Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 fix bearer_cli #11245 #11248

Merged
merged 2 commits into from
Nov 15, 2024
Merged

🐛 fix bearer_cli #11245 #11248

merged 2 commits into from
Nov 15, 2024

Conversation

manuel-sommer
Copy link
Contributor

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Nov 12, 2024
edited
Loading

DryRun Security Summary

The code change in the dojo/tools/bearer_cli/parser.py file is related to the handling of the snippet or code_extract fields in the Finding object, which is likely a defensive measure to handle cases where the "snippet" field may not always be available in the input data.

Expand for full summary

Summary:

The code change in the dojo/tools/bearer_cli/parser.py file is related to the handling of the snippet or code_extract fields in the Finding object. The key change is that if the "snippet" field is not present in the bearerfinding dictionary, the code will attempt to use the "code_extract" field instead. This is likely a defensive measure to handle cases where the "snippet" field may not always be available in the input data.

From an application security perspective, this change is not particularly noteworthy, as it is simply handling the parsing of a report file and creating Finding objects based on the data in the file. However, it's worth noting that the Finding object being created contains several security-relevant fields, which are likely used by other parts of the application security tooling to track and manage security findings, an important aspect of secure software development. Overall, this code change appears to be a minor improvement to the robustness of the parser and does not raise any immediate security concerns.

Files Changed:

  • dojo/tools/bearer_cli/parser.py: The code change in this file is related to the handling of the snippet or code_extract fields in the Finding object. Specifically, the change is made in the get_findings method, where the description of the finding is being constructed. The key change ensures that if the "snippet" field is not present in the bearerfinding dictionary, the code will attempt to use the "code_extract" field instead.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Nov 12, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved.

Nice way to fix for both potential cases 👍

@mtesauro mtesauro merged commit e9b1354 into DefectDojo:bugfix Nov 15, 2024
73 checks passed
@manuel-sommer manuel-sommer deleted the fix_11245 branch November 15, 2024 20:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cneill cneill cneill approved these changes

@mtesauro mtesauro mtesauro approved these changes

@Maffooch Maffooch Maffooch approved these changes

@blakeaowens blakeaowens blakeaowens approved these changes

Assignees
No one assigned
Labels
parser
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@manuel-sommer @cneill @mtesauro @Maffooch @blakeaowens