Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Product Metrics Bugfixes #10163

Merged
merged 1 commit into from
May 8, 2024
Merged

Product Metrics Bugfixes #10163

merged 1 commit into from
May 8, 2024

Conversation

blakeaowens
Copy link
Contributor

@blakeaowens blakeaowens commented May 8, 2024
edited
Loading

When measuring Affected Endpoints:

  • Fix an incorrect .get() that results in a 500 error code response
  • Add an annotation for finding__cwe within the endpoint_querys utility (without it, the CWE vulnerability graphs are always blank)

[sc-5921]

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented May 8, 2024

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Configured Codepaths Analyzer 0 findings
Sensitive Files Analyzer 0 findings
AppSec Analyzer 0 findings
Authn/Authz Analyzer 0 findings
Secrets Analyzer 0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖.
Note that this summary is auto-generated and not meant to be a definitive list of security issues
but rather a helpful summary from a security perspective.

Summary:

The changes in this pull request appear to be focused on enhancing the security-related functionality and reporting capabilities of the DefectDojo application. The key changes involve the addition of the cwe field to the endpoints_qs queryset in the endpoint_querys function, and the inclusion of this field in the open_vulns and all_vulns filters.

These changes are likely aimed at improving the visibility and analysis of vulnerabilities and findings associated with product endpoints. By including the CWE (Common Weakness Enumeration) information, security teams can better understand the types of vulnerabilities present in the product and potentially prioritize remediation efforts accordingly. Additionally, the ability to view and analyze the distribution of vulnerabilities by CWE can provide useful security metrics and insights.

Overall, these changes appear to be a positive step from an application security perspective, as they enhance the security-related functionality and reporting capabilities of the DefectDojo application.

Files Changed:

  • dojo/product/views.py: This file contains various views and functions for managing products in the DefectDojo application. The key changes in this patch are:
    1. In the endpoint_querys function, two new annotate calls have been added to the endpoints_qs queryset to include the cwe field.
    2. The open_vulns and all_vulns filters in the endpoint_querys function have been updated to include the new cwe field in the queryset.

Powered by DryRun Security

@Maffooch Maffooch merged commit 88b44d9 into DefectDojo:bugfix May 8, 2024
122 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grendel513 grendel513 grendel513 approved these changes

@cneill cneill cneill approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@blakeaowens @grendel513 @cneill @Maffooch