Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Duplicate Delete errors: catch IntegrityErrors (A) #11739

Merged
merged 7 commits into from
Feb 13, 2025
Merged

Duplicate Delete errors: catch IntegrityErrors (A) #11739

merged 7 commits into from
Feb 13, 2025

Conversation

valentijnscholten
Copy link
Member

@valentijnscholten valentijnscholten commented Feb 5, 2025
edited
Loading

Description
Fixes and see: #6217

This PR catches integrity errors that might happen if the background dedupe delete job deletes findings before the import process is fully completed. In the absence of transactions, for now we implement this "fix".

Test results
Manual testing only as creating a unit test / integration test is not feasible within a reasonable timeframe.

@valentijnscholten valentijnscholten mentioned this pull request Feb 5, 2025
Closed
2 tasks
@valentijnscholten valentijnscholten force-pushed the duplicate-delete-errors-a branch from 9442d09 to 5583027 Compare February 7, 2025 13:11
@github-actions github-actions bot added the apiv2 label Feb 7, 2025
@Maffooch Maffooch marked this pull request as ready for review February 7, 2025 21:55
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Feb 7, 2025
edited
Loading

DryRun Security Summary

The PR fixes a typo and adds two safer error-handling methods to the base importer, but introduces security concerns including race conditions, sensitive data logging, overly broad exception handling, and potential system information exposure.

Expand for full summary

PR updates a serializer help text typo and adds two new methods in base importer for safer error handling during import processes.

Security Findings:

  1. Potential race conditions and data integrity problems in base importer methods
  2. Logging of debug information that could leak system structure details
  3. Broad exception handling for IntegrityError which might mask underlying issues
  4. Potential risk of system information exposure through debug logging in create_import_history_record_safe() and add_tags_safe() methods

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

@Maffooch
Copy link
Contributor

Maffooch commented Feb 7, 2025

@valentijnscholten option A is the crowd favorite here. Thank you for presenting all three options In this way! It made selecting the winner super straight forward

This was referenced Feb 8, 2025
Closed
Closed
mtesauro
mtesauro approved these changes Feb 10, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

dogboat
dogboat approved these changes Feb 11, 2025
View reviewed changes
dojo/api_v2/serializers.py Outdated
@@ -167,7 +167,7 @@ class ImportStatisticsSerializer(serializers.Serializer):
)
delta = DeltaStatisticsSerializer(
required=False,
help_text="Finding statistics of modifications made by the reimport. Only available when TRACK_IMPORT_HISTORY hass not disabled.",
help_text="Finding statistics of modifications made by the reimport. Only available when TRACK_IMPORT_HISTORY has not disabled.",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we still need a word here, or a change to "is"?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good find, added "been".

@github-actions github-actions bot added the helm label Feb 13, 2025
@valentijnscholten valentijnscholten force-pushed the duplicate-delete-errors-a branch from da00cf6 to 1e0de2a Compare February 13, 2025 19:12
@github-actions github-actions bot removed the helm label Feb 13, 2025
@mtesauro mtesauro merged commit b483752 into DefectDojo:bugfix Feb 13, 2025
82 of 87 checks passed
quirinziessler pushed a commit to quirinziessler/django-DefectDojo that referenced this pull request Feb 18, 2025
@valentijnscholten @quirinziessler
Duplicate Delete errors: catch IntegrityErrors (A) (DefectDojo#11739)
52b8d61 
* option a: catch IntegrityErrors

* linting

* fix object creation

* fix object creation

* bugfixing

* bugfixing

* Update dojo/api_v2/serializers.py
quirinziessler pushed a commit to quirinziessler/django-DefectDojo that referenced this pull request Feb 26, 2025
@valentijnscholten @quirinziessler
Duplicate Delete errors: catch IntegrityErrors (A) (DefectDojo#11739)
dcc33db 
* option a: catch IntegrityErrors

* linting

* fix object creation

* fix object creation

* bugfixing

* bugfixing

* Update dojo/api_v2/serializers.py
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cneill cneill cneill approved these changes

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
apiv2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@valentijnscholten @Maffooch @cneill @mtesauro @dogboat