Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix for Add Risk Acceptance on Finding List dropdown Not Working #11042

Merged
merged 1 commit into from
Oct 11, 2024
Merged

fix for Add Risk Acceptance on Finding List dropdown Not Working #11042

merged 1 commit into from
Oct 11, 2024

Conversation

hblankenship
Copy link
Collaborator

[sc-7768]

Fixes issue#11010

Update path for Full Risk Acceptance when clicking the ... and choosing Add Risk Acceptance... next to a finding in the finding list.

@github-actions github-actions bot added the ui label Oct 10, 2024
@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The pull request focuses on the view template for a test in the Dojo application, which provides comprehensive functionality for managing tests and findings, including features for bulk editing of findings, risk acceptance, credential management, file management, and Jira integration, all of which require careful review to ensure the security and integrity of the application.

Expand for full summary

Summary:

The code changes in this pull request appear to be focused on the view template for a test in the Dojo application. The template provides a comprehensive set of functionality for managing tests and findings, including features for bulk editing of findings, risk acceptance, credential management, file management, and Jira integration.

From an application security perspective, there are several areas that should be carefully reviewed to ensure the security and integrity of the application:

  1. Bulk Editing of Findings: The "Bulk Edit" feature that allows updating attributes of multiple findings at once should be reviewed to ensure that it does not introduce any security vulnerabilities, such as improper access control or data validation issues.

  2. Risk Acceptance: The functionality for accepting and unaccepting the risk of findings should be reviewed to ensure that it is properly implemented and does not allow the acceptance of high-risk vulnerabilities.

  3. Credential Management: The section for managing credentials associated with the test should be reviewed to ensure that sensitive credential information is properly protected and that access to these credentials is properly controlled.

  4. File Management: The file management functionality should be reviewed to ensure that file uploads and downloads are properly validated and sanitized to prevent security vulnerabilities such as remote code execution or directory traversal attacks.

  5. Jira Integration: The Jira integration should be reviewed to ensure that it does not introduce any security vulnerabilities, such as improper data handling or authorization issues.

Files Changed:

  • dojo/templates/dojo/view_test.html: This file is a Django template for the view of a test in the Dojo application. The template includes functionality for managing the test, such as editing, copying, and deleting it, as well as adding new findings and managing files associated with the test. The template also includes features for bulk editing of findings, risk acceptance, credential management, file management, and Jira integration, which should be carefully reviewed for potential security vulnerabilities.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@hblankenship hblankenship changed the title fix for issue 11010 fix for Add Risk Acceptance on Finding List dropdown Not Working Oct 10, 2024
@mtesauro
Copy link
Contributor

Fixes #11010

mtesauro
mtesauro approved these changes Oct 10, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit b58ff49 into bugfix Oct 11, 2024
74 checks passed
@Maffooch Maffooch deleted the hb-fix-risk-accept branch October 11, 2024 15:04
pedrohdjs pushed a commit to pedrohdjs/django-DefectDojo-sorting that referenced this pull request Oct 21, 2024
@hblankenship
fix for issue 11010 (DefectDojo#11042)
2945349
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blakeaowens blakeaowens blakeaowens approved these changes

@Maffooch Maffooch Maffooch approved these changes

@mtesauro mtesauro mtesauro approved these changes

@cneill cneill cneill approved these changes

@grendel513 grendel513 grendel513 approved these changes

Assignees
No one assigned
Labels
ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@hblankenship @mtesauro @grendel513 @cneill @Maffooch @blakeaowens