Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for Findings count in Dashboard based on wrong date #11040

Merged
merged 2 commits into from
Oct 11, 2024
Merged

Fix for Findings count in Dashboard based on wrong date #11040

merged 2 commits into from
Oct 11, 2024

Conversation

hblankenship
Copy link
Collaborator

[sc-7804]

Resolves issue 11000

The number of active findings in the last 7 days now uses the correct date instead of the created date.

@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The code change in the dojo/home/views.py file involves modifying the findings.filter() calls to use the date__range parameter instead of created__date__range, suggesting a more appropriate filtering of findings based on their actual date for the dashboard.

Expand for full summary

Summary:

The code change in the dojo/home/views.py file appears to be a modification to the calculation of finding counts for the dashboard view. The change involves replacing the created__date__range parameter with date__range in the findings.filter() calls, suggesting that the original code was filtering findings based on the created date, which may not have accurately reflected the actual date range of interest for the dashboard. By switching to the date field, the code is now filtering findings based on their actual date, which is likely a more appropriate metric for the dashboard.

From an application security perspective, this change does not seem to introduce any immediate security concerns, as the code is primarily focused on data retrieval and presentation. However, it's important to review the implementation of the get_authorized_findings() function and the overall authorization logic to ensure that the application's access control mechanisms are properly enforced and do not introduce any security vulnerabilities. Additionally, the use of the timezone.now() function to obtain the current date may be susceptible to time-related vulnerabilities, and it's crucial to ensure that the application handles time-related operations securely and consistently across the codebase.

Files Changed:

  • dojo/home/views.py: The code change in this file involves modifying the findings.filter() calls to use the date__range parameter instead of created__date__range. This change suggests that the original code was filtering findings based on the created date, which may not have accurately reflected the actual date range of interest for the dashboard. By switching to the date field, the code is now filtering findings based on their actual date, which is likely a more appropriate metric for the dashboard.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@mtesauro
Copy link
Contributor

Fixes #11000

mtesauro
mtesauro approved these changes Oct 10, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit f345a4e into bugfix Oct 11, 2024
74 checks passed
@Maffooch Maffooch deleted the hb-fix-finding-date branch October 11, 2024 15:04
pedrohdjs pushed a commit to pedrohdjs/django-DefectDojo-sorting that referenced this pull request Oct 21, 2024
@hblankenship
Fix for Findings count in Dashboard based on wrong date (DefectDojo#1…
52fb3e4 
…1040)

* use correct date for finding last 7 days

* actual date_range
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blakeaowens blakeaowens blakeaowens approved these changes

@Maffooch Maffooch Maffooch approved these changes

@mtesauro mtesauro mtesauro approved these changes

@cneill cneill cneill approved these changes

@grendel513 grendel513 grendel513 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@hblankenship @mtesauro @grendel513 @cneill @Maffooch @blakeaowens