Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ms_defender: Improve reliability and error handling #11898

Merged
merged 3 commits into from
Feb 27, 2025
Merged

ms_defender: Improve reliability and error handling #11898

merged 3 commits into from
Feb 27, 2025

Conversation

valentijnscholten
Copy link
Member

Fixes #11896

Exceptions such as KeyErrors were silently swallowed leading to endpoints not being created for findings.

This PR:

  • Logs the exception
  • Greatly reduces the chances of exceptions by using .get to retrieve values from the dict/json object
  • Added test case with a report that was triggering this because of a missing defenderAvStatus field.

I tried to remove the str() wrappers everywhere, but it seems they are needed to handle the "" vs null vs None cases with these json reports. So I left them for now.

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Feb 25, 2025
edited
Loading

DryRun Security Summary

The PR enhances the MS Defender parser by implementing data sanitization, safer dictionary access, and improved endpoint creation validation, along with corresponding unit tests to ensure more robust handling of scan results.

Expand for full summary

The PR updates the MS Defender parser and adds a corresponding unit test to improve error handling and parsing robustness for Microsoft Defender scan results. Security findings include:

  1. Data Sanitization Risk (dojo/tools/ms_defender/parser.py):

    • String replacement for computerDnsName to remove problematic characters
    • Potential risk of character injection or parsing manipulation

  2. Potential Information Disclosure (dojo/tools/ms_defender/parser.py):

    • Replaced direct dictionary access with .get() method
    • Mitigates risk of unhandled exceptions revealing internal application details

  3. Endpoint Creation Safety (dojo/tools/ms_defender/parser.py):

    • Added existence checks before creating Endpoint objects
    • Prevents potential None value assignments that could lead to unexpected behavior

No additional critical security vulnerabilities were identified in the patch.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

@valentijnscholten valentijnscholten mentioned this pull request Feb 25, 2025
Closed
@valentijnscholten
Copy link
Member Author

@manuel-sommer Could you review this PR?

@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

1 similar comment
@github-actions GitHub Actions
Copy link
Contributor

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

manuel-sommer
manuel-sommer approved these changes Feb 25, 2025
View reviewed changes
Copy link
Contributor

@manuel-sommer manuel-sommer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me

mtesauro
mtesauro approved these changes Feb 26, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 96ae5ed into DefectDojo:bugfix Feb 27, 2025
73 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cneill cneill cneill approved these changes

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@hblankenship hblankenship hblankenship approved these changes

@manuel-sommer manuel-sommer manuel-sommer approved these changes

Assignees
No one assigned
Labels
parser unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@valentijnscholten @cneill @mtesauro @dogboat @hblankenship @manuel-sommer