Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Global Audit View: Vulnerabilities #21

Merged
merged 4 commits into from
Feb 8, 2023
Merged

Global Audit View: Vulnerabilities #21

merged 4 commits into from
Feb 8, 2023

Conversation

rbt-mm
Copy link
Owner

@rbt-mm rbt-mm commented Feb 7, 2023
edited
Loading

Description

This PR introduces introduces new API endpoints in the FindingResource of the backend. These two new endpoints filter every finding by ACLs and other optional filters and then returns them , either by occurrence of vulnerability or grouped by vulnerability.

Those endpoints are used in a new view, which is introduced in the Frontend PR, and grant a simple way of gathering all findings in one place and filtering/sorting them by certain criteria.

Addressed Issue

1770

Additional Details

  • Requires the VIEW_VULNERABILITY permission
  • Tested on internal H2 Database, MSSQL and PostgreSQL

localhost_8081_vulnerabilityAudit (3)

localhost_8081_vulnerabilityAudit (4)

A PR for a policy violations audit will soon follow!

Checklist

  • I have read and understand the contributing guidelines
    - [ ] This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
    - [ ] This PR introduces changes to the database model, and I have added corresponding update logic
    - [ ] This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

rbt-mm added 3 commits February 7, 2023 10:53
@rbt-mm
Global Audit View: Vulnerabilities
2694c33 
Adds two new API methods to the FindingResource, which return a
filtered list (ACL and optional other filters) of every finding, either
by occurrence or grouped by vulnerability, to allow users to quickly
get every finding for all of their projects.

Signed-off-by: RBickert <[email protected]>
@rbt-mm
Add tests
a444372 
Adds test for the new class `GroupedFinding` and for the new methods in
the `FindingResource`.

Signed-off-by: RBickert <[email protected]>
@rbt-mm
Fix for PostgreSQL and MSSQL
86a38ed 
Signed-off-by: RBickert <[email protected]>
@rbt-mm rbt-mm mentioned this pull request Feb 7, 2023
Merged
1 task
@rbt-mm
Put logic for new API methods in dedicated class
9c89c94 
Calculate severity if NULL in database

Adjust tests

Signed-off-by: RBickert <[email protected]>
@rbt-mm rbt-mm merged commit 2a307d0 into master-global-audit-view-vulnerabilities Feb 8, 2023
@rbt-mm rbt-mm deleted the rbt-global-audit-view-vulnerabilities branch February 21, 2023 12:06
@rbt-mm rbt-mm restored the rbt-global-audit-view-vulnerabilities branch February 21, 2023 12:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rbt-mm