Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add RLSA to vulnid #11251

Merged
merged 1 commit into from
Nov 15, 2024
Merged

add RLSA to vulnid #11251

merged 1 commit into from
Nov 15, 2024

Conversation

manuel-sommer
Copy link
Contributor

No description provided.

@github-actions github-actions bot added the settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR label Nov 12, 2024
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Nov 12, 2024
edited
Loading

DryRun Security Summary

The pull request focuses on updating the DefectDojo application's configuration files, including an update to the checksum file for the .settings.dist.py file and modifications to the main settings configuration file, settings.dist.py, to add a new vulnerability URL mapping and update the list of acceptable file types.

Expand for full summary

Summary:

The code changes in this pull request are focused on updates to the DefectDojo application's configuration files. The changes include an update to the checksum file for the .settings.dist.py file, as well as modifications to the main settings configuration file, settings.dist.py.

The update to the checksum file is a routine change to ensure the integrity of the configuration file, which is a common security best practice. It's important to verify that the new checksum value matches the actual contents of the .settings.dist.py file to ensure no unauthorized modifications have been made.

The changes to the settings.dist.py file include the addition of a new vulnerability URL mapping for "RLSA" (Rocky Linux Security Advisory) and an update to the list of acceptable file types that can be uploaded to the application. These changes are positive from a security perspective, as they improve the application's ability to provide more detailed vulnerability information and restrict the types of files that can be uploaded, mitigating the risk of arbitrary file uploads.

Files Changed:

  1. dojo/settings/.settings.dist.py.sha256sum: The checksum value for the .settings.dist.py file has been updated from 7a71516d9e6d3fedd26424517ea2c228ad74b6fee8aaa7d8752b8ea4f228aef3 to 09169f6d20ebf2f37347156111c3670a5b207c3530583a53ed9ac59ae4221188. This is a routine change to ensure the integrity of the configuration file.

  2. dojo/settings/settings.dist.py: The changes include the addition of a new vulnerability URL mapping for "RLSA" (Rocky Linux Security Advisory) and an update to the list of acceptable file types that can be uploaded to the application. These changes are positive from a security perspective, as they improve the application's ability to provide more detailed vulnerability information and restrict the types of files that can be uploaded.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Nov 12, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit f71799e into DefectDojo:bugfix Nov 15, 2024
73 checks passed
@manuel-sommer manuel-sommer deleted the add_rlsa branch November 15, 2024 20:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blakeaowens blakeaowens blakeaowens approved these changes

@Maffooch Maffooch Maffooch approved these changes

@mtesauro mtesauro mtesauro approved these changes

@cneill cneill cneill approved these changes

Assignees
No one assigned
Labels
settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@manuel-sommer @cneill @mtesauro @Maffooch @blakeaowens