti3affXbz3YJlRnlkBZYEHoGE6JhBGqkOp3NQHRUmMKcdkYGkmgmuOhAxPQdNO2FC + eQypiDsLkAr3IBpDJkEB19XZMFdazGdG4dR1HNfpSviWg9KTVQbnkoaahWB1LGbsu/3hcB8XCtIZ + LhOtMxXYdgQzCHUkvoou1SlVilHe5aBttKRtmjHbs5lSOdi1gntYofzZZHQx2XX7gz5+KlxQVvDd + UuhbrkKqIRZyVd4hwhVKeI7X23W9Xd+ZuIPA7QU9t7u/5/2EfjvGSWNEo+OFmg86aeRt1Od4zbWr + RQQqlCwzgcOvB0TNaZp2SMSUZjzUJGMQAhEz8iDkfddIh4JfyvSdXuScmXTRdEoXVFNpLxg82IVb + awerLdfx3cEviv0FP88x7fkcrRpYoMkJVfcmV/mdNm/BjKYKOlYpeIL3KmQ7VsIQODJMVqewAPTV + eepYmiGyMkSJFfAc72htwMR32jbceiOT4ite9YOZqKSLPBSZrfNgFs/Qs77uJWdaowJlNbYNhH8r + ziox0w9UGiArNs9Shg5HGyHBRBXw6w2WvcE73X0jZfVNmoT1HFMBXm/p9f5fKyUsCpCiQXdv6e79 + CIPL2qLvLX3vR1iskP/09BqOXhtO/XpjxpZXJTli9m9uEQ1xLCFGvvnHIujXG3gBkeYlL3wI7msF + 2xH/knmukV5IQhW5A+AkFAho0BARwYlOmCIFSxj+qUrjCInf2hKcvbaL7bdseK0bg7aN4esYvcXl + /rDmcsOhRUOzgl0Xl1Rjnyv7w/vjW3afdb+xS3XSkEXxeihyk2fX9JBr84Hx2Aq0zAHjhkr1FeLQ + UEZ5mUKf0S9ZWKd985vxFYVVIvI0OmIqS+mqohyTCwkYBpPjV3HwvW5v2PS0zYC2Ma/XMO/mRlMD + mWRCMr36YBBrcbtojP++tbE5jUHZRkLVShh+SFicdNUiXgP1M36poe9tQazn1zUx3Ql2pm7xf+jt + 4/JxxxxwvGcbJnopvQND66awN0edNvi7bSh3ByZyWHijjIWnjN8fm50jyMxYxsM6u0XOH4q95gsX + fIRTGb1LYQxUlYiR1Zt1fnr56eRsenpyODq7GE1H4/EfY3Qe6Udh6PDAJAFyjv2La2LsYoVjsacr + glzIUqOUaEF+ZZKScwlzJEOSK0R3dxsnuliSlvPIHCeL/MAqmz1mGdNk6rK8+QsSxITFjNN081A1 + VFbhLfCfonc1jyICYg7N6Twzhb8V8S+nuHL++yBIS+FmfntJnO/D7QaBbgyDpaHDakr9T97Wo67t + V0b8esaJSsOhSIU8K33BvADfcK3IMrYBfOd6O9r7bbzRb3jjrVS/jOMX/vzvgMRS5JkZfI8Zj5A5 + 1bo7ZblKsDUZeJ6MD8zzDgjjC2PA4Csi+NOGYBOGKDDKEq9LPhl1X/hO8dwJyE2jlvGAcIyVZlQL + GTjdftd/NAHHeKcipGkilA4GzsCxZ6XMtPDN9vuDW5QmNxcQ5obEyGfxsKtFizDOGlGOs4Z3S2xy + 4ypN/syp1CDJiMdYknOMc4soNAdst5A+O/+dHORY/OQipLxFykyu9tC5LSP6+EgucBgv/MT3w6tR + 8bguH2L+NwAAAP//7FltT9swEP4r1iRQWzVpmqQpLUKMqUJjGmiCbV/QpLqxm0akSZWXsg/8+D3n + vPQFSrsiEJNWqpLEPvt89/g53yV3NN0URxe6/O6n4AESVaDCFQZiRKnsgd1iDM3E3tdw6jfbSgsC + aTgXeoj8RfeieWueBSFgm4JTWqv9f9EQlmFUcu691Kd+Gks9ir0WNjYnvPs4gxMhtNBVn6TTgOQW + /sKN8hgNZuJzLb0s4LDpb8pJ1ToGMvR5QFC6kfEcqSfTWO2qGqHJDoP0+ATDOLpR32DLwvMt07Jo + /ouQkti5bJKx1MG/ya795I6dua6cEQKfMpSDhXes3s6GKvorQ9m7G8reaqhXN5K5s5GwJUtY9hvK + YPSMNQaZZAPsZTz8Ao5jZq/JwPEdtsoT5d+krVdEoe4t/c3wgCUMFC+zAYiZUbiC1lvlWA0/9afW + /+zqWQN7Fs9v8U/ba/tgSgBMDfGyDbzqgsZNlMUw5rkfSBCszA1+6KXHXPlbXS7wuCQ4WASCBgi7 + UiNChCioVfejFhdzP0EwkRSKu4gRYzI6YFSeGcilw8UMQ4bTDSP9ZVyeZ+ICDoV2BAdRwSEp4MDT + lLt3SZPdT3x3wnD49jzQdAaKZDOOuUKPcYY0zoUgTkxuzMekxzAHtvaVh14Gwh6yieQCknMeIHnK + V8t+LhS6REQI5HL4WW0vk8j+MiTR5ZvKNETZjmavbG6vjoCeE4jjIUCu9n9/u2MoKvTph/CFW1pW + glFm2Sjw3cJpl74KtoXPfqiDGFm4cEauDAPvBGiIi8VD7mI6Ay2QzFXEfHXDEBrnvpBiBU7X2FM4 + nWLqvwFFITqLKLISxmtcTP2wzmr1hykwnEb9CrdPksarE4a5J2GYRBjmCwljrzDyiDD2DWTL/n1r + wnD+E8YbEIb9bxGGU4luIYzHRZNOVe1bz4U3ZUVtezkrSmNARlWEqKKz3rUqA6412FXta63B2CRh + bCpJGFVJojTPpo6bCnFGpcxKar+e56ndMaHsJc8ik2w65ZTefng2ByOTU0ErivdMhKlccQrEUhnu + Qpx02yBE48A6k86RM3Jsrhljs6vZY97Rer2uoQlnLGR3PLKlRcl4JYlpc9n+jpKScHMmBO0a0pnH + USA+LqmMvJomePYVgXKK1L0470YyZZnaGlvCHEnBne4RlxbviTG3e0fuiDs91263T8WJGgVrPTDP + 8c3ltCkPizRS0/JHiZ4l2j1Mppk65ad6vmPJptqM84RMCnkVE3iQ4PLzJ83WZyEV2NZfN7x/jdff + V7x/jdffd7yexn8AAAD//6KOi4FFWQpkWBo6tOQBTvwKTjmJedmpecUZmQXgrAXqF0LGwiGlYRRo + yMlKybW0KL8gVT8KWBwlg0ZtoXkQNOkGlIXndJA10DlI7CNTJrjKYBNcI9omuGZ1TODlfBG0khgG + xREAAAD//xotjgaDi0eLI1q7mH7FEXqpAW/rwZtGQKenQ7JgNWgxAZRtALQwvyQRukYC3RScjTqc + xRjO1p4R9oIS17yUAa7mLahUwCphAPcymoQxLh3G8PZjal5ZZlF+HqSNCBFKKYUu0IFwiQq9/FyI + CdUwJrR2IKO0RlpbpA8zV0cpN7EiKLW4NAdkMJLd4JmbohLHEog7yvJLqDerDDEMbijQrozE4rB8 + 8KwXbOIXNK+dkw/qSiA5BNW1RijOhWoAB09tbS0AAAD//wMA0WGa4A8mAAA= + headers: + Atl-Request-Id: + - 509645bc-9119-41d6-9b33-7cda72f7d2a9 + Atl-Traceid: + - 509645bc911941d69b337cda72f7d2a9 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:53 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=265,atl-edge-internal;dur=14,atl-edge-upstream;dur=251,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 6af4618e20b19382e45f65b7434a6957 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: !!binary | + H4sIAAAAAAAAA+xW32/TMBD+V6o8V0vbVWOqhBBiIE2gCWndXtCETHJZb3PsYDttyrT/nXPixO5a + RjpgvCxP9vl+fOf77uK7CKqCiTSaRYWSN5AYHQ39cvblziug1iWYdQFWRQPPSLYwptCzOE4hI4NU + 3sgDZjjTGpk4EGBiBdrErMB4Ejuv8XhEH7lA67Td3MKadmfz9+dz2gmWA20vBBpDDmxAtmSGqQvF + CdVdND2upsd7xi8FLkFpxr82vuIlwiq2CXXQ3MF4NB29opiTaTWZ/tsobzT+gNc6Z5xTwPFRNT56 + joBVG/FwUh1OniNiDimWeXQ/DHlk+fUEJnUeai5NQi7ZTQo6UVgYlIKkbwd1rsNBitqgSMygQEhg + ILPBSqrbA2udSEHM2hPFI9fgAXYXcTg+3riIjuRzpm9pVwqjmNCcGUjPNk50+c3Y1SxjXMMwWiAo + ppLF+hMsgUCPhr5HMwSe2nZxC2oVXeY5U2u7VPC9RAWkaFRJnnSygJzZE4uVzLVRKK5tzLU2kFuJ + s77v8J47SduzrQYBY/oEMlZyc8l4CR1gWRBgWw1bcKq3ia5CGvRC5rUDcF7o4Z1a2WDeaDYIQ9te + GK9o3HAuV5DWSi88fYSNjeEp5VXb7qDnva12wRQIs1lq52F3rTmKOlxba+fAF/pzI2iL7M57Vrhj + YSLzQgqyrHvl99iYUsxyHQkVmXj7EGvg1ON954Ut5kCvL26WpjYS2HgKcrmEaAdbbWYb7OqT2nbz + hy58IieBtM0k1OybSlsC98/oNQZa3ZAYThQwo1Ny1Oj2ewDbvtQnjYA/e/Q4azvNPjbDVmZmRUy3 + F4B5wZHmvC/pyxvpbwb8f2+kemJmWF2Sh4aUffr34Wiy8Zt+7Hol9On75QNWA6fsZ1Oouk/jDN2I + enw4FQqlQvPgVfKrzDrtjbZ3srDvO7W28TvBVgLNgNnGvwPwExu/iR2PbUn6/7gxZ9egY2uhWydI + ggVeL8j7TwAAAP//vJfBboMwDIZfpeqht8K6tpdJqNph0iax087VBNQCNgqMkHU99N0XxwmE0mms + QTvWjZMvtnF+O+wTW7S68SMZ8QTZV0Qw7GClRhkHtk+qMW+tMZfjYNL31gV91rJHoi6tUVfjoIqK + 7HL6xUFDrqwh16NB9krUlzaNup6etihNzC/RDv0/SwH1Imd1sZfT1at4xherYR0syLEJkfNUCj+n + PH6lzIkrgDwpStGHnLe0Cu7iZA5lGs2V/iUXktfitLbZPYhFE58WKTXZQ7vQ9n7s29iVsyAE0g4D + bnT22vTVo9qtRfbJoHnV/6Lf8rpAdZxBDQPT2FTCwrlxaSOX8Viktt58cKiO3uDLX1LUgjmo6yBK + 9oOHlvN4GP5GTAxrG5d7cynFpuM97B50g6goj+14jUV0ZT4Nf4PfsBp5Fb9hN5GTd5vezgY2KVZz + tCsK/h2qTcQrnPSUyH/aeTOWFIcXHuKASkOhh4+7aWZkUa4SVOhpL+dZNruqXJowI3Ccg2xjvweZ + M6g65aC9jWLQpqYUWoNdFPFwl3YLwgxcBjimb5Qc9eQY8tdoUOdAwbo9fQMAAP//AwBWYTYNTBYA + AA== + headers: + Atl-Request-Id: + - 7800cada-8b84-41a6-acfb-7f0a37e24eaa + Atl-Traceid: + - 7800cada8b8441a6acfb7f0a37e24eaa + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:53 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=308,atl-edge-internal;dur=14,atl-edge-upstream;dur=295,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - c8d6e631bbceda794429b54813eee14d + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/358] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || + CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] + | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] + | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] + | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Jan. 29, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* High\n *Due Date:* Jan. 29, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* Jan. 29, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n"}, "update": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '3345' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15997 + response: + body: + string: '' + headers: + Atl-Request-Id: + - d46b99a3-bbf8-4438-b860-211da1a1cae9 + Atl-Traceid: + - d46b99a3bbf84438b860211da1a1cae9 + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:54 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=471,atl-edge-internal;dur=15,atl-edge-upstream;dur=458,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - e016388aa5fe6ad3d4565996fa563690 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15997 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXbVPjNhD+Kxp/pCF+SyDxTKfDQO6OllIaAnzgmIywN7YOW3IlOS89+O9d+S0Q + EqbQ6Q0z2Ja0L9p99tnNdwuWOeWRFVgSeAQSok8M0kh1OM1AdVSYQEY7IgdJNRNcdSBiOgNNO2FC + eQypiDtzkAr3IBpDLkEB1/XZsFBaZDOjcOo6jut0JfxVgNKTVQ4XkoaahWB1LGbsu/3h8BA/FKQz + /Ey0zlVg2xHMINSR+Ca6VKdUKUZ5l4O20ZK2ac5sz2ZKFWA3Ch5ghfLnk9HlZN/tD/q4VLqgrOC7 + pdC3QoVUQyzkqrpDhF8o4Tleb9/19n1n4g4Ctxf03O7hgfcT+u0YJ40RjY6Xaj7opJG3UZ/jtdeu + PyJQoWS5CRyuHhGV0TTtkIgpzXioSc4gBCJmZCHkQ9dIh4JfyfSdXhScmXTRdErnVFNpzxks7NKt + tYP1luv47uAXxf6GnzNMe5GhVQMLNDmh6sHkqrjX5i2Y0VRBx6oET/FepWzHShgCR4bJ6gzmgL46 + Tx1LM0RWjiixAl7gHa0NmPhOs5FL8Q1v9MGA19JluMsENuE2H89Asr7VFWdaowJltbYNUn8rzyox + 0wsqDV4Vy/KUocPRxs0xHyXKeoNlb/BOd9/ITHOTNi89xwDd6y293v9rpcp+iUU06B4s3YMfYXDZ + WPS9pe/9CIs1wJ+eXsPR3YVTr9mYseV1xYGY/du71yf95iSNYwkx8s2rIsALiLSoyv9DcF8r2I74 + lwRzgyxCEqrIPQAnoUBAg4aICE50whQpycDQTF0aJ8jv1pbg9HcF52DXxuGODW/nxmDXxvB18N7i + cn/YcLnh0LKhWcG+W1O7CaVkYZOBzTVT13h/lYgijU6YylO6qqsflxdUY6esOsz7U1f1r3XHsit1 + 0vBQ+XosCoOU0tUbs8B4bAVaFsY2KtXXCHHDRnWcJGAYTPJfxcH3ur1h29M2A9oy7+bGrhrw2hrI + JROS6dUHQ9CI22Vj/PetjWU0BmUbCdUoYbiQsDjpqnm8RvAXXGlqwtsCZc9vimW6F+xN3fL/0DvE + z8c9c8Dxnm2Y6KX0Hgzfb6l4Q5NbA+buQrk7MJHDihzlLDxj/OGT2TmB3IxlPGywViJwUe61K1zw + EU5l9D6FMVBV4VfWb9bF2dXn0/Pp2enx6PxyNB2Nx3+M0XmkH4WhwwOTBMgFNjauibGLpY8skK4I + kiRLjVKiBfmVSUouJGTIkqRQiM3uNrJ0sSQt55E5Th75gVU1e8wypsnU5RYSxITFjNN081A9VNbh + LSskRe/qb4OAmEN7ushN4W9FfN/vDgdug/hq/vsgSCvhdn57yajvw+0Gs24Mg5Wh43pK/U/eNqOu + 7ddG/Gb4iSrDoUiFPK98wbwA33CtzDL2B3znejva+y1vvJXRTaGWU17G8St//ndEYimK3Ay+nxiP + kPfUum3lhUqwZxl4no6PzPMeCONzY9ngKyL404Zgd4YoMMoSr0s+G3Vf+V753AvIbauW8YBwjJVm + VAsZON1+1380Acd4pyKkaSKUDgbOwLFnlcy09M32+4M7lCa3lxAWhsTIF7HY12KHMA4hUYFDiHdH + bHLrKk3+LKjUIMmIx1iSGcZ5hyi0B2y3lD6/+J0cFVj85DKkfIeUGWntoXNXRfTxkVziMF76ie/H + 16PycVM9RPYPAAAA///sWW1v2jAQ/ivWpFaASAhJCIWq6phQtU5rNbXbvlSTMLEJ0UKC8kL3oT9+ + zzkvvLSUjqpdJ40imsQ++3z33GPfJXc03RRnGrr86qfgARJVoMIVBmJEqeyO3WAMzUTsazj1m22l + BYE0XAg9RP6ie9GitciCELBNwSmt9f4/aAjLMCo591bqMz+NpR7FXguBzQnvPg7nRAgtdNWn6Swg + uaW/cKM8RoOZ+FxJLws4bPqLclK1jqEMfR4QlK5lvEDqyTRWu6xGaLLDID0+wTCObtS32LLwfMu0 + LJp/gLPBQjbJVCofYA/ZxcE6O1bvyXYp+iu72E+3i73TLi9uE3ObTRBwJej6DWUfesYaw0yyISIV + Dz+BwZjZazIweIets0D5N23rFQ2oe0t/NW9jCUPFumwI2mW0GUHrnXKshp/6Q+t/dPWsgYjE8xv8 + 0/YKDkwJPKkhnhee6y5oXEdZDGOe+YEEfcrc4IdeesxdV85TdbmE34rgcEnzDdBxpUYE/i+IU/ej + FhcLP8EeImmj7WIHmJDRAaPyREAuHS1nGDGcXRjpL+PytBIXcCi0IziICg5JAQeeptz9mTTZ7dR3 + pwwHfc8DCWcgQDbnmCv0GGdI0lwI4jzkxnxCeowGaqHaZx56Geh4xKaSC0gueICcKV8t+75U6AJ8 + H8jVzWW9vcwd+6uQRJcvKgsQZTuavbK5vT4Cek4hjocAuQr3/m7HEOf36YfwhVtaVoJR5tk48N3C + aRe+2koLn31TxyyycOGMXBkGmgnQEBeLh9z5bM7dlGQuI+arG4aNb+ELKdbgdIWYwtkTU/8JKArR + eUT7JmG8xsXMD+usVr+bAcNp1K9w+yBpvDhhmHsShkmEYT6TMPbaNe4Rxr771qp/X5swnP+E8QqE + Yf9bhOFUojsI435JpFOV7jYz3W21kra9raGqlVGWlMbAkirjUFlpo6uxraxmVyWvTYmq4FBaYVvH + bQUIY1uZzajmVAEwpfSjyMJXE/nNdC/JZjNOyeu7RzMsMjmVq6J4zzSXihGnQCyVyM7FSbcNQjQO + rIF0jpyxY3PNmJhdzZ7wjtbrdQ1NOBMhu5OxLS1KtStJTJvL9p8oKQk3AyEoakhnHkeBeL+iMrJm + muDRNwPKW1L34rwbyZTVaWtiCXMsBXe6R1xavCcm3O4duWPu9Fy73T4VJ2oUrPXAPMM3l9NmPCyS + RE3LHyV6lmi3MJlm6pR96nnEkk21OecJmRTyak/gQYLLjx80W5+HVD7bfMvw9jXefE3x9jXefM3x + NzX+DQAA//8ixsXAEisFMgQOHTjyACd+BaecxLzs1LzijMwCcNYCdQQh49SQQi8KNKBkpeRaWpRf + kKofBSynkkFjstA8CJprA8rCczrIGugMI/ZxJxNcZbAJrvFqE/h4dRG0LhjZpQ4AAAD//xqk6Wu0 + 1KGHi0dLHVylDnqpgasRaAJv68GbQkA/pUPyZjVoDQGUbQB0SX5JInQFBLopuFp7BriKMQMj7OUh + rlknA5wewNkaxNWKBZUjWCWMcUrA24+peWWZRfl5kAYkRCilFLr8BsIlJvTK8kuoN9MKMQxuKNCm + jMTisHzwXBJscheYDyBOroYxodUR2Q4AL1XSh5mro5SbWBGUWlyaAzIYybPgiaCiEscSiMdBs9Y5 + +aAeA5I4qmYjFN1QDWDX1tbWAgAAAP//AwDmCyHg7SUAAA== + headers: + Atl-Request-Id: + - bd66e6f8-d2a0-4745-a337-3af3fa125545 + Atl-Traceid: + - bd66e6f8d2a04745a3373af3fa125545 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:54 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=258,atl-edge-internal;dur=14,atl-edge-upstream;dur=245,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 9597c0970c71067def43aaf9ad919e94 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"transition": {"id": 11}, "fields": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '40' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1585/transitions + response: + body: + string: '' + headers: + Atl-Request-Id: + - 9f27b226-49e9-445f-99c6-5e3487e6804a + Atl-Traceid: + - 9f27b22649e9445f99c65e3487e6804a + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - text/html;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:55 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=498,atl-edge-internal;dur=16,atl-edge-upstream;dur=482,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - f84385ede737e08075dbf1a5b0df65b7 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA5yQUUvDMBSF/0teXbskbbY2bzLBKTqFdi+KSJrcYjVNSpMOxth/N8Ghe1TfLvd8 + 557DPaBGONiOGnH05v3g+HyuoAXplX23qfBaONcJkxrwaIZU5wYt9v/gKxh3nQQF7mMNeliB8TD+ + 9cjKmlZPYCT8zrmD0XXWBJhgTFKc4qTaXD5W64f6R91MfRMmxJ8jNMMz/BIyYdB234eW9X6IaStt + JxVMzdRp9WVBPBjocnlaXgkfQYppnhCakLImlGeEkyzFGF/gAAe/C3+Ase76czbDNSk4yTljKSvz + b1b2N6a1AcQ5w3lGFyJrmoIVJWElUYxmUtIC1IIIaIXIF81ZgNcx4bYbRXxh0Cft76wUcX1A+jQh + MK/bCh3Piz1ZE5Xr+xodPwEAAP//AwADSunvIAIAAA== + headers: + Atl-Request-Id: + - 8b345ef0-42e6-47f0-9d5c-68eb00ace4a6 + Atl-Traceid: + - 8b345ef042e647f09d5c68eb00ace4a6 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:55 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=163,atl-edge-internal;dur=14,atl-edge-upstream;dur=150,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 7d83d163030dc6473420a33a0499404e + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15997 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXWXPbNhD+Kxg+phIvSYnMmU7HtZXEreu6suI8OB4PTK5IxCTAAqCOxv7v3SVF + Kj6U1u409gNx7YHdbz+svjiwKrlMnMjRIBPQkLwVkCemJ3kBpmfiDAreUyVoboWSpgeJsAVY3osz + LlPIVdpbgDa4B8kUSg0GpN2cjStjVTEnhVeB7we+q+HPCoydrUs41Ty2Igan5wiyH4z29t7gxEA+ + x2lmbWkiz0tgDrFN1GflcptzYwSXrgTroSXr8VJ4oSeMqcBrFdzAGuVPZpOzWT8YjUe4VLtgnOiL + Y9C3ysTcQqr0urlDgjOUCP1w2A/C/sCfBeMoGEajoTse7f2AfvvkJBmx6Hit5oVOkryH+vywu/Zm + koCJtSgpcLi6z0zB87zHEmGskLFlpYAYmJqzpdI3LknHSn7Q+TO9qKSgdPH8ii+45dpbCFh6tVtb + BzdbgT8Ixj8Z8Rf8WGDaqwKtEizQ5IybG8pVdW1pFM15bqDnNIJHeK9atudkAoGj42x9DAtAX/27 + nmMFIqtElDiRrPCOzgOYDPx2o9TqM97ohQHfSNfhrhPYhpsmX4Fke6sPUliLCozT2Sak/lqfNWpu + l1wTXo0oylygw8mDm2M+apQNx6vh+JnufiMz7U26vAx9Ano4XIXD/9dKk/0ai2gweL0KXn8Pg6vW + 4iBcDcLvYXED8Lu7x3AMduE03LUxaDfmYnXekCPC4uISYZKmGlLkm38sglG7gTdTedXwwtNHX+/a + eLNjI9y5Md61sffYnYY2m1UipfqFcKJ+gFNu8eFoCPf5hdvQ+ZbAvUadprKshweqosAFRMofaUHI + 1ImsruBuw9OkTYu4idqXR2vkGR41mary5FCYMufrTSnjMrplzxEzVN6baGjAyxJ/PHokBqE73Avb + R+Jh2Doqe7ixC1RhB6pSC6WFXb8wiK24V780//6tEAVPwXgkYVolAhcykWauWaRbtnyPKy2ths7j + wgm7Msj5NRAxUgU87Al2gTfYhdFgTBHJuJmUIj4W8uYt7RxCSf2LjNs81tld1nvdilRygu0Lv85h + Ctw02NCbkXN6/OHd0cnV8dHB5ORscjWZTn+f4v2wTg2GBA/MMmCn+AJIy8guE4Ypma8ZsonISSmz + iv0iNGenGgqkE1YZRK37FKsEWFCOfyt8v0wGkdO8ipg9DP+2qu6xBSYiFZLnDw9tuq9NeGuk5+hd + SziY2VRCd7oqqWyfRHLd7oxbJDeN0gvB1wh3L+/93uZ5eNzi7Wce32C72UKuVd7YOth0dP/J4bYt + bGoGjYRtoyBhSdWtcqVPGm+u8wr6qUbe2DZFih2qJtmqKLEhlvZp0I920cKoo4VvZfx+OD/Jr//3 + WapVVVKj+FbIBInRMKwVdg0gWVmZDJIapUfTffpeAxNyQQYIZgnDnwIMHy1IIlKWhS57R+o+yVf1 + 91XELjq1QkZMYrys4FbpyHdH7uCWgo4xz1XM80wZG439se/NG5mr2jdvMBpfojS7OIO4Io5i79Wy + b9UOYXy0kwof7fCSeewiMJb9UXFtQbOJTLEyC4zzDlHoDnhBLX1y+hvbr5AD2FnM5Q4pagG9Pf+y + iejtLTvD5rX2E8cH55P687H5tImmyeapp+FMWKQDEq2BhSNUxIgx2S27QB39ECmgj11yGNReEFDl + InEl9vtuqhbeosolQtcitXj3z1+SioHvd3LxEtxCWA2u0qmH9c0J8wKbWeIFD4+6mS1yktvmCyd1 + xkhZiH9TSKucY0z/BgAA///sWW1v2jAQ/ivWpFaASApJCIWq6qhY1U5rNa3aPnRfMLED2UISJYTu + w378nnNMeCmUjqpVJ02tgNg++3y+e87P5RdxOLWPvowCHpIr3cp0BqrGDFa5KWeos8NwenKKaVyz + Ud1iS33yR5Zt0/o9pN+ZrJOp1P2ZbbKLi3227M6T7aLHK7s4T7eLs9MuL24Ta5tNEHBzp+vWlH2o + jdX6uWR9RCoaPwLFmNWpMwB5i62iwPxv3DRLGFDPtvlqp40t9BXyAhR/xIxyErTeKccq+Khu2v+j + u2c1RCTav+PL2Cs4sCT8SU3xvPBcPYLabZynMOZFEErApywMfjiannDPk8lU/Vy435JgfwHzNcBx + qUYM/NfAaQbxERezIEOqkJRv28gAPhkdbjS/GNCRDhYrDBiuMIz0BzXXl5ZUu4PWjtxBlO6QaXfg + 0ykycFZn9+PAGzPcpUcjgHAOAGQJx1rRiHEGUuNBENciL+U+6THoqY0an3g0ygHHAzaWXEByxpFD + zWK37NtCoWvgfSiXk8tq/5xSdZddEkM+K5og5v3oHs27m6szYOQY4miEk6tw7+4+GML8Ln2Qf+GR + tpVhliQfhoGnD+06UKlUn9lXddsiC+vDKJRhgJkQHanePOSuJgn3piRzE7NAPTAkvlkgpFhxpy+I + KVxBsfTfOIUWTWLKm+TjFS4mQVRllervCXx4GndLv90IGi8OGNaegGERYFjPBIy9ssYDwNg3by2f + 72sDhvsfMF4BMJx/CzDcUnQHYDyseLRK0r9OeLdxnqazzHmmKVxGlXOoQLM+tCyKrXU4ZXlqraOx + TaKxre7QKOsOc/NsG7itVtYolVnh7+ssTkXHmLhJwRGzfDLhRGDfPcqwyORUjYrTPaku1STO4LFU + Q7sSp+0mALFxYPeke+wOXYcbDd9qG47PW0an024YwvWFbPtDR9pEi0tJLFvIdp8oKclvekJQ1JDO + PI1D8X5JZbBmWuDRSro6FGmCeKthJDOv5tq+LayhFNxtH3Np847wudM59obc7XhOs3kmTtUs2OuB + dYH/Qs6Y8EiTRMMomjIzz4x7mMywTGKfZhGxZFMj4Twjk0Je5QQeZvh5eW44ZhJRcWK9Kv/2NV4v + 6799jddfC7x1jQFloqgy6+rRpXJ+dh7y6KeMsnGQqNAiIlgUsgs0vIsjGv0hT+NEHt0BjjwqueoY + pHdT6C0jnZbRb+Q2152cbRjsLJWj/wAAAP//QpXANcdhAi/ni6CVxGhxNAgTHqHiCAAAAP//Gowu + Hi2OaO1i+hVH6KUGvK0HbxoBnZ4OyYLVoDl3KNsAaGF+SSJ0xQC6KTgbdTiLMZytPSPsBSWuyScD + XM1bUKmAVcIA7mU0CWNcOozh7cfUvLLMovw8SBsRIpRSCl2uAuESFXr5uRATqmFMaO1ARmmNtNJG + H2aujlJuYkVQanFpDshgJLvBczNFJY4lEHeU5ZdQb0oYYhjcUKBdGYnFYfngqS3YPC5oUho0YQSy + Eu4QVNcaoTgXqgEcPLW1tQAAAAD//wMAVHvxwh0lAAA= + headers: + Atl-Request-Id: + - aea023ac-06d7-49b4-890b-653cdbeb32b9 + Atl-Traceid: + - aea023ac06d749b4890b653cdbeb32b9 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:55 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=255,atl-edge-internal;dur=12,atl-edge-upstream;dur=242,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - db1eece1cc2b9f411bcf055e75cf83f4 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: !!binary | + H4sIAAAAAAAAA+xW32/TMBD+V6o8V0vbVWOqhBBiIE2gCWndXtCETHJZb3PsYDttyrT/nXPixO5a + RjpgvCxP9vl+fOf77uK7CKqCiTSaRYWSN5AYHQ39cvblziug1iWYdQFWRQPPSLYwptCzOE4hI4NU + 3sgDZjjTGpk4EGBiBdrErMB4Ejuv8XhEH7lA67Td3MKadmfz9+dz2gmWA20vBBpDDmxAtmSGqQvF + CdVdND2upsd7xi8FLkFpxr82vuIlwiq2CXXQ3MF4NB29opiTaTWZ/tsobzT+gNc6Z5xTwPFRNT56 + joBVG/FwUh1OniNiDimWeXQ/DHlk+fUEJnUeai5NQi7ZTQo6UVgYlIKkbwd1rsNBitqgSMygQEhg + ILPBSqrbA2udSEHM2hPFI9fgAXYXcTg+3riIjuRzpm9pVwqjmNCcGUjPNk50+c3Y1SxjXMMwWiAo + ppLF+hMsgUCPhr5HMwSe2nZxC2oVXeY5U2u7VPC9RAWkaFRJnnSygJzZE4uVzLVRKK5tzLU2kFuJ + s77v8J47SduzrQYBY/oEMlZyc8l4CR1gWRBgWw1bcKq3ia5CGvRC5rUDcF7o4Z1a2WDeaDYIQ9te + GK9o3HAuV5DWSi88fYSNjeEp5VXb7qDnva12wRQIs1lq52F3rTmKOlxba+fAF/pzI2iL7M57Vrhj + YSLzQgqyrHvl99iYUsxyHQkVmXj7EGvg1ON954Ut5kCvL26WpjYS2HgKcrmEaAdbbWYb7OqT2nbz + hy58IieBtM0k1OybSlsC98/oNQZa3ZAYThQwo1Ny1Oj2ewDbvtQnjYA/e/Q4azvNPjbDVmZmRUy3 + F4B5wZHmvC/pyxvpbwb8f2+kemJmWF2Sh4aUffr34Wiy8Zt+7Hol9On75QNWA6fsZ1Oouk/jDN2I + enw4FQqlQvPgVfKrzDrtjbZ3srDvO7W28TvBVgLNgNnGvwPwExu/iR2PbUn6/7gxZ9egY2uhWydI + ggVeL8j7TwAAAP//vJfBboMwDIZfpeqht8K6tpdJqNph0iax087VBNQCNgqMkHU99N0XxwmE0mms + QTvWjZMvtnF+O+wTW7S68SMZ8QTZV0Qw7GClRhkHtk+qMW+tMZfjYNL31gV91rJHoi6tUVfjoIqK + 7HL6xUFDrqwh16NB9krUlzaNup6etihNzC/RDv0/SwH1Imd1sZfT1at4xherYR0syLEJkfNUCj+n + PH6lzIkrgDwpStGHnLe0Cu7iZA5lGs2V/iUXktfitLbZPYhFE58WKTXZQ7vQ9n7s29iVsyAE0g4D + bnT22vTVo9qtRfbJoHnV/6Lf8rpAdZxBDQPT2FTCwrlxaSOX8Viktt58cKiO3uDLX1LUgjmo6yBK + 9oOHlvN4GP5GTAxrG5d7cynFpuM97B50g6goj+14jUV0ZT4Nf4PfsBp5Fb9hN5GTd5vezgY2KVZz + tCsK/h2qTcQrnPSUyH/aeTOWFIcXHuKASkOhh4+7aWZkUa4SVOhpL+dZNruqXJowI3Ccg2xjvweZ + M6g65aC9jWLQpqYUWoNdFPFwl3YLwgxcBjimb5Qc9eQY8tdoUOdAwbo9fQMAAP//AwBWYTYNTBYA + AA== + headers: + Atl-Request-Id: + - 93b3d9cd-2d71-4f2e-8b20-58184433dd50 + Atl-Traceid: + - 93b3d9cd2d714f2e8b2058184433dd50 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:56 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=386,atl-edge-internal;dur=12,atl-edge-upstream;dur=375,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 55d2f7911669f23faf0f11a821b7d65e + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\nA + group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/358] + in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || + CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321] + | [300|https://cwe.mitre.org/data/definitions/300.html] | negotiator | 0.5.3 + | [2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/233] + | Active, Verified |\n| High | [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539] + | [400|https://cwe.mitre.org/data/definitions/400.html] | negotiator | 0.5.3 + | [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Jan. 29, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= + 0.6.0)|http://localhost:8080/finding/233]\n*Defect Dojo link:* http://localhost:8080/finding/233 + (233)\n*Severity:* High\n *Due Date:* Jan. 29, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/232]\n*Defect + Dojo link:* http://localhost:8080/finding/232 (232)\n*Severity:* High\n *Due + Date:* Jan. 29, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source + File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n*Reporter:* + [(admin) ()|mailto:]\n"}, "update": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '3345' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15997 + response: + body: + string: '' + headers: + Atl-Request-Id: + - 28c6e248-3f13-40af-b7ab-9f469694aa89 + Atl-Traceid: + - 28c6e2483f1340afb7ab9f469694aa89 + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:56 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=323,atl-edge-internal;dur=13,atl-edge-upstream;dur=311,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 4e13f736d484b357a2ffdd263327e487 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15997 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xX23LbNhD9FQwfU4k3SYnMmU7HdZTEreu6spI8OB4PTK5IxCTAAKAutfPv3SVF + KrasTO1OYz8Qt71g9+zB6taBVcll4kSOBpmAhuSNgDwxPckLMD0TZ1DwnipBcyuUND1IhC3A8l6c + cZlCrtLeArTBPUimUGowIO3mbFwZq4o5KbwKfD/wXQ1fKjB2ti7hTPPYihicniPIfjA6OHiFEwP5 + HKeZtaWJPC+BOcQ2UZ+Vy23OjRFcuhKsh5asx0vhhZ4wpgKvVXADa5Q/nU3OZ/1gNB7hUu2CcaJb + x6BvlYm5hVTpdXOHBGcoEfrhsB+E/YE/C8ZRMIxGQ3c8OvgJ/fbJSTJi0fFazTOdJHkP9flhd+3N + JAETa1FS4HD1kJmC53mPJcJYIWPLSgExMDVnS6VvXJKOlXyv8yd6UUlB6eL5FV9wy7W3ELD0are2 + Dm62An8QjH8x4m/4ucC0VwVaJVigyRk3N5Sr6trSKJrz3EDPaQSP8V61bM/JBAJHx9n6BBaAvvpf + e44ViKwSUeJEssI7Og9gMvDbjVKrz3ijZwZ8I12Hu05gG26afAOS7a3eS2EtKjBOZ5uQ+nt91qi5 + XXJNeDWiKHOBDicPbo75qFE2HK+G4ye6+53MtDfp8jL0CejhcBUO/18rTfZrLKLB4OUqePkjDK5a + i4NwNQh/hMUNwL9+3YVjsA+nYbsxF6sPDQdi9i8ud08O2pM8TTWkyDc7RYAXUHnVlP/j5kb7Nl7u + 23i1ZyPcuzHet3Gw62dDm80qkVL9QjhRP8Apt/hwNIT79MJt6HxL4F6jTlNZ1sMjVVHgAiLlj7Qg + ZOpEVleA6UOl9gNmnIqzca7WR/q1iJsA3+6ska8obDJV5clrYcqcrzfFTZDQgJcl/th5JAahOzwI + 20fiYdg6Knu4sQ9UYQeqUgulhV0/M4ituFe/NP/+rRAFT8F4JGFaJQIXMpFmrlmkW7Z8hystrYbO + buGEHepzfg1EjI+UBvHJo4EI9mE0GFNEMm4mpYhPhLx5QzuvoaT+RcZt1upcLuu9bkUqOcH2hV/n + MAVuGiTozcg5O3n/9vj06uT4aHJ6PrmaTKd/TvF+WKcGQ4IHZhmwM3wBpGVklwnDlMzXDNlE5KSU + WcV+E5qzMw0F0gmrDKLWfYxVAiwox78Tvl8mg8hpXkXMHoZ/W1X32AITkQrJ84eHNt3XJrw1rnP0 + bjOnzKYSutNVSWX7KJLrdmfcIrlplJ4Jvka4e3nv9zZPw+MWb7/y+AbbzRZyrfLG1tGmo/tPDrdt + YVMzaCRsGwUJS6pulSt92nhznVfQTzWyxLYpUuy1apKtihIbYmkfB/1oHy2MOlr4Xsbvh/OT/Pb/ + kKVaVSU1im+ETJAYDcNaYdcAkpWVySCpUXo8PaTvNTAhF2SAYJYw/CnA8DWDJCJlWeiyt6Tuk3xR + f19E7KJTK2TEJMbLCm6Vjnx35A7uKOgY81zFPM+UsdHYH/vevJG5qn3zBqPxJUqzi3OIK+Io9k4t + +1btEcZHO6nw0Q4vmccuAmPZXxXXFjSbyBQrs8A47xGF7oAX1NKnZ3+wwwo5gJ3HXO6RohbQO/Av + m4je3bFzbF5rP3F89GFSfz42nzbRNNn0ADScCYt0QKI1sHCEihgxJrtjF6ijHyIF9LFLDoPaCwKq + XCSuxH7fTdXCW1S5ROhapBbv/vlLUjHw/U4uXoJbCKvBVTr1sL45YV5gM0u84OFRN7NFTnLbfOGk + zhgpC/FvCmmVc4zpPwAAAP//7Fltb9owEP4r1qRWgEgKSQiFquqoWNVOazWt2j50XzCxgWwhiRKg + +7Afv+ccJ7yUlI6qVSdNrYDYPvt8vnvO9+QX1XBqH30Z+jwgV7qVyQKlGjNY5aaYoc4Og9nJKaZx + zUa1xJb65I8s26b1e0i2C1knU6n7M9tmFxf7bNmdJ9tFj1d2cZ5uF2enXV7cJlaZTRBwudN1a8o+ + 1MZq/blkfUQqGj8CxZjVqTMAeYuto0D+N2maBQyoZ9t8tdPGFvoKeQGKPyJGOQla75RjFXxUt+3/ + 0d2zGiIS7d/xZewVHFgS/qSmeF54rh9B7TaaJzDmhR9IwKfMDH44np1wz5PxTP1cut+KYH8J8zXA + caFGBPzXwGn60REXCz9FqpCUb9vIACMyOtwovxjQkQ6WKwwYrjCM9Edpri8tiXYHrR25gyjcIdXu + wGczZOC0zu4nvjdhuDmPxwDhOQCQxRxrhWPGGYoaD4K4FnkJH5Eeg57aqPGJh+M54HjAJpILSC44 + cqiZ7ZZ9Wyp0DbwP5GpyWe/Pa63uqktiyGdVJoi8H93jvLu5PgNGTiCORji5Cvfu7oMhzO/SB/kX + HmlbKWaJ58PA9/ShXfsqleoz+6puW2RhfRiZMgwwE6Aj0ZuH3NU05t6MZG4i5qsHhsS38IUUa+70 + BTGFKyiW/hun0KJxRHmTfLzCxdQPq6xS/T2FD8+ibuG3W0HjxQHD2hMwLAIM65mAsVfWeAAY++at + 1fN9bcBw/wPGKwCG828BhluI7gCMh4xHqyj6Nwvespqn6ZR1FIQXFUOzBL6keB7iaTaGOgU9tdHR + KCPNGmW8Q6PgHXLzlA0s48oahTIqACZUfuhifLWe36zq0vl0yqmAffdohUUmJzYqSvYsdYmTOIPH + Eod2JU7bTQBi48DuSffYHboONxojq204I94yOp12wxDuSMj2aOhIm8riQhLLZrLdJ0pK8pueEBQ1 + pDNPokC8X1EZVTMt8CiTrg5Fmii81TCSydlce2QLaygFd9vHXNq8I0bc6Rx7Q+52PKfZPBOnahbs + 9cC6wH8mZ0x5qItEw8iaUnOeGvcwmWGZVH2aWcSSTY2Y85RMCnmVE3iQ4uflueGYcUjkxCYr//Y1 + 3qT1377Gm68F3rrGQCyRccqaPbpUzs/OAx7+lGE68WMVWlQIZkR2Bnp3UUijP8yTKJZHd4AjjyhX + HYP0bgq9RaTTMvqN3HbeySnDYGeFjv4DAAD//0KVgA9Ho0vAy/kiaCUxWhwNwoRHqDgCAAAA//8a + jC4eLY5o7WL6FUfopQa8rQdvCgGdng7JgtWgOXco2wBoYX5JInTFALopOBt1OIsxnK09I+wFJa7J + JwNczVtQqYBVwgBX89YYlw5jePsxNa8ssyg/D9KAhAillEKXq0C4RIVefi7EhGoYE1o7kFFaI620 + 0YeZq6OUm1gRlFpcmgMyGMlu8NxMUYljCcQdZfkl1JsShhgGNxRoV0ZicVg+eGoLNmsLmpQGTRiB + rIQ7BNW1RijOhWoAB09tbS0AAAD//wMAdXxLEh0lAAA= + headers: + Atl-Request-Id: + - ee0f82f7-41e4-41a4-ae99-b421e8f83bf4 + Atl-Traceid: + - ee0f82f741e441a4ae99b421e8f83bf4 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:57 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=257,atl-edge-internal;dur=13,atl-edge-upstream;dur=245,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - c206692c490f1fdc2c81b322e5bfcecf + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA5yQX0vDMBTFv0te3bok/bM2bzLBKTqFdi+KSJrcYjRNSpMOxth3N8Ghe1TfLvf8 + zj2He0Atd7AdNWLozfvBscVCQgfCS/tuE+41d05xkxjwaIakcoPm+3/wNYw7JUCC+1iDHlZgPIx/ + PbKyptMTGAG/c+5gdMqaABOMSYITPK83l4/1+qH5UTdT34YJsecIzfAMv4RMGLTd96Flsx9i2krb + SQZTOyktvyyIBQNdLk/LK+4jSDHN5oTOSdUQylLCSJpgjC9wgIPfhT/A2Kj+nE1xQ0pGMpYvk6Ko + vlnR35jOBhBnOc5SWvC0bcu8rEheEZnTVAhagiwIh47zrGjPAryOCbdq5PGFQZ+0v7OCx/UB6dOE + wLxua3Q8L/ZkTVSu7xt0/AQAAP//AwBdjruEIAIAAA== + headers: + Atl-Request-Id: + - 3e8a0de9-90c7-40e9-8da7-04be8cc15354 + Atl-Traceid: + - 3e8a0de990c740e98da704be8cc15354 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:57 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=150,atl-edge-internal;dur=14,atl-edge-upstream;dur=126,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 9605e501face6f5b1f7c2da48691f1b0 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15998 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXbVPjNhD+Kxp/TEP8loTgmU6HgXBHSykNAT5wTEaxN7YOR/JJckh68N+7smMH + QkwLnd4wg21J+6LdZ5/dfLdgmVEeWYElgUcgITphkEaqzekcVFuFCcxpW2QgqWaCqzZETM9B03aY + UB5DKuL2AqTCPYhGkElQwPX6bJgrLeYzo3DiOo7rdCR8y0Hp8SqDC0lDzUKw2hYz9t3ewcEAPxSk + M/xMtM5UYNsRzCDUkfgqOlSnVClGeYeDttGStmnGbM9mSuVgVwruYYXy5+Ph5XjP7Q36uFS4oKzg + u6XQt1yFVEMs5Kq8Q4RfKOE5XnfP9fZ8Z+wOArcbdPudbnfwE/rtGCeNEY2OF2o+6KSRt1Gf49XX + Xn9EoELJMhM4XD0kak7TtE0ipjTjoSYZgxCImJEHIe87RjoU/Eqm7/Qi58yki6YTuqCaSnvB4MEu + 3No4uN5yHd8d/KLYX/DzHNOez9GqgQWaHFN1b3KVT7V5C2Y0VdC2SsFTvFch27YShsCRYbI6gwWg + r85T29IMkZUhSqyA53hHawsmvtO04VYbmRRf8aofzMRaushDkdkqD+bjGXo2173iTGtUoKzatoHw + b8VZJWb6gUoDZMXmWcrQ4WgrJJioAn7dwbI7eKe7b6SsukmdsK6zj2543aXX/X+tlLAoQIoG3f7S + 7f8Ig8vKou8tfe9HWFwj/+npNRy9Jpz61caMLa9LcsTs394hGuJYQox8849F0Ks28AIizUte+BDc + Nwp2I/4l89wgvZCEKjIF4CQUCGjQEBHBiU6YIgVLGP5Zl8YxEr+1Izj9povtN2x4jRuDpo2D1zF6 + i8v9mssNhxYNzQr2XPykGvtc2R/eH9+y+2z6jV2qk4YsitcjkZs8u6aH3JgFxmMr0DIHjBsq1deI + Q0MZ5WUKfUa/ZGGV9u014ysKq0TkaXTMVJbS1ZpyTC4kYBhMjl/Fwe929gduFYftgDYxr1cz7/ZG + XQOZZEIyvfpgECtxu2iM/761sTmNQdlGQlVKGC4kLE46ahFvgPoZVyroezsQ6/lVTUxaQWvilv/d + fr8/aT22zAnHe7ZjwpfSKRheN5W9Pes04d9tgrk7MKHDyhtmLDxj/P7E7BxDZuYyHlbpLZL+UOzV + K1zwIY5ldJrCCKgqISPXb9bF2dWn0/PJ2enR8PxyOBmORn+M0HnkH4WxwwPjBMgFNjCuibGLJY7V + nq4IkiFLjVKiBfmVSUouJMyRDUmuEN6dXaToYk1aziNznCyaBlbZ7THNmCdTmOXNX7AgZixmnKbb + h9ZT5Tq8RQGk6F1FpAiBmEN9Os9M5e+EfDHG7VeQLwfAD6K0FK4HuJfM+T7gbjHo1jRYGjpaj6n/ + ydtq1rX9tRG/GnKi0nAoUiHPS18wL8C3XCuyjH0A37nejfZeE3H0auJ4K9Uv4/iFP/87JLEUeWYm + 3xPGI6ROtWlPWa4S7E0GnqejQ/OcAmF8YQwYfEUEf9sQ7MIQBUZZ4nXIJ6PuC28Vz1ZAbmu1jAck + i4Nex+04jybQGOdUhDRNhNLBwBk49qw8Oyl8sv3ewR1KkdtLCHPDXuSzeNjTokEYh4woxyHDuyM2 + uXWVJn/mVGqQZMhjLMU5xrdBFOoDtltIn1/8Tg5zLHpyGVLeIGVGVvvAuSsj+fhILnEKL/zE96Pr + YfG4KR9VgsnfAAAA///sWN9v2zYQ/lcOCBDInk3V8q/FgR+KOA8d1qJIur3UBazIjC1UlhRRcjK0 + /d/3HUVRUmx3a7unoU5gS3c88vTd8e6jcGM4C1++C3PsfzbVyYQrTERcS+kzvcccfQ97vj+YvPjV + 015wcsb7tYhxcBGbZO/uiyhGuuaoJW57/Aee4mJkzYJHKXZhnkmRZBsX+9nnNA/BvbkOuBcjsc13 + EVulG3zpOPEUHj43cpfkEo+xlnT9hHCwDfXJebvp0XmUX5InBgPhEZ1v8ss5DcULGGvFUKBAUKUY + 1YqRGItpJR/X8rHAXJV8Usv5clzL2TsjH4hJLfdqudccP6zlQzGs5aNaPqofYFqvy5cNuV2XL73O + idwwmex6wwkj+irm0/he9jj4+gTTo5tQfaSXQSBT3knHAj/9xsCb8f9V4H8G/buDPvrXQUeprMrG + rKsTgGXUXRSSFqixEP6G3kPeRY/Qe8fUrt/V33YgbAHX90Pxc+f+YBAnqOzdhWYCtAAVICZIiMc/ + 2pGDr86xyH41rtRFt4D8PX7637F/sSAKgZ7gxxpHO7W6t0mRBRLpFckut/A+Ou0uVJJxTTeNgYua + aHRBCOyyyD1lWrgIE9df70MFsoJzxNjzwEHuGWJsh4qTMhtZpZsVzscx/IvJp6xM44DTWNo05meQ + mX8XRtx1862fUxJgIUWPW8knalkZMmp3vpKUZPSAs95fpFIZ8KZUmD3I/Ht2AFyt2MXE9EzojQbu + nkkCeaf8MalMAlKBjH2chpjUYKkw2BKoAoh9FH6UoPb3WMWH22kahYF+W2vIU+VwJIEPtiyfDZqj + ykeDT0Ws/HtUDj4K9FXBQ+CfeojMcgYZRTsfxmEC7tBwXoll7B3ODqMYSCt2Bu7h2JyBT2Jeiw7z + OeuDb5DKZF5kMXIbV6qIcka34QPGHXVCMIBnZzjVJIgn/q+SmOveMl6tVsuYj5Q5faIrPBl40Rea + E7++DjPpnJ89eVOkVvnbqcYG5cg5xfLRmDms1FfCPBxLKgOGa06r2+vfr6/e0YBe3tL5Q5Hkl0t8 + ysndbinBJjym7rpL7Mtf+FFVEkkRJRsH2R/gcCdkvO98YG9AsmESu25pvdIOlE5pAB340SNHZlmP + EezQnHcOfcLM5pkw15od/9Ix4NCfNlHoNWgt8oV4qzXl1auvWauMg0ueKOTQnCrl1uigmFvNQTlv + aJ4V9IbmWUlvaJ4V9YbmWVm3moPC3tC0SztweqtfEq0rkGZmpAHJoIL5GnAxRgYTXqgJF2NkQDGq + Ci7GyILS0FQtr0KlpWKQLCotDYNkUWlpGCSLSkvDIFlUGpoSJItKS1OC1Egm4LVFJnFK9ksGODss + 9HyamfEXuhPumMYoGKXFHba/6QGvQ302NC2gaw87nngSTzP6Q79I4AJkin0VElTMCJpMNI2Gp4zK + aB21GZ2yKcN41GZ8yqYM8FGbySmbMiLWhhx6wx1Idyfb4XQS9MqI93TZLUPMrcaPVEJpmcCCmEfY + RaenFtUh/fqiJiHQpQ4WMLF7tUvBWDlubxIK9Q0hBfbhWq7rNo+BNyBFmUQ1V9/S541pmvChnGmK + 4693Ydwhp/N5BxqSJzNLPY7y2f8Dl/0bAAD//0KI07Uta0JmW9YE1JY1GQRtWXL7wsjpltZtWUP0 + tiwAAAD//+ya32qDMBTGX2UUehkXNdVaKF0LG90r9O6YxHW0VfEPe/3lGBu6rNlGr8oIeCEmxxyP + 5vjB9/Na1mtZr2W9lvVa1mtZr2X/jZYNTegvWvY7AzAz8Irt7Lo8vpBdenxdA/wwAA4IKNhTDdVi + DTCDclgD1BVBXQY7NQb7uTyuiS6uhJpkvhjVtmsJXQd8j56c9kTb/nQCNGsnVx1FLDVyGVVzo52L + 6mQFnCNN8iqWaaiULJ3Ga5nMkzxhQGgRpYQVMCNZllIikkLItMiZjNFSNpFqWR27+GOkxO9lLYTK + pcWcoamO4ukiZV4hGvgz6Ta8DBm8NXoaxpxpq7iIRZRLAUk6BxlDJgpg2ZznkGScheFKLIe7qGed + Ri/q0HHkBOVoihKiL7VB35IPVTISBei2BrpbYk1JDdBiSVX8oObVvlSn2w1hQV0iJ2JTc/efsY3d + 3X/GNrZ37xmrFiY0XTUCEtvh43/YHKE8yLLdv9fD1kIXTSNdugvuEJxYTJ77pqrl4061IY7w0bgH + kR1Vo2an4zIjSnudr2Cu3stcYBZzwYnM9Pdm/DmM7egTAAD//xotjgZTwhstjujh4tHiCFdxhF5q + wNt48CYR0OnpkCxYDVoTD2UbAC3ML0mELvVHNwVnYw5nMYazlWeEvaDEtbrSAFezFlQqYJUwgHsZ + TcIYlw5jeLsxNa8ssyg/D9I2hAillEL3mUC4RIVefi7EhGoYE1o7kFFaI22R0YeZq6OUm1gRBBll + QrEbvP6wqMSxBOKOMmDnhtwVkxiLoyGGwQ0F2pWRWByWD167CVu/DFqenZMP6kIgOQTVtUYozoVq + AAdPbW0tAAAA//8DAJUrt8bWNAAA + headers: + Atl-Request-Id: + - 223d084c-51be-4326-a31f-146c1e56d80b + Atl-Traceid: + - 223d084c51be4326a31f146c1e56d80b + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:58 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=276,atl-edge-internal;dur=14,atl-edge-upstream;dur=262,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 32c867dd78416ce946b467eed9771617 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: !!binary | + H4sIAAAAAAAAA+xW32/TMBD+V6o8V0vbVWOqhBBiIE2gCWndXtCETHJZb3PsYDttyrT/nXPixO5a + RjpgvCxP9vl+fOf77uK7CKqCiTSaRYWSN5AYHQ39cvblziug1iWYdQFWRQPPSLYwptCzOE4hI4NU + 3sgDZjjTGpk4EGBiBdrErMB4Ejuv8XhEH7lA67Td3MKadmfz9+dz2gmWA20vBBpDDmxAtmSGqQvF + CdVdND2upsd7xi8FLkFpxr82vuIlwiq2CXXQ3MF4NB29opiTaTWZ/tsobzT+gNc6Z5xTwPFRNT56 + joBVG/FwUh1OniNiDimWeXQ/DHlk+fUEJnUeai5NQi7ZTQo6UVgYlIKkbwd1rsNBitqgSMygQEhg + ILPBSqrbA2udSEHM2hPFI9fgAXYXcTg+3riIjuRzpm9pVwqjmNCcGUjPNk50+c3Y1SxjXMMwWiAo + ppLF+hMsgUCPhr5HMwSe2nZxC2oVXeY5U2u7VPC9RAWkaFRJnnSygJzZE4uVzLVRKK5tzLU2kFuJ + s77v8J47SduzrQYBY/oEMlZyc8l4CR1gWRBgWw1bcKq3ia5CGvRC5rUDcF7o4Z1a2WDeaDYIQ9te + GK9o3HAuV5DWSi88fYSNjeEp5VXb7qDnva12wRQIs1lq52F3rTmKOlxba+fAF/pzI2iL7M57Vrhj + YSLzQgqyrHvl99iYUsxyHQkVmXj7EGvg1ON954Ut5kCvL26WpjYS2HgKcrmEaAdbbWYb7OqT2nbz + hy58IieBtM0k1OybSlsC98/oNQZa3ZAYThQwo1Ny1Oj2ewDbvtQnjYA/e/Q4azvNPjbDVmZmRUy3 + F4B5wZHmvC/pyxvpbwb8f2+kemJmWF2Sh4aUffr34Wiy8Zt+7Hol9On75QNWA6fsZ1Oouk/jDN2I + enw4FQqlQvPgVfKrzDrtjbZ3srDvO7W28TvBVgLNgNnGvwPwExu/iR2PbUn6/7gxZ9egY2uhWydI + ggVeL8j7TwAAAP//vJfBboMwDIZfpeqht8K6tpdJqNph0iax087VBNQCNgqMkHU99N0XxwmE0mms + QTvWjZMvtnF+O+wTW7S68SMZ8QTZV0Qw7GClRhkHtk+qMW+tMZfjYNL31gV91rJHoi6tUVfjoIqK + 7HL6xUFDrqwh16NB9krUlzaNup6etihNzC/RDv0/SwH1Imd1sZfT1at4xherYR0syLEJkfNUCj+n + PH6lzIkrgDwpStGHnLe0Cu7iZA5lGs2V/iUXktfitLbZPYhFE58WKTXZQ7vQ9n7s29iVsyAE0g4D + bnT22vTVo9qtRfbJoHnV/6Lf8rpAdZxBDQPT2FTCwrlxaSOX8Viktt58cKiO3uDLX1LUgjmo6yBK + 9oOHlvN4GP5GTAxrG5d7cynFpuM97B50g6goj+14jUV0ZT4Nf4PfsBp5Fb9hN5GTd5vezgY2KVZz + tCsK/h2qTcQrnPSUyH/aeTOWFIcXHuKASkOhh4+7aWZkUa4SVOhpL+dZNruqXJowI3Ccg2xjvweZ + M6g65aC9jWLQpqYUWoNdFPFwl3YLwgxcBjimb5Qc9eQY8tdoUOdAwbo9fQMAAP//AwBWYTYNTBYA + AA== + headers: + Atl-Request-Id: + - be450fa0-0eeb-45db-958a-03f109475237 + Atl-Traceid: + - be450fa00eeb45db958a03f109475237 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:58 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=324,atl-edge-internal;dur=14,atl-edge-upstream;dur=311,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - fbbcd21ccba276b7623197277afd8f11 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of + Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/359] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || + CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] + | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236] | Active, + Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] + | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/234] | Active, + Verified |\n\n*Severity:* High\n\n *Due Date:* Jan. 29, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect + Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* High\n *Due + Date:* Jan. 29, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, + < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < + 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= + 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 + < 7.1.2)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Jan. 29, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n"}, "update": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '7127' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15998 + response: + body: + string: '' + headers: + Atl-Request-Id: + - dfd58689-708c-4c7a-8d83-19364b77ba67 + Atl-Traceid: + - dfd58689708c4c7a8d8319364b77ba67 + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:59 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=492,atl-edge-internal;dur=12,atl-edge-upstream;dur=480,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - f40cb7de7bfd57e0ba1cb075229c002e + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15998 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXbVPjNhD+Kxp/TEP8kheMZzodBsIdLaU0BPjAMRnF3tg6HMknySHpwX/vyi8J + hJgWOr1hBtuS9kW7zz67+W7BMqM8sgJLAo9AQnTCII1Um9M5qLYKE5jTtshAUs0EV22ImJ6Dpu0w + oTyGVMTtBUiFexCNIJOggOvqbJgrLeYzo3DiOo7rdCR8y0Hp8SqDC0lDzUKw2hYz9t3+wYGPHwrS + GX4mWmcqsO0IZhDqSHwVHapTqhSjvMNB22hJ2zRjtmczpXKwawX3sEL58/Hwcrzn9v0BLhUuKCv4 + bin0LVch1RALuSrvEOEXSniO19tzvb2uM3b9wO0FvUGn1/N/Qr8d46QxotHxQs0HnTTyNupzvPW1 + q48IVChZZgKHq4dEzWmatknElGY81CRjEAIRM/Ig5H3HSIeCX8n0nV7knJl00XRCF1RTaS8YPNiF + WxsHqy3X6br+L4r9BT/PMe35HK0aWKDJMVX3Jlf5VJu3YEZTBW2rFDzFexWybSthCBwZJqszWAD6 + 6jy1Lc0QWRmixAp4jne0tmDSdeqNTIqveKMPBrySLsJdJLAOt/l4BpLNra440xoVKGtt2yD1t+Ks + EjP9QKXBq2LzLGXocLR1c8xHgbKev+z573T3jczUN1nnpefsoxteb+n1/l8rZfYLLKJBd7B0Bz/C + 4LK22PWWXe9HWKwA/vT0Go5uE069po1uvTFjy+uSHBEWt3cIkziWECPf/GMR9OsNvJlI85IXPlQH + GwW7S+El89wgvZCEKjIF4CQUiHTQEBHBiU6YIgVLGP6pauYYid/aEbVB08X2Gza8xg2/aePgdYze + 4vLumssNhxYNzQr2XPykGvtc2R/eH9+y+2z6jV2qk4ZFitcjkZs8u6aH3JgFxmMr0DKHp6qtGG2S + hXWSt9eMZ3hUJSJPo2OmspSuKubBZXRLXyPEDRtVcZKAYTA5fhWHbq+z77t1HLYDumbe7Y2mGvDW + NZBJJiTTqw8GsRa3i8b471sbm9MYlG0kVK2E4ULC4qSjFvEGqJ9xpYa+twOxXreuiUkraE3c8r87 + GAwmrceWOeF4z3ZM+FI6BUP4prK3Z50m/LtNMHd9EzqsvGHGwjPG70/MzjFkZi7jYZ3wAgYPxd56 + hQs+xLGMTlMYAVUliGT1Zl2cXX06PZ+cnR4Nzy+Hk+Fo9McInUf+URg7PDBOgFxgZ+OaGLtY4ljt + 6YogS7LUKCVakF+ZpORCwhxpkuQK4d3ZxZYu1qTlPDLHyaJpYJXdHtOMeTKFWd78BQtixmLGabp9 + qJoqq/AWJZGidzWRIgRiDuvTeWYqfyfk+35nf+DVkC8HwA+itBReD3AvmfN9wN1i0K1psDR0VI2p + /8nbeta1u5WRbj39RKXhUKRCnpe+YF6Ab7lWZBn7AL5zvRvt/Sbi6K+J461Uv4zjF/7875DEUuSZ + mXxPGI+QOtWmPWW5SrA3GXiejg7NcwqE8YUxYPAVEfxtQ7ALQxQYZYnXIZ+Mui+8VTxbAbldq2U8 + IFkc9Dtux3k0gcY4pyKkaSKUDnzHd+xZeXZS+GR3+wd3KEVuLyHMDXuRz+JhT4sGYZw+ohynD++O + 2OTWVZr8mVOpQZIhj7EU5xjfBlFYH7DdQvr84ndymGPRk8uQ8gYpM8vaB85dGcnHR3KJU3jhJ74f + XQ+Lx035qBNM/gYAAP//7FjbbttGEP2VAQwYFCstI+oWy9CDYfmhRRMEcZqXKIBoai0R5UXmRXaQ + 5N97ZrlckpaYIknfGtmQyJmd3eGZ2ZmzxI3mLHz5Lsix/9lUJROuMBFxLaUv9AFzDFzs+cFw+uKl + q7zg5IwPGxHj4CK2ycE5FGGMdM1RS5z2+I88xcXYmPmPUkRBnkqRpFsH+9njNA9AyrkOOBdjscuj + kK32W3ypOPEULj5vZZTkEo+xkXTzhHCwDQ3IerPt03mYX5IrhkPhEp1v88sFjcQLGCvFSIAbUKUY + 14qxmIhZJZ/U8onAXJV8Wsv5clLL2TstH4ppLXdrudscP6rlIzGq5eNaPq4fYFavy5cNuVmXL91e + R27oTHbc0ZQRvQLROMg+h14dbOhUnGffGWc9/r+K868Y/3CMx10xRiGsisLcVvFmGdnLQtISFRTC + P9BZyL3oEzrrhNrVufrbDYUpz+p+JH7ty5+M2RR1216qPk9LNHpi+oN4/KsdWfjqnYrsN+NKNnoB + 5B/wM/iB7YoFse/VBD/XFtqpZd8mRepLpFcobW7QA/TRKMgk47rfNgYuaxpho92bZZF7mW7QIkgc + b3MIMlARnBImrguGcc8QYztUjJO5xnq/XeP0G8O/mDxKyzT2OY2lSWN+Bpl6d0HIPTXfeTklPhbK + 6HEn+bwsK0NG7c7LJCUpPeBs94lw+Pd5F2aY3U+9e3YATKyIYmLyJdRGAzNPJYGaU/6YVCY+Zb6M + PZx1mLJgqcDfEYgAaHsY/C1B3O+xige39/sw8NW7WE2NKodDCXywZZn5N0eVjwafijjz7lEqmOgP + soKHwL/sIdTLaWQyijwYBwmYQcP5TKxi93h2GMVAOmNn4B4OxSnYIuY16DBbMz54GqlU5kUaI7dx + lRVhzug2fMC4k04IBvDsDGeWBPHE/3US+3Kfr+L1er2K+cCY02e6xpOB9XylBfHL6SCV1vnZkztD + apW/vWqsX45cUCwftZnFSnUl9MOxpDJguBa0vr358+b6HQ3p6pbOH4okv1zhU07u2KUEm/CU2nZW + 2Je/8aNmSShFmGwtZL+Po5uQ8aH3kb0BhYZJ7Dil9Vo5UDqlALTgR58smaZ9RrBHC9459Bkz62fC + XBt2/GtPg0PvTaLQK5BW5AvxVmvKqxdb81YZB1PsKOTQdJVyY3RUzI3mqJw3NM8KekPzrKQ3NM+K + ekPzrKwbzVFhb2japR04vVGvgDYVSHM9UoOkUcF8DbgYI40JL9SEizHSoGhVBRdjZEBpaKqWV6HS + UjFIBpWWhkEyqLQ0DJJBpaVhkAwqDU0JkkGlpSlBaiQT8NohkzglByXhmx8Xej6rzPkL3Ql3Vz7v + AyRmcYftr3vAq0Cd/HQLsM1RxhVP4mlOf6nXBFyAdLGvQoKKGUKTiqbRqMuojNZJm3GXTRnGkzaT + LpsywCdtpl02ZUSMDVn0mjuQ6k6mw6kk6JcR76uyW4aYW40XZgntywQWxDzCLDrrWlSF9NuL6oRA + lzpaQMfu92jv+TnH7XVCgbohpMAh2MhN3eYx8C1IUSpRzbPv6fPadJ/wkZtpiuVtoiDukdX7EoGG + 5MncUI+TfPb/wWX/AQAA//+iSVvWhMy2rAmoLWsyCNqy5HZ9kdMtrduyhqS3ZQEAAAD//+ya326C + MBTGX2Ux8bKsQAUxMU6TLe4VvDu0ZS7Kn4Bmr78eio12djO74qIJF4T20MOBHr7k+3kt67Ws17Je + y95os+vW7rXspV5ey3otOw4tG5rQP7TsT4d/ZtAU27d1OXghu3bwTi3wQ48vIJBgTzXMijXADKhh + DVBXBHXZ59TY55fyuCa6qBFqkrmxoW1PEk4n4Ht03LTj2Z3LEtCKndz1C7HUSF3U7T/NWlQnK+Ac + WZF3sUxDpWTpNF7LZJ7kCQNCiyglrIAZybKUEpEUQqZFzmSMhrGJVMvq2MWDkRK/l7UQKpcOc4a2 + PoqXq5R5jeDf74Bb/zJk8NHqaRhzgaziIhZRLgUk6RxkDJkogGVznkOScRaGK7Hs76KedRq9qUPH + kRKqwfIkRF/qgnNHvlTJSBSglxrobok1JQ1AhyVV8b2aV/tSnW43hAVNhRSIDcuNP2Obtht/xjat + N/aMVQsTmqYa8Idt//E/bY5QHWTV7T+bfmuhbaaBLd0Fd4hFLCav57Zu5PNOtSGOaNGwBxEZVaNm + p+MyAyh7n55grt7LXNgVc6GHzPT3dvg5PNyOvgEAAP//Gi2O6JfwRosjerh4tDjCVRyhlxrwNh68 + SQR0ejokC1aDlsJD2QZAC/NLEqEL+dFNwdmYw1mM4WzlGWEvKHGtnTTA1awFlQpYJQzgXkaTMMal + wxjebkzNK8ssys+DtA0hQiml0F0kEC5RoZefCzGhGsaE1g5klNZIG2D0YebqKOUmVgRBRplQ7Aav + LiwqcSyBuKMM2Lkhdz0kxtJniGFwQ4F2ZSQWh+WDV2bC1iuDFl/n5IO6EEgOQXWtEYpzoRrAwVNb + WwsAAAD//wMAzWom3LQ0AAA= + headers: + Atl-Request-Id: + - 9c9bae35-b5aa-4b3e-9b14-87b4ee36ee1a + Atl-Traceid: + - 9c9bae35b5aa4b3e9b1487b4ee36ee1a + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:59 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=308,atl-edge-internal;dur=13,atl-edge-upstream;dur=296,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 22c45948487604bfa7d071f4832d1232 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"transition": {"id": 11}, "fields": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '40' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1586/transitions + response: + body: + string: '' + headers: + Atl-Request-Id: + - 22d84caf-4a46-4fbe-9c10-e81082a40025 + Atl-Traceid: + - 22d84caf4a464fbe9c10e81082a40025 + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - text/html;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:14:59 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=478,atl-edge-internal;dur=13,atl-edge-upstream;dur=466,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 967e81429bbf103363f138980212d647 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA5yQUUvDMBSF/0teXbubpO26vMkEp+gU2r0oImlzi9U0KU06GGP/3RSH7lF9u9zz + nXsO90Aq6XA7aCLIm/e9E/O5wgZrr+y7jaXX0rlWmtigJzOiWtdruf8HX+Cwa2tU6D7WqPsVGo/D + X4+srGn0iKbG3zl3OLjWmgBTABpDDFGxuXws1g/lj7oZuypMRDxP0Axm8BIysdd234WW5b6f0lba + jiqYqrHV6stCRDCwxeK0vJJ+AhmwJKIsosuSMsGpoDwGgAsIcPC78AccyrY7ZzmUNBc0FQAx59k3 + W3c3prEBhCSFhLNM8qrK03xJ0yVVKeN1zXJUGZXYSJlk1VmA11PCbTvI6YVBH7W/s7Wc1geiTxNB + 87otyPG82JM1k3J9X5LjJwAAAP//AwCoblEmIAIAAA== + headers: + Atl-Request-Id: + - 9facadc4-fc8c-4439-b64f-6cadf7039b8c + Atl-Traceid: + - 9facadc4fc8c4439b64f6cadf7039b8c + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:15:00 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=146,atl-edge-internal;dur=13,atl-edge-upstream;dur=132,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - dbec04d655bf23136bdf7b1561dc0bbb + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15999 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXbVPjNhD+Kxp/zIX4LYHEM50OA+GOllIaAnzgmIywN7bAkXySHJIe/Pdb+SWB + ENNCpzfMYFvSvmj32Wc33y1YZJRHVmBJ4BFIiI4YpJFqczoD1VZhAjPaFhlIqpngqg0R0zPQtB0m + lMeQirg9B6lwD6IRZBIUcF2dDXOlxWxqFE5cx3GdjoRvOSg9XmZwJmmoWQhW22LGvtsbDAb4oSCd + 4meidaYC245gCqGOxJ3oUJ1SpRjlHQ7aRkvaphmzPZsplYNdK7iHJcqfjofn4x2319/DpcIFZQXf + LYW+5SqkGmIhl+UdIvxCCc/xujuut+M7Y7cfuN2gO+h4fe8T+u0YJ40RjY4Xaj7opJG3UZ/jra5d + fUSgQskyEzhc3SdqRtO0TSKmNOOhJhmDEIiYkgch7ztGOhT8Qqbv9CLnzKSLphM6p5pKe87gwS7c + WjtYbbmO7/Z/Vexv+GWGac9naNXAAk2Oqbo3ucpvtXkLpjRV0LZKwWO8VyHbthKGwJFhsjyBOaCv + zlPb0gyRlSFKrIDneEdrAya+U29kUtzhjT4Y8Eq6CHeRwDrc5uMZSNa3uuBMa1SgrJVtg9Tfi7NK + TPUDlQavis2ylKHD0cbNMR8Fyrr9Rbf/TnffyEx9k1Veuo5BtdddeN3/10qZ/QKLaNDdXbi7P8Pg + orboewvf+xkWK4A/Pb2Go9uEU69pw683pmxxWZIjwuL6BmESxxJi5Jt/LIJevYE3E2le8sKH6mCt + YHspvGSeK6QXklBFbgE4CQUiHTRERHCiE6ZIwRKGf6qaOUTit7ZEbbfpYnsNG17jRr9pY/A6Rm9x + ea9fc7nh0KKhWcGOi59UY58r+8P741t2n3W/sUt10rBI8XogcpNn1/SQK7PAeGwFWubwVLUVo02y + sE7y5prxDI+qRORpdMhUltJlxTy4jG7pS4S4YaMqThIwDCbHr+Lg73U8z6/jsBnQFfNubjTVgLeq + gUwyIZlefjCItbhdNMZ/39rYjMagbCOhaiUMFxIWJx01j9dA/YIrNfS9LYj1/LomJq2gNXHL/57T + G0xajy1zwvGe7ZjwpfQWDOGbyt6cdZrw7zbB3O2b0GHlDTMWnjB+f2R2DiEzcxkP64QXMHgo9lYr + XPAhjmX0NoURUFWCSFZv1tnJxefj08nJ8cHw9Hw4GY5Gf47QeeQfhbHDA+MEyBl2Nq6JsYsljtWe + LgmyJEuNUqIF+Y1JSs4kzJAmSa4Q3p1tbOliTVrOI3OcLLoLrLLbY5oxT6Ywy5u/YEHMWMw4TTcP + VVNlFd6iJFL0riZShEDMYXU6z0zlb4X8yzGuHAA/iNJSeDXAvWTO9wF3g0E3psHS0EE1pv4nb+tZ + 1/YrI349/USl4VCkQp6WvmBegG+4VmQZ+wC+c70d7b0m4uitiOOtVL+M41f+/G+fxFLkmZl8jxiP + kDrVuj1luUqwNxl4Ho/2zfMWCONzY8DgKyL424ZgF4YoMMoSr0M+G3Vfeat4tgJyvVLLeECmGL8k + cDp+x3k0scZQpyKkaSKUDvpO37Gn5fFJ4Zbt7zo3KEiuzyHMDYGRL+JhR4sGYRxAohwHEO+G2OTa + VZr8lVOpQZIhj7EaZxjiBlFYHbDdQvr07A+yn2Pdk/OQ8gYpM87aA+emDObjIznHQbzwE98PLofF + 46p8lDn+AQAA///sWW1P2zAQ/isWEqitmrRN05YWIQbqEEximmDbB9Ak3NhpI9IkyhuTxo/fc44b + 2kDYxrSpHxBVm+R89uXu8XN3BiyAG1220OVnLwUFkKrCE64wESM6ZQ/sBnMYFljN6A17vbGygvAZ + 5MIM0LuY8zDv5JkfALEp6KSzOf4bTWF3C1+TnnMvzaWXxtIM43kHe5oT1D0U5sQFHQw1F+nSJz0V + KvyqYNE8l3Ke+Ryu/E5tqDJ/KgOP+wSeKxnn6DaZwRqnpNhme356AOWBaTVrnKdD3bH6A1rwPKCO + NZdt8o4q/9vs0kvu2LHjyIjQ9kBObq1cPGkpL9Ez1ppmkk0BSTz8gK3KrHGbgaoGbBPuq79Fzyzx + ru775j9+QRg+VaTCpmAVRlwLW3+pxxr4aj731i++M2sBdXh+gx/jVQDAksCSmuLvILjp+NZVmMVw + 46nnS7CDLFy9N08PFN7WBk4fWasFdimXDUFnmgxML+xwkXsJmA9FycAagtBccjLAskpwFLxbNfkt + QxZmZCq6Zp13Yx1zbQjFXJQxT3TM7xdEhhzzBXOGtsKBHAnciblLK1G6BklFWWrC818f578AG/lS + s96maNW3TNZghBGfVG0rVmJI4ZnDUrw2AUYuoI2HgKTao5OqM9trDxKUOTWCOJcG5TLPeTqwkLo8 + p9S7FiUitQl9EbhwS1s0gTlRNvM9R0fwwlNpQgfwiyohyOc6MsVbsTBmPgSxWUb+fBmBCUjnY8g8 + dcPA7LknpNjA0iU2FOoqLP0nCNGqUUiJgQDe4GLpBU3WaD4sAeA0nAC0T8v3Qdl3VouyuvTcs+sE + ZftJeTuNuXOnmhZqQypD7bILqwi65RxVQV1t3C1r45V76gbWtYTd0piNGrNacPA05c6CcmlRziTZ + csmpztqpKwbI29RVhfErizHag0fccagXPBeHI3QWVne3fyyH+8PZ0OZG17VGhu3ygTEej7qGGLpC + jtyZLftUEJaaWLbQnfympiTIHAtB+4ls5nHoi3drJqO2owVePMBS8ZDmPC6Gkc7qEKXv9oU1k4IP + R/tc9vlYuNwe7zszPhw7dq93JA7VLHjXXesUn0LPWPJA1zOGUTxKzCwx7uEywzKpUDKLzUo+NSLO + E3Ip9FUuQOODy7MTwzajgLq86mHY9ltcPU3bfourp3HbbjHIShSnJbq9OVPgZyc+D+5kkCy8SG0t + KuqKA5mC766p7ZnsvM/iMJKdazCRQ0cHeg/SkTCk5U6nZfRB+PPdkV1Hv3bdsYpdd7RolxQf6/zw + RkdbCLw3OvofFr/RUR0dVVmjLPPKqgimz4st+IP+1aWvu1jwJwAAAP//yi9JhE7UoZuCsz2HsxjD + 2dAzwl5Q4hobNcDVsgWVClglDHC1bI1x6TCGNx1T88oyi/LzIM1DiFBKKXSWGMIlKvTycyEmVMOY + 0NqBjNIaaYJbH2aujlJuYkVQanFpDshgJLvBo4dFJY4lEHeU5ZfgntoAAAAA//8iyl6kqQ2IYXBD + gXZlJBaH5YNHXmHzEaDJlZx8UGcBySGorjVCcS5UAzh4amtrAQAAAP//AwCc83VzlCAAAA== + headers: + Atl-Request-Id: + - e3bb06ac-c4f0-4fcf-82a2-81911bd2d467 + Atl-Traceid: + - e3bb06acc4f04fcf82a281911bd2d467 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:15:00 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=419,atl-edge-internal;dur=16,atl-edge-upstream;dur=406,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 1782fefd462c82d65f3aa2654e8f4e04 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: !!binary | + H4sIAAAAAAAAA+xW32/TMBD+V6o8V0vbVWOqhBBiIE2gCWndXtCETHJZb3PsYDttyrT/nXPixO5a + RjpgvCxP9vl+fOf77uK7CKqCiTSaRYWSN5AYHQ39cvblziug1iWYdQFWRQPPSLYwptCzOE4hI4NU + 3sgDZjjTGpk4EGBiBdrErMB4Ejuv8XhEH7lA67Td3MKadmfz9+dz2gmWA20vBBpDDmxAtmSGqQvF + CdVdND2upsd7xi8FLkFpxr82vuIlwiq2CXXQ3MF4NB29opiTaTWZ/tsobzT+gNc6Z5xTwPFRNT56 + joBVG/FwUh1OniNiDimWeXQ/DHlk+fUEJnUeai5NQi7ZTQo6UVgYlIKkbwd1rsNBitqgSMygQEhg + ILPBSqrbA2udSEHM2hPFI9fgAXYXcTg+3riIjuRzpm9pVwqjmNCcGUjPNk50+c3Y1SxjXMMwWiAo + ppLF+hMsgUCPhr5HMwSe2nZxC2oVXeY5U2u7VPC9RAWkaFRJnnSygJzZE4uVzLVRKK5tzLU2kFuJ + s77v8J47SduzrQYBY/oEMlZyc8l4CR1gWRBgWw1bcKq3ia5CGvRC5rUDcF7o4Z1a2WDeaDYIQ9te + GK9o3HAuV5DWSi88fYSNjeEp5VXb7qDnva12wRQIs1lq52F3rTmKOlxba+fAF/pzI2iL7M57Vrhj + YSLzQgqyrHvl99iYUsxyHQkVmXj7EGvg1ON954Ut5kCvL26WpjYS2HgKcrmEaAdbbWYb7OqT2nbz + hy58IieBtM0k1OybSlsC98/oNQZa3ZAYThQwo1Ny1Oj2ewDbvtQnjYA/e/Q4azvNPjbDVmZmRUy3 + F4B5wZHmvC/pyxvpbwb8f2+kemJmWF2Sh4aUffr34Wiy8Zt+7Hol9On75QNWA6fsZ1Oouk/jDN2I + enw4FQqlQvPgVfKrzDrtjbZ3srDvO7W28TvBVgLNgNnGvwPwExu/iR2PbUn6/7gxZ9egY2uhWydI + ggVeL8j7TwAAAP//vJfBboMwDIZfpeqht8K6tpdJqNph0iax087VBNQCNgqMkHU99N0XxwmE0mms + QTvWjZMvtnF+O+wTW7S68SMZ8QTZV0Qw7GClRhkHtk+qMW+tMZfjYNL31gV91rJHoi6tUVfjoIqK + 7HL6xUFDrqwh16NB9krUlzaNup6etihNzC/RDv0/SwH1Imd1sZfT1at4xherYR0syLEJkfNUCj+n + PH6lzIkrgDwpStGHnLe0Cu7iZA5lGs2V/iUXktfitLbZPYhFE58WKTXZQ7vQ9n7s29iVsyAE0g4D + bnT22vTVo9qtRfbJoHnV/6Lf8rpAdZxBDQPT2FTCwrlxaSOX8Viktt58cKiO3uDLX1LUgjmo6yBK + 9oOHlvN4GP5GTAxrG5d7cynFpuM97B50g6goj+14jUV0ZT4Nf4PfsBp5Fb9hN5GTd5vezgY2KVZz + tCsK/h2qTcQrnPSUyH/aeTOWFIcXHuKASkOhh4+7aWZkUa4SVOhpL+dZNruqXJowI3Ccg2xjvweZ + M6g65aC9jWLQpqYUWoNdFPFwl3YLwgxcBjimb5Qc9eQY8tdoUOdAwbo9fQMAAP//AwBWYTYNTBYA + AA== + headers: + Atl-Request-Id: + - d8240609-d239-4c20-a7e8-3138a2ec5faf + Atl-Traceid: + - d8240609d2394c20a7e83138a2ec5faf + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:15:01 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=317,atl-edge-internal;dur=20,atl-edge-upstream;dur=296,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 1179b936ce0f4566888dc0db568844fe + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: fresh:0.3.0", "description": "\n\n\n\n\n\n\nA group + of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: + [Findings in: fresh:0.3.0|http://localhost:8080/finding_group/360] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || + CWE || Component || Version || Title || Status ||\n| High | [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119] + | [400|https://cwe.mitre.org/data/definitions/400.html] | fresh | 0.3.0 | [Regular + Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/235] + | Active, Verified |\n\n*Severity:* High\n\n *Due Date:* Jan. 29, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [Regular Expression Denial of Service - (Fresh, < 0.5.2)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* High\n *Due + Date:* Jan. 29, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + \n*CVE:* [CVE-2017-16119|https://nvd.nist.gov/vuln/detail/CVE-2017-16119]\n\n\n\n\n\n\n*Source + File*: express>fresh\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/526\nAffected + versions of `fresh` are vulnerable to regular expression denial of service when + parsing specially crafted user input.\n Vulnerable Module: fresh\n Vulnerable + Versions: < 0.5.2\n Patched Version: >= 0.5.2\n Vulnerable Paths: \n - + 0.3.0:express>fresh,express>send>fresh,express>serve-static>send>fresh,serve-favicon>fresh\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.5.2 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/526\n\n\n*Reporter:* + [(admin) ()|mailto:]\n"}, "update": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '1958' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15999 + response: + body: + string: '' + headers: + Atl-Request-Id: + - 0d094af9-5a37-4ed0-925a-c545e2c309b4 + Atl-Traceid: + - 0d094af95a374ed0925ac545e2c309b4 + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:15:01 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=467,atl-edge-internal;dur=13,atl-edge-upstream;dur=454,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 016d6a20a9f48a227b662b139546e027 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15999 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXW1PrNhD+Kxo/0hDfkpB4ptNhIJxDSykNAR44TEbYG1vgSK4k59ID/70r3wIh + YQqdnmEG25L2ot1vv918t2CZUR5ZgSWBRyAhOmGQRqrF6QxUS4UJzGhLZCCpZoKrFkRMz0DTVphQ + HkMq4tYcpMI9iEaQSVDAdXU2zJUWs6lROHEdx3XaEv7KQenxKoMLSUPNQrBaFjP23e5gMMAPBekU + PxOtMxXYdgRTCHUkHkSb6pQqxShvc9A2WtI2zZjt2UypHOxawSOsUP58PLwc77vd/gEuFS4oK/hu + KfQtVyHVEAu5Ku8Q4RdKeI7X2Xe9fd8Zu/3A7QSdQdvrez+h345x0hjR6Hih5pNOGnkb9Tlec+3q + IwIVSpaZwOHqIVEzmqYtEjGlGQ81yRiEQMSULIR8bBvpUPArmX7Qi5wzky6aTuicairtOYOFXbi1 + drDach3f7f+i2N/w8wzTns/QqoEFmhxT9Whyld9r8xZMaaqgZZWCp3ivQrZlJQyBI8NkdQZzQF+d + 55alGSIrQ5RYAc/xjtYGTHyn3sikeMAbfTLglXQR7iKBdbjNxwuQrG91xZnWqEBZjW2D1N+Ks0pM + 9YJKg1fFZlnK0OFo4+aYjwJlnf6y0/+gu+9kpr5Jk5eOY1DtdZZe5/+1Uma/wCIadHtLt/cjDC5r + i7639L0fYbEC+PPzWzi6u3Dq1RtTtrwuORCzf3v39qRfn6RxLCFGvnlTBHgBkeZl+X8K7msF2xH/ + mmBukEVIQhW5B+AkFAho0BARwYlOmCIFGRiaqUrjGPnd2hKc7q7g9HZtHOzY8HZu9HdtDN4G7z0u + 7/ZrLjccWjQ0K9h3K2o3oZQsrDOwuWbqGu+vEpGn0TFTWUpXVfXj8oJq7JRlh/l46sr+te5YdqlO + Gh4qXo9EbpBSuHpjFhiPrUDL3NhGpfoaIW7YqIqTBAyDSf6bOPgHbc/z6zhsBrRh3s2NXTXgNTWQ + SSYk06tPhqAWt4vG+O9bG5vRGJRtJFSthOFCwuKkrebxGsFfcaWuCW8LlD2/LpbJXrA3ccv/ntMd + TPae9swJx3uxY8KX0nswhL+l5A1Pbo2Yuwvmbt+EDktymLHwjPHHE7NzDJmZy3hYg62A4KLYa1a4 + 4EMcy+h9CiOgqgSwrN6si7OrL6fnk7PTo+H55XAyHI3+GKHzyD8KY4cHxgmQC+xsXBNjF2sfaSBd + EWRJlhqlRAvyK5OUXEiYIU2SXCE429vY0sWatJwn5jhZ9BBYZbfHNGOeTGFuYUHMWMw4TTcPVVNl + Fd6iRFL0rvo2EIg5NKfzzFT+Fsh3A8dt93pODflyAPwkSkvhZoB7TakfA+4GtW5Mg6Who2pM/U/e + 1rOu7VdG/Hr6iUrDoUiFPC99wbwA33CtyDI2CHznejvauw1xvJfRTaGGVF7H8Rt/+XdIYinyzEy+ + J4xHSHxq3beyXCXYtAw8T0eH5nkPhPG5sWzwFRH8bUOwPUMUGGWJ1yZfjLpvfK947gXktlHLeECm + GL8kcNp+23kyscZQpyKkaSKUDvpO37Gn5fFJ4Zbt95w7FCS3lxDmhsDIV7HY12KHMA4gUY4DiHdH + bHLrKk3+zKnUIMmQx1iNMwzxDlFoDthuIX1+8Ts5zLHuyWVI+Q4pM87aA+euDObTE7nEQbzwE9+P + rofF46Z8lDn+BwAA///sWWFP2zAQ/SsWEqhUTZqmaUqLECvqEEximmDbB9Ak3NhpI9KkSpMwafz4 + vXPc0AbCNqZN/YBAbWL77PPd+d07FyiAF81n6PFzkAICSFTFE54wESM4ZQ/sBnMYNlDN6LidzkBp + QfEZ5cKMULuY0zhv51kYIWJTwEl7c/w3msKxCluTnHcvzXmQJtKMk2kbZ5pTqAcg5oQFbQw1Z+k8 + JDnlKnwrZ9E8l3KahRym/E5lqFJ/LKOAhxQ8VzLJUW0ygzVOSbDF9sL0EMI9096vMZ52ddvu9mjB + EYhALltkG0X+2QPZtLmy6LCpjEJtrDnOJBsjAtH4ASeT2YMWAzL12GZ0r/5mHbMMb/XeNf/xfqD4 + WGEIGwNEGEErdP2lHGvgY/+5Xb+4Z9ZEkKH9Bl/Gq/yNJRE6aoq/i7hNwzev4iyBGU+DUAIMZGHq + vWl6qMJrbeD4EaSaAJNy2Rjopc++GcRtLvJgCQQEB+nZLvDLJyMjWFb5jJx3qya/ZUi6jFRFkazT + bKJ9rhUhn4vS50vt8/sZYR/HfNGUoYrw0I987SXcp5UoOwOTFllqwvJfH+e/APiEUoPcZteqfhmu + hRFGfFJEVKy60QvLHJXdaxNg5AzSaERIqiM5rBqztdawBKup6UhyaVDqCrynA4ten+eUade8RBg2 + pA8KLryOPA/zDZEgJmHgaQ9eBCoraAd+UYyBbK49U+yKxQkL0ZGYpefP5wvupSTzMWaBemEA8jwQ + UmzE0iUOFGgUlv6TCNGii5jyAAV4g4t5EO2zxv7DHAGcxkME7VO23iuryioHq6PxHaeuoyzjKH+n + CffuVIVBFU9lqFVX8TllNVaVKKnwygp1A+uosVVXAVrlmjxNuTej7Kj54TrFrBKRZTafc6JVO3W5 + n6xNRVScvJJ70Rk85p5Hhdu5OOqjkLCt3e5IugfuxHW4Yfl233B83jMGg75lCNcXsu9PHNkl/ldK + YtlCdvibkpJCZiQEnSfSmSdxKN6tqQwqRwu8eF+lHCXNaVIMI5nVnUnX7wp7IgV3+wdcdvlA+NwZ + HHgT7g48p9M5FkdqFux11z7FfyFnzHmk6YthFE1LM1sa9zCZYZvEi8zisJJNjQXnSzIp5FUuQJ2D + x7MTwzEXERV11buv7de4enm2/RpXL9+2XWOAlSguZnQ1c6aCn52EPLqT0XIWLNTRIhZX3J4UeHdN + Vc5w532WxAvZvgZEeXRToM8g3QCjtzzptIy+936+GHLq4Nepu0VxyluURKeBN9TZwvh6Q53/ofEb + 6tShThU16vifU9K8kgVhT9PibP6gX7b0swVN4pTr3+X0LD8BAAD//4KbgquhZ4CrGDMwwl4e4hoK + NcDpAZwNQVwNWFA5glXCGKcEvOmYmleWWZSfB2k7QoRSSqGTwhAuMaFXll9CvfF/iGFwQ4E2ZSQW + h+WDBzhhUw7AfABxcjWMCa2OSHEAAAAA///CnEDXh5mro5SbWBGUWlyaAzIYybPg0cmiEscSiMdB + cyk5+aDOApI4qmYjFN1QDWDX1tbWAgAAAP//AwA5onNdgyAAAA== + headers: + Atl-Request-Id: + - 09d9194d-83fc-49bd-b86a-272d3bd346b9 + Atl-Traceid: + - 09d9194d83fc49bdb86a272d3bd346b9 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:15:02 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=277,atl-edge-internal;dur=15,atl-edge-upstream;dur=263,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 77c1891a23b947928007987fdef95e91 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"transition": {"id": 11}, "fields": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '40' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: POST + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-1587/transitions + response: + body: + string: '' + headers: + Atl-Request-Id: + - afa21323-e450-49b7-9876-8ebe8559accd + Atl-Traceid: + - afa21323e45049b798768ebe8559accd + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - text/html;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:15:02 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=541,atl-edge-internal;dur=30,atl-edge-upstream;dur=509,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - e4f12081485b44eea834b37eb209f502 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA5yQUUvDMBSF/0te3bqbpN26vMkEp+gU2r0oImlzi9U0KU06GGP/3QSH7lF9u9zz + nXsO90Aq6XA7aCLIm/e9E7OZwgZrr+y7TaTX0rlWmsSgJxOiWtdruf8HX+Cwa2tU6D7WqPsVGo/D + X4+srGn0iKbG3zl3OLjWmgBTAJpAAtNic/lYrB/KH3UzdlWYiHiO0AQm8BIysdd234WW5b6PaStt + RxVM1dhq9WUhIhjYYnFaXkkfQQYsnVI2pcuSMsGpoDwBgAsIcPC78AccyrY7ZzmUNBc0E8ATzug3 + W3c3prEBhDSDlLO55FWVZ/mSZkuqMsbrmuWo5lRiI2U6r84CvI4Jt+0g4wuDPmp/Z2sZ1weiTxNB + 87otyPG82JM1Ubm+L8nxEwAA//8DANXQk2ggAgAA + headers: + Atl-Request-Id: + - 43a75407-0257-45eb-849a-c81aa051c26a + Atl-Traceid: + - 43a75407025745eb849ac81aa051c26a + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:15:03 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=145,atl-edge-internal;dur=18,atl-edge-upstream;dur=125,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 30e02a574c7ae193b8c160f07c01cdc9 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15998 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXWXPbNhD+Kxg+dVKJlyRb4kyn4zpK4tR1XVlJHhyPByJXJGISYAFQR+P89+6S + ohQfSmt3GnvGxLUHdr/9sP7swKrkMnEiR4NMQEPySkCemI7kBZiOiTMoeEeVoLkVSpoOJMIWYHkn + zrhMIVdpZwHa4B4kEyg1GJB2czaujFXFnBReB74f+K6GPyswdrou4Vzz2IoYnI4jyH4wGI2GODGQ + z3GaWVuayPMSmENsE/VJudzm3BjBpSvBemjJerwUXugJYyrwWgU3sEb5s+n4YtoNBsMDXKpdME70 + 2THoW2VibiFVet3cIcEZSoR+2O8GYbfnT4NhFPSjwcg9GIx+RL99cpKMWHS8VvNMJ0neQ31+uL32 + ZpKAibUoKXC4esRMwfO8wxJhrJCxZaWAGJias6XSNy5Jx0q+0/kTvaikoHTx/JovuOXaWwhYerVb + Owc3W4HfC4Y/G/EX/FRg2qsCrRIs0OSUmxvKVTWzNIrmPDfQcRrBE7xXLdtxMoHA0XG2PoUFoK/+ + l45jBSKrRJQ4kazwjs49mPT8fRtBu1Fq9Qmv+sxMbKTrPNSZbfNAk6/Qs7vuOymsRQXG2domCP9a + nzVqbpdcE5CNKMpcoMPJvZBgomr49Yer/vCJ7n4jZe1Ntgnr+4foRthfhf3/10oDixqkaDA4WAUH + 38PgqrXYC1e98HtY3CD/y5eHcAz34bTXbszF6n1Djpj9yytEQ5pqSJFv/rEIBu0GXkDlVcMLjx89 + 2LdxuGcj3Lsx3LcxeuhOQ5vNKpFS/UI4UTfAKbf4cDSE+/T6bOh8R+Beo05T9dXDY1VR4AIi5Q+0 + IGTqRFZXgFlCpfY9JpZqsHGu1kf6tYibOH5+sEa+orDJVJUnL4Upc77e1DBlXgNelmjiwSPR67uH + w6B9JO6HbR+VhVsqu7+xBVWphdLCrp8ZxFbcq1+af/9WiIKnYDySMK0SgQuZSDPXLNIdKb7BlZY9 + Q+dhfYTbMsj5DIj/qALu9wT7wBvsw2gwpIhk3IxLEZ8KefOKdl5CSf2LjNus1blc1nvbFankGNsX + PsthAtw0SNCbkXN++u71ydn16cnx+OxifD2eTH6f4P2wTg2GBA9MM2DnSPTSMrLLhGFK5muGpCFy + UsqsYm+F5uxcQ4GswSqDqHUfI48AC8rxb4Xvl8kscppXEbOH4d9V1R22wESkQvL8/qFN97UJb43r + HL1rCQczm0rYnq5KKttHkXy33WkapWeCrxHePrB3e5un4XGHt194fIPtZgu5Vnlj63jT0f0nh9u2 + sKkZNBK2/YCEJVW3ypU+a7yZ5RV0U40ssWuKFHupmmSrosSGWNrHQT/YRwuDLS18K+N3w/lRfv17 + xFKtqpIaxVdCJkiMhmGtsBmAZGVlMkhqlJ5Mjug7AybkggwQzBKG/wowfLQgiUhZFrrsNan7KF/U + 3xcRu9yqFTJiZRoN3MD1bynYGOtcxTzPlLHR0B/63rw5e1375PUGoyuUYpcXEFfETeyNWnat2iOM + b3JS4ZscXjGPXQbGsj8qri1oNpYpVmSB8d0jCtsDXlBLn53/xo4qrH12EXO5R4o6PG/kXzWRvL1l + F9i01n7i+Pj9uP58aD5tgmmyeeJpOBUWaYBEa0DhCBUxYkp2yy5RRzfE0u8GB/4wrL0ggMpF4krs + 891ULbxFlUuErEVK8e6evyIVo/5WLF6CWwirwVU69bCsOUFdYKtKdOCN+m5mi5ykyhT/1HkiFSH+ + TKBQFvAaCbDxCtNBMqzLfjhP/wYAAP//7Fjfb9s2EP5XDggQyJpDz7JsYw78ECR92LAWw9LuZR5g + RWZibbLk6Eeaouv/vu9IiqJiq0WTPSYJHPmORx6/O9591JBO0+qcAjEei4Do9K46X9JE/AhjpZiI + mQipUYStIhRTMW/k01Y+FZirkc9aOT9OWzl7Z+RjMWvlQSsP3PGTVj4Rk1YetvKw3cC8XZcfHbld + lx+DQU9umEweBZMZI3oB0vAghxx6RffpWJzn3xlnM/7/ivNrjJ8d47AvxiiETVFY+CreLCP/qpZ0 + hQoK4S/oLhT8NCQ02Cl1q3Pzux0LW57V94l4PZcvjNkMddu/Ur0ebfjvnJgFIR7ftCMPH4Njkf1q + XMlHL4D8T/w7e8ZxxYI492qCl7WFbmr513ldxBLplUqfG/QZ+uguKSXjur9zBl61NMJHu7fLIvdK + 06BFko+izUNSgorgDjANAjCMW4YYx6Ehnsw11vu7NYHUwb+MIip0GsecxtKmMe9BFtFNknJPrbZR + RXmMhUr6uAU7qUCvjSGjdhOVkvKC7nFP+0S4K8d8CkvMHhfRLTsAOlbvMmL2JdRBA0EvJIGhU/Ux + b0xiKmOZRbjJMGXBUkm8JRABsPc0+UeCv99ilQhu7/dpEqtXl4YaNQ6nEvjgyPIFwB2ltwaf6qyM + blEqmO+flTUPgX/lfWqWM8iUtItgnORgBo7zpVhlweHsMMqAdMnOwD1ceQuwRcxr0WG2Zn2IDFKF + rOoiQ27jqazTitF1fMC4o04IBvDkBFeXHPHE32WexXJfrbL1er3K+DpY0We6xM7Aer7QkvhdblJI + 7/TkMZgjtfT/QTM21iOXBO5szDxWqidhNseSxoDhWtL6+s2vby7f05gurun0vs6r8xV+9OQjX0tw + CI+p/dEK5/IH3mqZp1LgtuAh+2Pc4ITMHgZ/sTeg0DDJRiNtvVYOaKcUgB78GJIni2LICA5oySeH + PmNmsyfMtWHHvwwMOPSHTRR6C9KKfCE+aq68eQ+06JRxMMWeQg5NXym3RgfF3GoOyrmjeVLQHc2T + ku5onhR1R/OkrFvNQWF3NN3SDpx+Uy94Ng1ICzPSgGRQwXwOXIyRwYQXcuFijAwoRtXAxRhZUBxN + 0/IaVDoqBsmi0tEwSBaVjoZBsqh0NAySRcXRaJAsKh2NBslJJuC1RSZxSp5pwrc4LPR8V1nwB7oT + vl3EfA6QmPUNjr/pAW8TdfMzLcC3V5lAPIrHBX1Qbwu4AJli34QEFTOFphCu0aTPSEfrqE3YZ6PD + eNRm2mejA3zUZtZnoyNibcijd9yBVHeyHU4lwVBHfKjKrg4xt5ooLXPa6wQWxDzCLjrvW1SF9OuL + moRAlzpYwMTu590+iiuO27ucEvWFkAIPyUZu2jaPgb+DFBUS1bz8nj5vTPc5X7mZpnjRZpdkA/IG + /+5AQ6p8YanHUT77ymWdA+wWvG9z2fCZXDZkLhu+jMv+BwAA//+iSluW3K4vcrqldVvWcLQtWwAA + AAD//+yaXWvCMBSG/8oYeJkubWNrB+IUNtxf8O40SefQftAP9veX09RgM7ONXRVW8EJMjj0em7cv + vM/sZWcvO3tZh6yPvNlI2Efe7FraZy97mdfsZWcvOw0v65vSH7zs1/x+aSJsO751JXg+u07w2hr4 + qYcTEC6wtxrEw1pgBrawFqirgrpSdGpS9Mt4XBtd5Ac1zYzSaDuThLYFfsTETSeeTZfngHHs/c28 + EEeNTEVZ/zGwRXeyAc6RBHkV69hXTpYuwq2MVlEaMSA0C2LCMliSJIkpEVEmZJylTIYY7ppKdVld + +/jLSon3y1YI1UuDPUNdnsXTVcu8RE7ue+yr/zOk91brbVhzQY/CLBRBKgVE8QpkCInIgCUrnkKU + cOb7G7Huv0X91kXwol66juRQDJEnIfqjxusa8qFGRgIPs1RPqyXOlFQADY5U1fduXp1L9Xa/I8yr + CozYbYRs+h3bDNr0O7YZtql3rCRMaDJqYCD2/c1/tztDcZJFc3yv+qOFsZnGsbQKHsoCdz93dVnJ + h4OSIY7g0HAGEaRUq+ak42UGrvQ2PcFc2stcUBVzkXrM6Hs9PBz+rxx9AgAA//8axAlvtDiih4tH + iyNcxRF6qQFv48GbRECnp0OyYDVogTiUbQC0ML8kEbruHd0UnI05nMUYzlaeEfaCEtcSSgNczVpQ + qYBVwgDuZTQJY1w6jOHtxtS8ssyi/DxI2xAilFIK3XQB4RIVevm5EBOqYUxo7UBGaY20X0QfZq6O + Um5iRRBklAnFbvAKw6ISxxKIO8qAnRtyl0ViLGyGGAY3FGhXRmJxWD54gSZs7TFoaTVo2SPISrhD + UF1rhOJcqAZw8NTW1gIAAAD//wMAcqtTseMzAAA= + headers: + Atl-Request-Id: + - 7c5290ce-9243-43ba-b12c-ced579f7aa1a + Atl-Traceid: + - 7c5290ce924343bab12cced579f7aa1a + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:15:03 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=342,atl-edge-internal;dur=14,atl-edge-upstream;dur=329,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 70bafd5179c9cafed92ba87ba8a661ae + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: !!binary | + H4sIAAAAAAAAA+xW32/TMBD+V6o8V0vbVWOqhBBiIE2gCWndXtCETHJZb3PsYDttyrT/nXPixO5a + RjpgvCxP9vl+fOf77uK7CKqCiTSaRYWSN5AYHQ39cvblziug1iWYdQFWRQPPSLYwptCzOE4hI4NU + 3sgDZjjTGpk4EGBiBdrErMB4Ejuv8XhEH7lA67Td3MKadmfz9+dz2gmWA20vBBpDDmxAtmSGqQvF + CdVdND2upsd7xi8FLkFpxr82vuIlwiq2CXXQ3MF4NB29opiTaTWZ/tsobzT+gNc6Z5xTwPFRNT56 + joBVG/FwUh1OniNiDimWeXQ/DHlk+fUEJnUeai5NQi7ZTQo6UVgYlIKkbwd1rsNBitqgSMygQEhg + ILPBSqrbA2udSEHM2hPFI9fgAXYXcTg+3riIjuRzpm9pVwqjmNCcGUjPNk50+c3Y1SxjXMMwWiAo + ppLF+hMsgUCPhr5HMwSe2nZxC2oVXeY5U2u7VPC9RAWkaFRJnnSygJzZE4uVzLVRKK5tzLU2kFuJ + s77v8J47SduzrQYBY/oEMlZyc8l4CR1gWRBgWw1bcKq3ia5CGvRC5rUDcF7o4Z1a2WDeaDYIQ9te + GK9o3HAuV5DWSi88fYSNjeEp5VXb7qDnva12wRQIs1lq52F3rTmKOlxba+fAF/pzI2iL7M57Vrhj + YSLzQgqyrHvl99iYUsxyHQkVmXj7EGvg1ON954Ut5kCvL26WpjYS2HgKcrmEaAdbbWYb7OqT2nbz + hy58IieBtM0k1OybSlsC98/oNQZa3ZAYThQwo1Ny1Oj2ewDbvtQnjYA/e/Q4azvNPjbDVmZmRUy3 + F4B5wZHmvC/pyxvpbwb8f2+kemJmWF2Sh4aUffr34Wiy8Zt+7Hol9On75QNWA6fsZ1Oouk/jDN2I + enw4FQqlQvPgVfKrzDrtjbZ3srDvO7W28TvBVgLNgNnGvwPwExu/iR2PbUn6/7gxZ9egY2uhWydI + ggVeL8j7TwAAAP//vJfBboMwDIZfpeqht8K6tpdJqNph0iax087VBNQCNgqMkHU99N0XxwmE0mms + QTvWjZMvtnF+O+wTW7S68SMZ8QTZV0Qw7GClRhkHtk+qMW+tMZfjYNL31gV91rJHoi6tUVfjoIqK + 7HL6xUFDrqwh16NB9krUlzaNup6etihNzC/RDv0/SwH1Imd1sZfT1at4xherYR0syLEJkfNUCj+n + PH6lzIkrgDwpStGHnLe0Cu7iZA5lGs2V/iUXktfitLbZPYhFE58WKTXZQ7vQ9n7s29iVsyAE0g4D + bnT22vTVo9qtRfbJoHnV/6Lf8rpAdZxBDQPT2FTCwrlxaSOX8Viktt58cKiO3uDLX1LUgjmo6yBK + 9oOHlvN4GP5GTAxrG5d7cynFpuM97B50g6goj+14jUV0ZT4Nf4PfsBp5Fb9hN5GTd5vezgY2KVZz + tCsK/h2qTcQrnPSUyH/aeTOWFIcXHuKASkOhh4+7aWZkUa4SVOhpL+dZNruqXJowI3Ccg2xjvweZ + M6g65aC9jWLQpqYUWoNdFPFwl3YLwgxcBjimb5Qc9eQY8tdoUOdAwbo9fQMAAP//AwBWYTYNTBYA + AA== + headers: + Atl-Request-Id: + - 1e551436-4886-47d4-8108-6bd2eefc1407 + Atl-Traceid: + - 1e551436488647d481086bd2eefc1407 