Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improved naming of discovered findings filter and add same for mitigated #10429

Open
wants to merge 2 commits into
base: dev
Choose a base branch
from
Open

Improved naming of discovered findings filter and add same for mitigated #10429

wants to merge 2 commits into from

Conversation

quirinziessler
Copy link
Contributor

This PR updates the naming of filters related to #10401 to be a bit more precise.
Also it adds the same filter options for the "mitigated" field.
@dryrunsecurity DryRunSecurity
Copy link

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Configured Codepaths Analyzer 1 finding
Server-Side Request Forgery Analyzer 0 findings
SQL Injection Analyzer 0 findings
IDOR Analyzer 0 findings
Secrets Analyzer 0 findings
Authn/Authz Analyzer 0 findings
Sensitive Files Analyzer 0 findings

Note

🔴 Risk threshold exceeded. Adding a reviewer if one is configured in .dryrunsecurity.yaml.

notification list: @mtesauro @grendel513

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request appear to be focused on enhancing the filtering and search functionality of the Defect Dojo application. The changes introduce a comprehensive set of filters that cover various models, including Findings, Engagements, Products, Endpoints, and more. The filters are designed to respect the user's permissions and only show the data that the user is authorized to access. The code also includes specialized filters for specific use cases, such as finding findings that are outside of their SLA or accepted findings. Additionally, the code includes API-specific filters and filters for the Engagement Survey feature. Overall, these changes provide a powerful and flexible filtering system that will greatly improve the user experience and data management capabilities of the Defect Dojo application.

Files Changed:

  • dojo/filters.py: This file contains the code for the filtering functionality in the Defect Dojo application. The changes introduce a wide range of filters that can be used to search and filter data across various models, including Findings, Engagements, Products, Endpoints, and more. The filters respect the user's permissions and include specialized filters for specific use cases, such as finding findings outside of their SLA or accepted findings. The code also includes API-specific filters and filters for the Engagement Survey feature, further enhancing the application's data management capabilities.

Powered by DryRun Security
@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.
@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The pull request enhances the filtering functionality of the Defect Dojo application by introducing a set of filter classes that provide advanced search and filtering capabilities for various entities, including findings, engagements, products, and more, with features such as tag-based filtering, permissions-based filtering, date range filtering, and specialized filters for specific use cases.

Expand for full summary

Summary:

The code changes in this pull request are focused on enhancing the filtering functionality of the Defect Dojo application. The changes introduce a set of filter classes, such as FindingFilter, EngagementFilter, ProductFilter, and others, which provide advanced search and filtering capabilities for various entities within the application, including findings, engagements, products, and more.

The key highlights of the changes include the implementation of tag-based filtering, permissions-based filtering to ensure users can only access data they are authorized to view, specialized date range filters, and filters for specific use cases like SLA violations and risk acceptance. The code also includes API-specific filters to provide filtering capabilities for the application's API endpoints. These changes aim to improve the user experience and make it easier for Defect Dojo users to search and find the data they need, while maintaining the application's security and integrity.

Files Changed:

  • dojo/filters.py: This file contains the implementation of the various filter classes, including FindingFilter, EngagementFilter, ProductFilter, and others. The changes introduce new filter classes and enhance the existing filtering functionality to support tag-based filtering, permissions-based filtering, date range filtering, and specialized filters for specific use cases.

Code Analysis

We ran 9 analyzers against 1 file and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Configured Codepaths Analyzer 2 findings

Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.
@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
1 participant
@quirinziessler