String Filtering: Support ID matching for links on listing pages

[Maffooch]

With the "Filter String Matching Optimization" mode enabled in system settings, a few links within the UI have been broken:

• Product Type list - clicking on finding counts returns all findings a user has access to
• Product Endpoints - Clicking on hosts or endpoints returns all hosts or endpoints a user has access to

Adding a hidden filter that is not renderable on the page will support the object based filtering without fetching all of the objects at the time of request

[sc-6296]

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Configured Codepaths Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
AppSec Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request focus on the implementation of various Django filters used in the Defect Dojo application. These filters provide a wide range of functionality for filtering and searching different types of objects, including findings, tests, engagements, products, and endpoints. The filters utilize a variety of filter types, such as CharFilter, NumberFilter, DateFilter, ChoiceFilter, and BooleanFilter, to allow users to search and filter the data based on various criteria. Additionally, the filters include support for handling tags, with the ability to filter by tags, exclude tags, and search for tags that contain a specific pattern. The code also includes several custom methods and helper classes that provide additional functionality for filtering the data, such as custom vulnerability ID filtering and metrics date range filtering. Overall, these changes demonstrate the complexity and flexibility of the Defect Dojo application, and the importance of having robust filtering and search capabilities to help users find and analyze the data they need.

Files Changed:

• dojo/filters.py: This file defines several Django filters that are used to filter and search for various objects in the Defect Dojo application. The key changes include:
  • Definition of various filter classes that inherit from the DojoFilter class, a custom FilterSet class that provides additional functionality for handling tags and other custom fields.
  • Filters cover a wide range of objects, including findings, tests, engagements, products, and endpoints, with each filter class having its own set of fields that can be used to filter the data.
  • Use of a variety of filter types, such as CharFilter, NumberFilter, DateFilter, ChoiceFilter, and BooleanFilter, to allow for flexible and comprehensive filtering.
  • Support for handling tags, including the ability to filter by tags, exclude tags, and search for tags that contain a specific pattern.
  • Implementation of custom methods, such as custom_filter and custom_vulnerability_id_filter, to provide additional functionality for filtering the data.
  • Support for ordering the results, with the ability to order by various fields.
  • Inclusion of several helper classes, such as SimilarFindingHelper and MetricsDateRangeFilter, to provide additional functionality for filtering the data.

Powered by DryRun Security