Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release: Merge release into master from: release/2.39.1 #11073

Merged
merged 16 commits into from
Oct 15, 2024

Update versions in application files

0962bd6
Select commit
Loading
Failed to load commit list.
Merged

Release: Merge release into master from: release/2.39.1 #11073

Update versions in application files
0962bd6
Select commit
Loading
Failed to load commit list.
DryRunSecurity / Authn/Authz Analyzer succeeded Oct 15, 2024 in 10s

DryRun Security

Details

Authn/Authz Analyzer Findings: 5 detected

⚠️ Potential Authn/Authz Function Used or Modified dojo/jira_link/helper.py (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains a function called get_jira_connection(), which is likely related to authenticating and authorizing access to the Jira API. The function add_simple_jira_comment() also checks if the Jira project is enabled before adding a comment, suggesting that there are some authorization checks in place.
Filename dojo/jira_link/helper.py
CodeLink

django-DefectDojo/dojo/jira_link/helper.py

Lines 1400 to 1412 in 0962bd6

def add_simple_jira_comment(jira_instance, jira_issue, comment):
try:
jira_project = get_jira_project(jira_issue)
# Check to see if jira project is disabled to prevent pushing findings
if not jira_project.enabled:
log_jira_generic_alert("JIRA Project is disabled", "Push to JIRA for Epic skipped because JIRA Project is disabled")
return False
jira = get_jira_connection(jira_instance)
jira.add_comment(
⚠️ Potential Authn/Authz Function Used or Modified dojo/jira_link/views.py (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains a function called user_has_configuration_permission which is likely related to authorization and checking if a user has the necessary permissions to perform certain actions. Additionally, the code imports classes and functions from dojo.models and dojo.authorization.authorization which may be related to authentication and authorization mechanisms.
Filename dojo/jira_link/views.py
CodeLink

django-DefectDojo/dojo/jira_link/views.py

Lines 22 to 28 in 0962bd6

from dojo.authorization.authorization import user_has_configuration_permission
# Local application/library imports
from dojo.forms import AdvancedJIRAForm, DeleteJIRAInstanceForm, JIRAForm
from dojo.models import JIRA_Instance, JIRA_Issue, Notes, System_Settings, User
from dojo.notifications.helper import create_notification
from dojo.utils import add_breadcrumb, add_error_message_to_response, get_setting
⚠️ Potential Authn/Authz Function Used or Modified dojo/jira_link/views.py (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains a function called user_has_configuration_permission which checks if the user making the request has the necessary permissions to access the requested resource. This function is likely related to authorization, as it determines whether a user is allowed to perform a certain action based on their permissions.
Filename dojo/jira_link/views.py
CodeLink

django-DefectDojo/dojo/jira_link/views.py

Lines 391 to 408 in 0962bd6

return render(request, self.get_template(), {"jform": jform})
class AdvancedJiraView(View):
def get_template(self):
return "dojo/new_jira_advanced.html"
def get_form_class(self):
return AdvancedJIRAForm
def get(self, request):
if not user_has_configuration_permission(request.user, "dojo.add_jira_instance"):
raise PermissionDenied
jform = self.get_form_class()()
add_breadcrumb(title="New Jira Configuration (Advanced)", top_level=False, request=request)
return render(request, self.get_template(), {"jform": jform})
def post(self, request):
⚠️ Potential Authn/Authz Function Used or Modified dojo/jira_link/views.py (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains a function called user_has_configuration_permission that checks if the user has the necessary permission to access the requested resource. This function is likely related to authorization, as it determines whether the user is authorized to perform the requested action.
Filename dojo/jira_link/views.py
CodeLink

django-DefectDojo/dojo/jira_link/views.py

Lines 442 to 448 in 0962bd6

return "dojo/edit_jira.html"
def get_form_class(self):
return AdvancedJIRAForm
def get(self, request, jid=None):
if not user_has_configuration_permission(request.user, "dojo.change_jira_instance"):
⚠️ Potential Authn/Authz Function Used or Modified dojo/jira_link/views.py (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains the user_has_configuration_permission function, which suggests that it is checking the user's authorization to perform a specific action, namely adding a JIRA instance. This function is likely related to authentication and authorization mechanisms used in the application.
Filename dojo/jira_link/views.py
CodeLink

django-DefectDojo/dojo/jira_link/views.py

Lines 285 to 308 in 0962bd6

return field
class NewJiraView(View):
def get_template(self):
return "dojo/new_jira.html"
def get_fallback_template(self):
return "dojo/new_jira_advanced.html"
def get_form_class(self):
return JIRAForm
def get_fallback_form_class(self):
return AdvancedJIRAForm
def get(self, request):
if not user_has_configuration_permission(request.user, "dojo.add_jira_instance"):
raise PermissionDenied
jform = self.get_form_class()()
add_breadcrumb(title="New Jira Configuration", top_level=False, request=request)
return render(request, self.get_template(), {"jform": jform})
def post(self, request):
View more details on DryRunSecurity