Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Filters to the Products under View Product Type #11321

Open
wants to merge 6 commits into
base: dev
Choose a base branch
from
Open

Add Filters to the Products under View Product Type #11321

wants to merge 6 commits into from

Conversation

hblankenship
Copy link
Collaborator

@hblankenship hblankenship commented Nov 25, 2024
edited
Loading

Add filters to the products listed on the detail page of a particular product type. This will be helpful if and when the number of products under the product type grows beyond a single page.

[sc-4748]

accesslint[bot]
accesslint bot reviewed Nov 25, 2024
View reviewed changes
Copy link

@accesslint accesslint bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are accessibility issues in these changes.

dojo/templates/dojo/view_product_type.html Outdated Show resolved Hide resolved
dojo/templates/dojo/view_product_type.html Outdated Show resolved Hide resolved
dojo/templates/dojo/view_product_type.html Outdated Show resolved Hide resolved
@github-actions github-actions bot added the ui label Nov 25, 2024
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Nov 25, 2024
edited
Loading

DryRun Security Summary

The pull request enhances the functionality of the Product Type views in the DefectDojo application, including the addition of a new "Show Filters" button, the relocation of the "Add Product" functionality to a dropdown menu, and the implementation of various permission checks, while also highlighting the need for a comprehensive security review to ensure proper permissions, access control, and secure coding practices.

Expand for full summary

Summary:

The code changes in this pull request focus on enhancing the functionality of the Product Type views in the DefectDojo application. The main changes include the addition of a new "Show Filters" button that toggles the display of a filter panel, the relocation of the "Add Product" functionality to a dropdown menu, and the implementation of various permission checks to control access to different actions and functionality.

From an application security perspective, the code changes appear to follow good security practices, such as the extensive use of permission checks to control access to sensitive actions. However, there are a few areas that should be reviewed more closely:

  1. Permissions and Access Control: Ensure that the permission checks and authorization mechanisms are properly implemented and cover all relevant actions and functionality.
  2. Dropdown Menus and Injection Risks: Review the use of dropdown menus to ensure that any user-supplied data is properly sanitized and validated to mitigate potential injection attacks.
  3. Secure Coding Practices: While the code seems to follow secure coding practices, it's important to perform a comprehensive security review of the entire codebase and conduct thorough security testing to identify and address any potential vulnerabilities.

Files Changed:

  1. dojo/templates/dojo/view_product_type.html: This file has been updated to include a new "Show Filters" button, a dropdown menu for the "Add Product" functionality, and various permission checks to control the visibility of different actions and options.
  2. dojo/product_type/views.py: The changes in this file focus on enhancing the product filtering capabilities, including the introduction of a get_system_setting function and the selection of appropriate filter classes based on the filter_string_matching system setting. These changes should be reviewed for potential security implications, such as SQL injection vulnerabilities or data exposure risks.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@Maffooch Maffooch marked this pull request as draft November 25, 2024 16:34
accesslint[bot]
accesslint bot reviewed Nov 25, 2024
View reviewed changes
Copy link

@accesslint accesslint bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are accessibility issues in these changes.

dojo/templates/dojo/view_product_type.html Outdated Show resolved Hide resolved
dojo/templates/dojo/view_product_type.html Outdated Show resolved Hide resolved
@hblankenship hblankenship marked this pull request as ready for review November 25, 2024 18:07
mtesauro
mtesauro approved these changes Nov 26, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@accesslint accesslint[bot] accesslint[bot] left review comments

@Maffooch Maffooch Maffooch approved these changes

@mtesauro mtesauro mtesauro approved these changes

At least 4 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hblankenship @mtesauro @Maffooch