Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Groups/users labels text #10663

Merged
merged 2 commits into from
Aug 1, 2024

retrigger actions

2eb9bb7
Select commit
Loading
Failed to load commit list.
Merged

Groups/users labels text #10663

retrigger actions
2eb9bb7
Select commit
Loading
Failed to load commit list.
DryRunSecurity / Authn/Authz Analyzer succeeded Aug 1, 2024 in 3s

DryRun Security

Details

Authn/Authz Analyzer Findings: 3 detected

⚠️ Potential Authn/Authz Function Used or Modified dojo/templates/dojo/view_group.html (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains a conditional statement that checks if the group can access any products. This suggests that there are some access control or authorization mechanisms in place, and the code is potentially related to authentication or authorization.
Filename dojo/templates/dojo/view_group.html
CodeLink

django-DefectDojo/dojo/templates/dojo/view_group.html

Lines 256 to 262 in 2eb9bb7

</div>
{% else %}
<div class="panel-body">
<small class="text-muted"><em>This Group cannot access any Products.</em></small>
</div>
{% endif %}
</div>
⚠️ Potential Authn/Authz Function Used or Modified dojo/templates/dojo/view_group.html (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains a reference to the 'authorization_tags' template tag library, which suggests that the application is using some form of authorization functionality. Additionally, the presence of the 'group.name' variable indicates that the application is likely managing group-based access controls, which are often part of an authentication and authorization system.
Filename dojo/templates/dojo/view_group.html
CodeLink

django-DefectDojo/dojo/templates/dojo/view_group.html

Lines 3 to 9 in 2eb9bb7

{% load authorization_tags %}
{% block content %}
<h3 id="id_heading"> Group: {{ group.name }}</h3>
<div class="row">
<div id="tests" class="col-md-8">
<div class="panel panel-default">
⚠️ Potential Authn/Authz Function Used or Modified dojo/templates/dojo/view_user.html (click for details)
Type Potential Authn/Authz Function Used or Modified
Description The code contains the variable 'user', which suggests that it is interacting with user-specific information. This could indicate the presence of authentication or authorization functions, as these typically involve accessing and verifying user data.
Filename dojo/templates/dojo/view_user.html
CodeLink

django-DefectDojo/dojo/templates/dojo/view_user.html

Lines 5 to 11 in 2eb9bb7

{% block content %}
{{ block.super }}
<h3 id="id_heading">{% blocktrans with full_name=user.get_full_name %}User: {{ full_name }}{% endblocktrans %}</h3>
<div class="row">
<div id="tests" class="col-md-8">
<div class="panel panel-default">
View more details on DryRunSecurity