Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add RXSA VULNERABILITY_URL #11097

Merged
merged 1 commit into from
Oct 27, 2024
Merged

add RXSA VULNERABILITY_URL #11097

merged 1 commit into from
Oct 27, 2024

Conversation

manuel-sommer
Copy link
Contributor

No description provided.

@github-actions github-actions bot added the settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR label Oct 20, 2024
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Oct 20, 2024
edited
Loading

DryRun Security Summary

The changes in this pull request focus on maintaining the integrity of the application's configuration files and expanding the functionality of the DefectDojo application to support additional vulnerability sources and file types.

Expand for full summary

Summary:

The changes in this pull request are focused on maintaining the integrity of the application's configuration files and expanding the functionality of the DefectDojo application to support additional vulnerability sources and file types.

The first change updates the SHA-256 checksum file for the .settings.dist.py configuration file, which is a routine update to ensure the integrity of the configuration file. While this change does not have any direct security implications, it is important to verify that the new checksum value matches the actual contents of the configuration file to prevent any potential issues with the application's configuration.

The second change updates the dojo/settings/settings.dist.py file, which includes the addition of a new entry in the VULNERABILITY_URLS dictionary to support Rocky Linux Security Advisories (RXSA) and the expansion of the FILE_UPLOAD_TYPES setting to include the ".rxsa" file extension. These changes indicate that the application is being updated to support additional vulnerability sources and file types, which can be beneficial for maintaining comprehensive security coverage. However, it is important to ensure that the application has appropriate security controls in place to validate and sanitize the uploaded files to prevent potential security risks.

Files Changed:

  1. dojo/settings/.settings.dist.py.sha256sum: The SHA-256 checksum value for the .settings.dist.py configuration file has been updated from 42026ac47884ee26fe742e59fb7dc621b5f927ee6ee3c92daf09b97f2a740163 to 002b28325f11793c5aa9f09326c2d5cc66de518cce51b2cb4cb681a920b89909. This change is routine and is used to maintain the integrity of the configuration file.

  2. dojo/settings/settings.dist.py: The changes in this file include the addition of a new entry in the VULNERABILITY_URLS dictionary to support Rocky Linux Security Advisories (RXSA) and the expansion of the FILE_UPLOAD_TYPES setting to include the ".rxsa" file extension. These changes are focused on expanding the functionality of the DefectDojo application to support additional vulnerability sources and file types.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

@manuel-sommer manuel-sommer marked this pull request as draft October 21, 2024 10:25
@manuel-sommer manuel-sommer marked this pull request as ready for review October 21, 2024 10:25
@manuel-sommer
Copy link
Contributor Author

@mtesauro, could you please retrigger the pipeline?

mtesauro
mtesauro approved these changes Oct 27, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 0563e09 into DefectDojo:bugfix Oct 27, 2024
73 checks passed
@manuel-sommer manuel-sommer deleted the add_rxsa branch October 28, 2024 08:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blakeaowens blakeaowens blakeaowens approved these changes

@Maffooch Maffooch Maffooch approved these changes

@mtesauro mtesauro mtesauro approved these changes

@cneill cneill cneill approved these changes

Assignees
No one assigned
Labels
settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@manuel-sommer @cneill @mtesauro @Maffooch @blakeaowens