String Filtering: Correct Typo For Reviewers

[Maffooch]

With the "Filter String Matching Optimization" mode enabled in system settings, filtering by reviewers is not possible as there is typo. The correct typo from reviewer to reviewers allows the filter class to access the reviewers field on the Finding model

[sc-6164]

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Configured Codepaths Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
AppSec Analyzer	✅	0 findings
Authn/Authz Analyzer	❕	1 finding
Secrets Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request are focused on enhancing the filtering and search capabilities of the Defect Dojo application. The key changes include the addition of new filter fields for the reviewer and reviewer_contains fields in the FindingFilterWithoutObjectLookups class, as well as the addition of reviewers and reviewers_contains fields. These new fields allow users to search for findings based on the username of the reviewer or the usernames of the reviewers.

From an application security perspective, these changes are a positive addition as they provide more granular control over how users can search for and access findings. By allowing users to search for findings based on the reviewer and reviewer usernames, the application can better control access to sensitive information and ensure that only authorized users can view and interact with certain findings. Additionally, the use of the CharFilter class for these new fields ensures that the search is case-insensitive, making it easier for users to find the information they need.

Files Changed:

• dojo/filters.py: This file defines several Django filter classes that are used to filter and search for various objects in the Defect Dojo application, such as findings, products, engagements, and more. The key changes in this file include the addition of new filter fields for the reviewer, reviewer_contains, reviewers, and reviewers_contains fields in the FindingFilterWithoutObjectLookups class. These new fields allow users to search for findings based on the username of the reviewer or the usernames of the reviewers.

Powered by DryRun Security

[mtesauro]

Approved