Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixing call to date_parser in AWS Inspector2 parser #11767

Merged
merged 3 commits into from
Feb 7, 2025
Merged

Fixing call to date_parser in AWS Inspector2 parser #11767

merged 3 commits into from
Feb 7, 2025

Conversation

cneill
Copy link
Contributor

@cneill cneill commented Feb 7, 2025

Description

Fixing a quick bug with how the AWS Inspector2 parser handles mitigated date parsing.

@github-actions github-actions bot added the parser label Feb 7, 2025
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Feb 7, 2025
edited
Loading

DryRun Security Summary

The PR enhances AWS Inspector2's parsing capabilities and test coverage, particularly for datetime handling and mitigation status, while including test data for various Linux kernel and LibXML2 vulnerabilities ranging from low to high severity.

Expand for full summary

The PR updates AWS Inspector2 parser and unit tests, adding datetime parsing improvements and test assertions for mitigation status and timestamps. Security findings include multiple Linux kernel and LibXML2 vulnerabilities in the test JSON data:

  1. CVE-2021-3744: Memory leak in Linux kernel CCP driver (MEDIUM, CVSS 5.5)
  2. CVE-2024-37021: FPGA manager module vulnerability with potential null pointer dereference
  3. CVE-2021-3640: Use-after-free in Linux kernel HCI subsystem (HIGH, CVSS 7.0)
  4. CVE-2021-47013: Use-after-free in network device transmission
  5. CVE-2023-42753: Netfilter subsystem array indexing vulnerability (HIGH, CVSS 7.8)
  6. CVE-2020-27170: Spectre mitigation bypass (MEDIUM, CVSS 4.7)
  7. CVE-2022-29824: LibXML2 buffer handling integer overflow (MEDIUM, CVSS 6.5)
  8. CVE-2015-8035: LibXML2 compression error detection issue (LOW)

Code Analysis

We ran 9 analyzers against 3 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Feb 7, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit 605ccf0 into DefectDojo:bugfix Feb 7, 2025
73 checks passed
@mtesauro mtesauro mentioned this pull request Feb 7, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grendel513 grendel513 grendel513 approved these changes

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
parser unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cneill @grendel513 @mtesauro @dogboat @Maffooch