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:15:04 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=314,atl-edge-internal;dur=14,atl-edge-upstream;dur=300,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 2a0d7628c56183e89902369ee1cd2ae6 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\nA group of + Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/359] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/90]\n\n\n|| Severity || CVE || + CWE || Component || Version || Title || Status ||\n| High | [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082] + | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [2222Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236] | Active, + Verified |\n| High | [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082] + | [94|https://cwe.mitre.org/data/definitions/94.html] | pg | 5.1.0 | [Remote + Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < + 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= + 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/234] | Active, + Verified |\n\n*Severity:* High\n\n *Due Date:* Jan. 29, 2025 \n\n\n\n\n\n\n\n\n\n\nh1. + Findings\n\nh3. [2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < + 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= + 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect + Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* High\n *Due + Date:* Jan. 29, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n*Reporter:* + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, + < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < + 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= + 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 + < 7.1.2)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Jan. 29, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source + File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected + versions of `pg` contain a remote code execution vulnerability that occurs when + the remote database or query specifies a crafted column name. \n\nThere are + two specific scenarios in which it is likely for an application to be vulnerable:\n1. + The application executes unsafe, user-supplied sql which contains malicious + column names.\n2. The application connects to an untrusted database and executes + a query returning results which contain a malicious column name.\n\n## Proof + of Concept\n```\nconst { Client } = require('pg')\nconst client = + new Client()\nclient.connect()\n\nconst sql = `SELECT 1 AS "\\\\'/*", + 2 AS "\\\\'*/\\n + console.log(process.env)] = null;\\n//"`\n\nclient.query(sql, + (err, res) => {\n client.end()\n})\n```\n Vulnerable Module: pg\n Vulnerable + Versions: < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || + >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || + >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || + >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2\n Patched Version: >= 2.11.2 + < 3.0.0|| >= 3.6.4 < 4.0.0 || >= 4.5.7 < 5.0.0 || >= 5.2.1 + < 6.0.0 || >= 6.0.5 < 6.1.0 || >= 6.1.6 < 6.2.0 || >= 6.2.5 + < 6.3.0 || >= 6.3.3 < 6.4.0 || >= 6.4.2 < 7.0.0 || >= 7.0.2 + < 7.1.0 || >= 7.1.2\n Vulnerable Paths: \n - 5.1.0:pg-promise>pg\n + CWE: CWE-94\n Access: public\n\n\n*Mitigation*:\n* Version 2.x.x: Update to + version 2.11.2 or later.\n* Version 3.x.x: Update to version 3.6.4 or later.\n* + Version 4.x.x: Update to version 4.5.7 or later.\n* Version 5.x.x: Update to + version 5.2.1 or later.\n* Version 6.x.x: Update to version 6.4.2 or later. + ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version + 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. + )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/521\n\n\n*Reporter:* + [(admin) ()|mailto:]\n"}, "update": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '7127' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15998 + response: + body: + string: '' + headers: + Atl-Request-Id: + - 9195dc78-a564-44a2-a7d3-be168b63097c + Atl-Traceid: + - 9195dc78a56444a2a7d3be168b63097c + Cache-Control: + - no-cache, no-store, no-transform + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:15:04 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=312,atl-edge-internal;dur=14,atl-edge-upstream;dur=298,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - 34967c5080f6478311766ee710252c25 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15998 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xXWXPbNhD+Kxg+dVKJlyRb4kyn4zpK4tR1XVlJHhyPByJXJGISYAFQR+P89+6S + ohQfSmt3GnvGxLUHdr/9sP7swKrkMnEiR4NMQEPySkCemI7kBZiOiTMoeEeVoLkVSpoOJMIWYHkn + zrhMIVdpZwHa4B4kEyg1GJB2czaujFXFnBReB74f+K6GPyswdrou4Vzz2IoYnI4jyH4wGI2GODGQ + z3GaWVuayPMSmENsE/VJudzm3BjBpSvBemjJerwUXugJYyrwWgU3sEb5s+n4YtoNBsMDXKpdME70 + 2THoW2VibiFVet3cIcEZSoR+2O8GYbfnT4NhFPSjwcg9GIx+RL99cpKMWHS8VvNMJ0neQ31+uL32 + ZpKAibUoKXC4esRMwfO8wxJhrJCxZaWAGJias6XSNy5Jx0q+0/kTvaikoHTx/JovuOXaWwhYerVb + Owc3W4HfC4Y/G/EX/FRg2qsCrRIs0OSUmxvKVTWzNIrmPDfQcRrBE7xXLdtxMoHA0XG2PoUFoK/+ + l45jBSKrRJQ4kazwjs49mPT8fRtBu1Fq9Qmv+sxMbKTrPNSZbfNAk6/Qs7vuOymsRQXG2domCP9a + nzVqbpdcE5CNKMpcoMPJvZBgomr49Yer/vCJ7n4jZe1Ntgnr+4foRthfhf3/10oDixqkaDA4WAUH + 38PgqrXYC1e98HtY3CD/y5eHcAz34bTXbszF6n1Djpj9yytEQ5pqSJFv/rEIBu0GXkDlVcMLjx89 + 2LdxuGcj3Lsx3LcxeuhOQ5vNKpFS/UI4UTfAKbf4cDSE+/T6bOh8R+Beo05T9dXDY1VR4AIi5Q+0 + IGTqRFZXgFlCpfY9JpZqsHGu1kf6tYibOH5+sEa+orDJVJUnL4Upc77e1DBlXgNelmjiwSPR67uH + w6B9JO6HbR+VhVsqu7+xBVWphdLCrp8ZxFbcq1+af/9WiIKnYDySMK0SgQuZSDPXLNIdKb7BlZY9 + Q+dhfYTbMsj5DIj/qALu9wT7wBvsw2gwpIhk3IxLEZ8KefOKdl5CSf2LjNus1blc1nvbFankGNsX + PsthAtw0SNCbkXN++u71ydn16cnx+OxifD2eTH6f4P2wTg2GBA9MM2DnSPTSMrLLhGFK5muGpCFy + UsqsYm+F5uxcQ4GswSqDqHUfI48AC8rxb4Xvl8kscppXEbOH4d9V1R22wESkQvL8/qFN97UJb43r + HL1rCQczm0rYnq5KKttHkXy33WkapWeCrxHePrB3e5un4XGHt194fIPtZgu5Vnlj63jT0f0nh9u2 + sKkZNBK2/YCEJVW3ypU+a7yZ5RV0U40ssWuKFHupmmSrosSGWNrHQT/YRwuDLS18K+N3w/lRfv17 + xFKtqpIaxVdCJkiMhmGtsBmAZGVlMkhqlJ5Mjug7AybkggwQzBKG/wowfLQgiUhZFrrsNan7KF/U + 3xcRu9yqFTJiZRoN3MD1bynYGOtcxTzPlLHR0B/63rw5e1375PUGoyuUYpcXEFfETeyNWnat2iOM + b3JS4ZscXjGPXQbGsj8qri1oNpYpVmSB8d0jCtsDXlBLn53/xo4qrH12EXO5R4o6PG/kXzWRvL1l + F9i01n7i+Pj9uP58aD5tgmmyeeJpOBUWaYBEa0DhCBUxYkp2yy5RRzfE0u8GB/4wrL0ggMpF4krs + 891ULbxFlUuErEVK8e6evyIVo/5WLF6CWwirwVU69bCsOUFdYKtKdOCN+m5mi5ykyhT/1HkiFSH+ + TKBQFvAaCbDxCtNBMqzLfjhP/wYAAP//7Fjfb9s2EP5XDggQyJpDz7JsYw78ECR92LAWw9LuZR5g + RWZibbLk6Eeaouv/vu9IiqJiq0WTPSYJHPmORx6/O9591JBO0+qcAjEei4Do9K46X9JE/AhjpZiI + mQipUYStIhRTMW/k01Y+FZirkc9aOT9OWzl7Z+RjMWvlQSsP3PGTVj4Rk1YetvKw3cC8XZcfHbld + lx+DQU9umEweBZMZI3oB0vAghxx6RffpWJzn3xlnM/7/ivNrjJ8d47AvxiiETVFY+CreLCP/qpZ0 + hQoK4S/oLhT8NCQ02Cl1q3Pzux0LW57V94l4PZcvjNkMddu/Ur0ebfjvnJgFIR7ftCMPH4Njkf1q + XMlHL4D8T/w7e8ZxxYI492qCl7WFbmr513ldxBLplUqfG/QZ+uguKSXjur9zBl61NMJHu7fLIvdK + 06BFko+izUNSgorgDjANAjCMW4YYx6Ehnsw11vu7NYHUwb+MIip0GsecxtKmMe9BFtFNknJPrbZR + RXmMhUr6uAU7qUCvjSGjdhOVkvKC7nFP+0S4K8d8CkvMHhfRLTsAOlbvMmL2JdRBA0EvJIGhU/Ux + b0xiKmOZRbjJMGXBUkm8JRABsPc0+UeCv99ilQhu7/dpEqtXl4YaNQ6nEvjgyPIFwB2ltwaf6qyM + blEqmO+flTUPgX/lfWqWM8iUtItgnORgBo7zpVhlweHsMMqAdMnOwD1ceQuwRcxr0WG2Zn2IDFKF + rOoiQ27jqazTitF1fMC4o04IBvDkBFeXHPHE32WexXJfrbL1er3K+DpY0We6xM7Aer7QkvhdblJI + 7/TkMZgjtfT/QTM21iOXBO5szDxWqidhNseSxoDhWtL6+s2vby7f05gurun0vs6r8xV+9OQjX0tw + CI+p/dEK5/IH3mqZp1LgtuAh+2Pc4ITMHgZ/sTeg0DDJRiNtvVYOaKcUgB78GJIni2LICA5oySeH + PmNmsyfMtWHHvwwMOPSHTRR6C9KKfCE+aq68eQ+06JRxMMWeQg5NXym3RgfF3GoOyrmjeVLQHc2T + ku5onhR1R/OkrFvNQWF3NN3SDpx+Uy94Ng1ICzPSgGRQwXwOXIyRwYQXcuFijAwoRtXAxRhZUBxN + 0/IaVDoqBsmi0tEwSBaVjoZBsqh0NAySRcXRaJAsKh2NBslJJuC1RSZxSp5pwrc4LPR8V1nwB7oT + vl3EfA6QmPUNjr/pAW8TdfMzLcC3V5lAPIrHBX1Qbwu4AJli34QEFTOFphCu0aTPSEfrqE3YZ6PD + eNRm2mejA3zUZtZnoyNibcijd9yBVHeyHU4lwVBHfKjKrg4xt5ooLXPa6wQWxDzCLjrvW1SF9OuL + moRAlzpYwMTu590+iiuO27ucEvWFkAIPyUZu2jaPgb+DFBUS1bz8nj5vTPc5X7mZpnjRZpdkA/IG + /+5AQ6p8YanHUT77ymWdA+wWvG9z2fCZXDZkLhu+jMv+BwAA//+iSluW3K4vcrqldVvWcLQtWwAA + AAD//+yaXWvCMBSG/8oYeJkubWNrB+IUNtxf8O40SefQftAP9veX09RgM7ONXRVW8EJMjj0em7cv + vM/sZWcvO3tZh6yPvNlI2Efe7FraZy97mdfsZWcvOw0v65vSH7zs1/x+aSJsO751JXg+u07w2hr4 + qYcTEC6wtxrEw1pgBrawFqirgrpSdGpS9Mt4XBtd5Ac1zYzSaDuThLYFfsTETSeeTZfngHHs/c28 + EEeNTEVZ/zGwRXeyAc6RBHkV69hXTpYuwq2MVlEaMSA0C2LCMliSJIkpEVEmZJylTIYY7ppKdVld + +/jLSon3y1YI1UuDPUNdnsXTVcu8RE7ue+yr/zOk91brbVhzQY/CLBRBKgVE8QpkCInIgCUrnkKU + cOb7G7Huv0X91kXwol66juRQDJEnIfqjxusa8qFGRgIPs1RPqyXOlFQADY5U1fduXp1L9Xa/I8yr + CozYbYRs+h3bDNr0O7YZtql3rCRMaDJqYCD2/c1/tztDcZJFc3yv+qOFsZnGsbQKHsoCdz93dVnJ + h4OSIY7g0HAGEaRUq+ak42UGrvQ2PcFc2stcUBVzkXrM6Hs9PBz+rxx9AgAA//8axAlvtDiih4tH + iyNcxRF6qQFv48GbRECnp0OyYDVogTiUbQC0ML8kEbruHd0UnI05nMUYzlaeEfaCEtcSSgNczVpQ + qYBVwgDuZTQJY1w6jOHtxtS8ssyi/DxI2xAilFIK3XQB4RIVevm5EBOqYUxo7UBGaY20X0QfZq6O + Um5iRRBklAnFbvAKw6ISxxKIO8qAnRtyl0ViLGyGGAY3FGhXRmJxWD54gSZs7TFoaTVo2SPISrhD + UF1rhOJcqAZw8NTW1gIAAAD//wMAcqtTseMzAAA= + headers: + Atl-Request-Id: + - 4f5bdfea-42a3-4be0-9958-5507e2b83a54 + Atl-Traceid: + - 4f5bdfea42a34be099585507e2b83a54 + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:15:04 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=249,atl-edge-internal;dur=13,atl-edge-upstream;dur=237,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - bd669784884d8bc95d065cdbe76fcd3f + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: !!binary | + H4sIAAAAAAAAA5yQUUvDMBSF/0te3bqbtN26vMkEp+gU2r0oImlzi9E0KU06GGP/3QSH7lF9u9zz + nXsO90Bq4XA7aMLJm/e947OZxBYbL+27TYTXwjklTGLQkwmRyvVa7P/BlzjsVIMS3ccadb9C43H4 + 65GVNa0e0TT4O+cOB6esCTAFoAkkMC03l4/l+qH6UTdjV4eJ8OcITWACLyETe233XWhZ7fuYttJ2 + lMFUj0rLLwvhwcAWi9PySvgIMmDZlLIpXVaU8ZRymiYAcAEBDn4X/oBDpbpzNoWKFpzmHPKELeg3 + 23Q3prUBhCyHLGVzkdZ1kRdLmi+pzFnaNKxAOacCWyGyeX0W4HVMuFWDiC8M+qj9nW1EXB+IPk0E + zeu2JMfzYk/WROX6viLHTwAAAP//AwDqWLxcIAIAAA== + headers: + Atl-Request-Id: + - 0fac98cf-6777-4ab0-b8b4-5613ae9d242a + Atl-Traceid: + - 0fac98cf67774ab0b8b45613ae9d242a + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:15:05 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=161,atl-edge-internal;dur=15,atl-edge-upstream;dur=147,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - f05613a4d6c2b0fbec800b3b8eb167ea + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.3 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/15997 + response: + body: + string: !!binary | + H4sIAAAAAAAAA7xX23LbNhD9FQwfU4k3SYnMmU7HdZTEreu6spI8OB4PTK5IxCTAAKAujf3v3SVF + KpatTO1OYz8Qt71g9+zB6qsDq5LLxIkcDTIBDckbAXliepIXYHomzqDgPVWC5lYoaXqQCFuA5b04 + 4zKFXKW9BWiDe5BModRgQNrN2bgyVhVzUngV+H7guxq+VGDsbF3CmeaxFTE4PUeQ/WB0cPAKJwby + OU4za0sTeV4Cc4htoj4rl9ucGyO4dCVYDy1Zj5fCCz1hTAVeq+AG1ih/Opucz/rBaDzCpdoF40Rf + HYO+VSbmFlKl180dEpyhROiHw34Q9gf+LBhHwTAaDd3x6OAn9NsnJ8mIRcdrNc90kuQ91OeH3bU3 + kwRMrEVJgcPVQ2YKnuc9lghjhYwtKwXEwNScLZW+cUk6VvK9zp/oRSUFpYvnV3zBLdfeQsDSq93a + OrjZCvxBMP7FiL/h5wLTXhVolWCBJmfc3FCuqmtLo2jOcwM9pxE8xnvVsj0nEwgcHWfrE1gA+urf + 9RwrEFklosSJZIV3dHZgMvDbjVKrz3ijZwZ8I12Hu05gG26afAOS7a3eS2EtKjBOZ5uQ+nt91qi5 + XXJNeDWiKHOBDic7N8d81CgbjlfD8RPd/U5m2pt0eRn6BPRwuAqH/6+VJvs1FtFg8HIVvPwRBlet + xUG4GoQ/wuIG4Hd3D+EY7MNpuG9j0G7MxepDQ44Ii4tLhEmaakiRbx4UAV5A5VVT/o9rHe3beLlv + 49WejXDvxnjfxsFDPxvabFaJlOoXwon6AU65xYejIdynF25D51sC9xp1msqyHh6pigIXECl/pAUh + UyeyuoK7DU+TNi3iJpxfH6yRZ3jUZKrKk9fClDlfb0oZl9Et+wExQ+W9iYYGvCzxx4NHYhC6w4Ow + fSR2w9ZR2e7GPlCFHahKLZQWdv3MILbiXv3S/Pu3QhQ8BeORhGmVCFzIRJq5ZpFu2fIdrrS0GjoP + CyfsyiDn10DESBWw2xPsA2+wD6PBmCKScTMpRXwi5M0b2nkNJfUvMm7zWGd3We91K1LJCbYv/DqH + KXDTYENvRs7Zyfu3x6dXJ8dHk9PzydVkOv1zivfDOjUYEjwwy4Cd4QsgLSO7TBimZL5myCYiJ6XM + Kvab0JydaSiQTlhlELXuY6wSYEE5/q3w/TIZRE7zKmL2MPzbqrrHFpiIVEie7x7adF+b8NZIz9G7 + lnAws6mE7nRVUtk+iuS63Rm3SG4apWeCrxHuXt77vc3T8LjF2688vsF2s4Vcq7yxdbTp6P6Tw21b + 2NQMGgnbRkHCkqpb5UqfNt5c5xX0U428sW2KFHutmmSrosSGWNrHQT/qaOF7id0V6ijjfjg/yW// + D1mqVVVSo/hGyASJ0TCsFXYNIFlZmQySGqXH00P6XgMTckGWCWYJw58CDB8tSCJSloUue0vqPskX + 9fdFxC46tUJGTGK8rOBW6ch3R+7gloKOMc9VzPNMGRuN/bHvzRuZq9o3bzAaX6I0uziHuCKOYu/U + sm/VHmF8tJMKH+3wknnsIjCW/VVxbUGziUyxMguM8x5R6A54QS19evYHO6yQA9h5zOUeKWoBvQP/ + sono7S07x+a19hPHRx8m9edj82kTTZPNU0/DmbBIByRaAwtHqIgRY7JbdoE6+iFSQB+75DCovSCg + ykXiSuz33VQtvEWVS4SuRWrx7p+/JBUD3+/k4iW4hbAaXKVTD+ubE+YFNrPECx4edTNb5CS3zRdO + 6oyRshD/ppBWOceY/gMAAP//7Fltb9owEP4r1qRWgEgKSQiFquqoWNVOazWt2j50XzCxgWwhifJC + 92E/fs85L7yUlI6qVSdNrYDYPvt8vnvO9+QX1XBqH0Ppu9wjV7qV0QKlGtNY7aacockOveTkFNPY + eqteYcv85I8M06T1B0i/C9kkU6n7M9tmFxv77Ji9J9slH6/sYj3dLtZOu7y4TYwqmyDgCqfrN5R9 + qI01hqlkQ0QqGj8CxZjRazIAeYeto0DxN2vrJQyoZ1N/tdPGFoYKeQGKPwJGOQla75RjNXzUt+3/ + 0d2zBiIS7d/xpe0VHFgS/qSmeF54rh9B4zZIIxjzwvUk4FNmBj+cJifccWSYqJ9L91sRHC5hvgE4 + LtUIgP85cOpucMTFwo2RQyTl2y4ywISMDjcqLgZ0pKPlCiOGKwwj/VGa55eWKHeHXDtyB1G6Q5y7 + A08SZOC4ye5nrjNjuEtPpwDhFADIQo61/CnjDEWNA0Fci5yIT0iP0UBtVPvE/WkKOB6xmeQCkguO + HKpnu2XflgpdA+89uZpc1vuLkqq/6pIY8lmVCaLoR/e06G6vz4CRM4ijEU6uwr2/+2AI8/v0Qf6F + R9pWjFnCdOy5Tn5o165KpfmZfVW3LbJwfhiZMgww46EjyjcPuat5yJ2EZG4C5qoHhsS3cIUUa+70 + BTGFKyiW/hunyEXDgPIm+XiNi7nr11mt/nsOH06Cfum3W0HjxQHD2BMwDAIM45mAsVfWeAAY++at + 1fN9bcCw/wPGKwCG9W8Bhl2K7gCMh4xHpyz6NwveKiqkbVV1lIQXVUlJBF9SPA8xNxtDW1XcmFXy + VpsSVbxDq+QdCvNUDaziylrlmmv1+2Z5p6JjRrVJViPG6XzOqYB992iFRSYnNiqI9ix1iZM4g8cS + h3YlTrttAGLrwBxI+9ge2xbXWhOjq1kT3tF6vW5LE/ZEyO5kbEmTyuJSEstmsv0nSkrym4EQFDWk + M48CT7xfURlVMy3wKJOuDkXqKLzVMJIp2FxzYgpjLAW3u8dcmrwnJtzqHTtjbvccq90+E6dqFuz1 + wLjAfyanzbmfF4maljXFehpr9zCZZuhUfepZxJJNtZDzmEwKeZUTuBfj5+W5ZumhT+TEJiv/9jXe + pPXfvsabrwXeusZALJGxzDl7dKmcn5173P8p/Xjmhiq0qBDMiOwM9O4Cn0Z/SKMglEd3gCOHKNc8 + BundFHrLSKdl8jdy23knqwqDrRU6+g8AAAD//0KVwDXHYQIv54uglcRocTQIEx6h4ggAAAD//xqM + Lh4tjmjtYvoVR+ilBrytB28aAZ2eDsmC1aA5dyjbAGhhfkkidMUAuim4WnsGuIoxAyPs5SHORiCu + VqwJrlkpA1ytWFBxgVXCGKcEvP2YmleWWZSfB2kjQoRSSqHLVSBcokIvPxdiQjWMCa0dyCitkVba + 6MPM1VHKTawISi0uzQEZjGQ3eG6mqMSxBOKOsvwS6k0JQwyDGwq0KyOxOCwfPLUFm8cFTUqDJoxA + VsIdgupaIxTnQjWAg6e2thYAAAD//wMAg8TTWx0lAAA= + headers: + Atl-Request-Id: + - 47bab63f-8363-4986-99f3-2c56e76b311f + Atl-Traceid: + - 47bab63f8363498699f32c56e76b311f + Cache-Control: + - no-cache, no-store, no-transform + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Mon, 30 Dec 2024 17:15:05 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - atl-edge;dur=293,atl-edge-internal;dur=21,atl-edge-upstream;dur=260,atl-edge-pop;desc="aws-us-east-1" + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + X-Aaccountid: + - 712020%3Ae686b64a-0f27-4fa5-9970-d6fde7fb4e32 + X-Arequestid: + - c0c183c5c1167c93821c635531594731 + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +version: 1 From e7f9f2465bd5103925d79c0312d3b583d80e49b5 Mon Sep 17 00:00:00 2001 From: Harold Blankenship <36673698+hblankenship@users.noreply.github.com> Date: Thu, 2 Jan 2025 12:27:45 -0600 Subject: [PATCH 62/65] add ordering to test_import API endpoint (#11448) --- dojo/api_v2/views.py | 15 ++++----------- dojo/filters.py | 31 +++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 11 deletions(-) diff --git a/dojo/api_v2/views.py b/dojo/api_v2/views.py index bca0a75e0b6..90fe948b32c 100644 --- a/dojo/api_v2/views.py +++ b/dojo/api_v2/views.py @@ -60,6 +60,7 @@ ApiTestFilter, ReportFindingFilter, ReportFindingFilterWithoutObjectLookups, + TestImportAPIFilter, ) from dojo.finding.queries import ( get_authorized_findings, @@ -2259,17 +2260,9 @@ class TestImportViewSet( serializer_class = serializers.TestImportSerializer queryset = Test_Import.objects.none() filter_backends = (DjangoFilterBackend,) - filterset_fields = [ - "test", - "findings_affected", - "version", - "branch_tag", - "build_id", - "commit_hash", - "test_import_finding_action__action", - "test_import_finding_action__finding", - "test_import_finding_action__created", - ] + + filterset_class = TestImportAPIFilter + permission_classes = ( IsAuthenticated, permissions.UserHasTestImportPermission, diff --git a/dojo/filters.py b/dojo/filters.py index 6a1228865b1..b4c452c2fea 100644 --- a/dojo/filters.py +++ b/dojo/filters.py @@ -3212,6 +3212,7 @@ class Meta: exclude = ["users"] +# This class is used exclusively by Findings class TestImportFilter(DojoFilter): version = CharFilter(field_name="version", lookup_expr="icontains") version_exact = CharFilter(field_name="version", lookup_expr="iexact", label="Version Exact") @@ -3238,6 +3239,7 @@ class Meta: fields = [] +# This class is used exclusively by Findings class TestImportFindingActionFilter(DojoFilter): action = MultipleChoiceFilter(choices=IMPORT_ACTIONS) o = OrderingFilter( @@ -3252,6 +3254,35 @@ class Meta: fields = [] +# Used within the TestImport API +class TestImportAPIFilter(DojoFilter): + o = OrderingFilter( + # tuple-mapping retains order + fields=( + ("id", "id"), + ("created", "created"), + ("modified", "modified"), + ("version", "version"), + ("branch_tag", "branch_tag"), + ("build_id", "build_id"), + ("commit_hash", "commit_hash"), + + ), + ) + + class Meta: + model = Test_Import + fields = ["test", + "findings_affected", + "version", + "branch_tag", + "build_id", + "commit_hash", + "test_import_finding_action__action", + "test_import_finding_action__finding", + "test_import_finding_action__created"] + + class LogEntryFilter(DojoFilter): from auditlog.models import LogEntry From 39fd462bd3af2de51b45f4ce3274df28b9b54a82 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Jan 2025 13:34:20 -0600 Subject: [PATCH 63/65] Bump boto3 from 1.35.90 to 1.35.91 (#11496) Bumps [boto3](https://github.com/boto/boto3) from 1.35.90 to 1.35.91. - [Release notes](https://github.com/boto/boto3/releases) - [Commits](https://github.com/boto/boto3/compare/1.35.90...1.35.91) --- updated-dependencies: - dependency-name: boto3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 3353536e4fb..e112ad95afa 100644 --- a/requirements.txt +++ b/requirements.txt @@ -69,7 +69,7 @@ django-ratelimit==4.1.0 argon2-cffi==23.1.0 blackduck==1.1.3 pycurl==7.45.4 # Required for Celery Broker AWS (SQS) support -boto3==1.35.90 # Required for Celery Broker AWS (SQS) support +boto3==1.35.91 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 vulners==2.2.3 fontawesomefree==6.6.0 From 7a7ed5c84efa50c64966aaa30a7da32bb4e3aac6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 3 Jan 2025 13:43:05 -0600 Subject: [PATCH 64/65] Update dependency vite from 6.0.6 to v6.0.7 (docs/package.json) (#11494) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- docs/package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/package-lock.json b/docs/package-lock.json index 3aa14d80550..01229f0d6b9 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -4717,9 +4717,9 @@ "license": "MIT" }, "node_modules/vite": { - "version": "6.0.6", - "resolved": "https://registry.npmjs.org/vite/-/vite-6.0.6.tgz", - "integrity": "sha512-NSjmUuckPmDU18bHz7QZ+bTYhRR0iA72cs2QAxCqDpafJ0S6qetco0LB3WW2OxlMHS0JmAv+yZ/R3uPmMyGTjQ==", + "version": "6.0.7", + "resolved": "https://registry.npmjs.org/vite/-/vite-6.0.7.tgz", + "integrity": "sha512-RDt8r/7qx9940f8FcOIAH9PTViRrghKaK2K1jY3RaAURrEUbm9Du1mJ72G+jlhtG3WwodnfzY8ORQZbBavZEAQ==", "dev": true, "license": "MIT", "dependencies": { From 848aa5e4b34bc9b5d90540be390a3022e1f70a73 Mon Sep 17 00:00:00 2001 From: DefectDojo release bot Date: Mon, 6 Jan 2025 14:38:45 +0000 Subject: [PATCH 65/65] Update versions in application files --- components/package.json | 2 +- dojo/__init__.py | 2 +- helm/defectdojo/Chart.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/components/package.json b/components/package.json index be6c0f99acd..a8d871e7356 100644 --- a/components/package.json +++ b/components/package.json @@ -1,6 +1,6 @@ { "name": "defectdojo", - "version": "2.42.0-dev", + "version": "2.42.0", "license" : "BSD-3-Clause", "private": true, "dependencies": { diff --git a/dojo/__init__.py b/dojo/__init__.py index 033e2fc2894..79dc67f72f9 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa: F401 -__version__ = "2.42.0-dev" +__version__ = "2.42.0" __url__ = "https://github.com/DefectDojo/django-DefectDojo" __docs__ = "https://documentation.defectdojo.com" diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index a156475461c..3b6c3581684 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.42.0-dev" +appVersion: "2.42.0" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.6.167-dev +version: 1.6.167 icon: https://www.defectdojo.org/img/favicon.ico maintainers: - name: madchap