Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 fix RHS deduplication #11385

Merged
merged 1 commit into from
Dec 11, 2024
Merged

🐛 fix RHS deduplication #11385

merged 1 commit into from
Dec 11, 2024

Conversation

manuel-sommer
Copy link
Contributor

No description provided.

@github-actions github-actions bot added the settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR label Dec 6, 2024
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Dec 6, 2024
edited
Loading

DryRun Security Summary

The pull request adds support for the "Red Hat Satellite" parser to DefectDojo by updating the SAML2 attribute mapping and deduplication algorithm configurations in the settings file.

Expand for full summary

Summary:

The code change in this pull request adds support for a new parser called "Red Hat Satellite" to the DefectDojo application. The key changes include:

  1. Adding the "Red Hat Satellite" parser to the saml2_attrib_map_format dictionary, which maps SAML2 attributes to DefectDojo user profile attributes.
  2. Adding the "Red Hat Satellite" parser to the DEDUPLICATION_ALGORITHM_PER_PARSER dictionary, which specifies the deduplication algorithm to use for each parser. In this case, the "Red Hat Satellite" parser is set to use the DEDUPE_ALGO_HASH_CODE algorithm.

From an application security perspective, the addition of new parsers is generally a positive change, as it allows the DefectDojo application to ingest and process a wider range of vulnerability data sources. However, it's important to ensure that the parsers are properly tested and validated to avoid introducing any security vulnerabilities or data integrity issues.

Additionally, the use of the DEDUPE_ALGO_HASH_CODE algorithm for the "Red Hat Satellite" parser indicates that the deduplication process for this parser is based on a hash of certain fields in the vulnerability data, rather than a unique identifier from the tool itself. This approach can be effective, but it's important to carefully select the fields used in the hash calculation to ensure that it accurately identifies unique vulnerabilities.

Files Changed:

  • dojo/settings/settings.dist.py: This file has been updated to add support for the "Red Hat Satellite" parser. The changes include adding the parser to the saml2_attrib_map_format dictionary and the DEDUPLICATION_ALGORITHM_PER_PARSER dictionary.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Dec 8, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit b0e2819 into DefectDojo:bugfix Dec 11, 2024
73 checks passed
@manuel-sommer manuel-sommer deleted the fix_rhs_dedup branch December 12, 2024 07:17
paulOsinski pushed a commit to paulOsinski/django-DefectDojo that referenced this pull request Dec 23, 2024
@manuel-sommer
🐛 fix RHS deduplication (DefectDojo#11385)
2f65dca
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blakeaowens blakeaowens blakeaowens approved these changes

@Maffooch Maffooch Maffooch approved these changes

@mtesauro mtesauro mtesauro approved these changes

@cneill cneill cneill approved these changes

Assignees
No one assigned
Labels
settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@manuel-sommer @cneill @mtesauro @Maffooch @blakeaowens