Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API: Engagement update jira epic #11234

Merged
merged 1 commit into from
Nov 12, 2024
Merged

API: Engagement update jira epic #11234

merged 1 commit into from
Nov 12, 2024

Conversation

raouf-haddada
Copy link
Contributor

Title: Update Jira Epic Engagement in API v2

Description:
This pull request includes updates to the Jira Epic engagement functionality in the API v2. The changes aim to improve the integration and handling of Jira Epics within the DefectDojo application.

Changes:

  • Updated the API v2 engagment endpoint to handle Jira related epic.

Engagment Edit view

Edit Engagement DefectDojo

API v2 Engagment endpint
Defect Dojo API v2

Jira Epic Update

  • Title
  • Priority
    Testing - Jira Epic

@github-actions github-actions bot added the apiv2 label Nov 11, 2024
@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The pull request updates the integration between the Defect Dojo application and the Jira issue tracking system, including changes to the update_epic function, the addition of a new serializer called EngagementUpdateJiraEpicSerializer, and a new action method update_jira_epic in the EngagementViewSet.

Expand for full summary

Summary:

The code changes in this pull request focus on updating the integration between the Defect Dojo application and the Jira issue tracking system. The key changes include:

  1. Updating the update_epic function in the dojo/jira_link/helper.py file to allow updating the summary, description, and priority of a Jira issue associated with an engagement. The function also checks if the Jira project is enabled and if the Jira issue exists before attempting the update.

  2. Adding a new serializer called EngagementUpdateJiraEpicSerializer in the dojo/api_v2/serializers.py file, which allows updating the Jira epic name and priority for an engagement.

  3. Adding a new action method update_jira_epic to the EngagementViewSet in the dojo/api_v2/views.py file, which enables updating or creating a Jira epic for an engagement.

From an application security perspective, these changes do not introduce any obvious security vulnerabilities. However, it's important to ensure that the Jira API credentials and configuration are properly secured, and that the application is following best practices for API integration and authentication. Additionally, it's recommended to regularly review the Jira integration code and the Jira project configuration to identify and address any potential security risks.

Files Changed:

  1. dojo/jira_link/helper.py: The changes in this file focus on updating the JIRA issue for an engagement (or epic) in the Defect Dojo application. The update_epic function has been modified to allow updating the summary, description, and priority of a JIRA issue, and it also checks if the JIRA project is enabled and if the JIRA issue exists before attempting the update.

  2. dojo/api_v2/serializers.py: This file contains serializers used in the Defect Dojo API. The changes include the addition of a new serializer called EngagementUpdateJiraEpicSerializer, which allows for updating the Jira epic name and priority for an engagement.

  3. dojo/api_v2/views.py: This file contains the implementation of various API endpoints for the Defect Dojo application. The changes include the addition of a new action method update_jira_epic to the EngagementViewSet, which allows updating or creating a Jira epic for an engagement.

Code Analysis

We ran 9 analyzers against 3 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Configured Codepaths Analyzer 3 findings

Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Nov 11, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit ee77ea4 into DefectDojo:dev Nov 12, 2024
132 of 134 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Maffooch Maffooch Maffooch approved these changes

@hblankenship hblankenship hblankenship approved these changes

@mtesauro mtesauro mtesauro approved these changes

@grendel513 grendel513 grendel513 approved these changes

Assignees
No one assigned
Labels
apiv2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@raouf-haddada @grendel513 @mtesauro @hblankenship @Maffooch