Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JIRA Finding Groups: Accommodate status function inconsistency #11125

Merged
merged 2 commits into from
Oct 27, 2024

Conversation

Maffooch
Copy link
Contributor

@Maffooch Maffooch commented Oct 24, 2024

Accommodating a strange behavior where a finding group sometimes prefers obj.status rather than obj.status()

Traceback (most recent call last):
  File "/app/dojo/jira_link/helper.py", line 666, in push_to_jira
    return add_jira_issue_for_finding_group(group, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/dojo/decorators.py", line 73, in __wrapper__
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/app/dojo/decorators.py", line 46, in __wrapper__
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/celery/local.py", line 182, in __call__
    return self._get_current_object()(*a, **kw)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/celery/app/task.py", line 411, in __call__
    return self.run(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/dojo/decorators.py", line 117, in __wrapper__
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/app/dojo/jira_link/helper.py", line 697, in add_jira_issue_for_finding_group
    return add_jira_issue(finding_group, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/dojo/jira_link/helper.py", line 769, in add_jira_issue
    obj_can_be_pushed_to_jira, error_message, _error_code = can_be_pushed_to_jira(obj)
                                                            ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/dojo/jira_link/helper.py", line 162, in can_be_pushed_to_jira
    if "Active" not in obj.status():
                       ^^^^^^^^^^^^
TypeError: 'str' object is not callable

[sc-8016][sc-8017]

Copy link

DryRun Security Summary

The code change in the dojo/jira_link/helper.py file improves the handling of finding group status in the context of JIRA integration by introducing a try-except block to handle cases where the standard obj.status() method is not accessible, and then checking if the finding group's status does not contain the "Active" string, in order to ensure the reliability and robustness of the JIRA integration feature.

Expand for full summary

Summary:

The code change in the dojo/jira_link/helper.py file is focused on improving the handling of finding group status in the context of JIRA integration. The change addresses a scenario where the standard obj.status() method may not always be accessible, and instead, the obj.status attribute is used. The key changes include the introduction of a try-except block to handle the case where obj.status() raises a TypeError exception, and then checking if the finding group's status does not contain the "Active" string, in which case, the group is not pushed to JIRA.

From an application security perspective, this change is not directly related to security vulnerabilities, as it is more focused on improving the reliability and robustness of the JIRA integration feature within the application. However, the handling of edge cases and error conditions can be an important aspect of secure application development, as they can help prevent unexpected behavior or potential security issues.

Files Changed:

  • dojo/jira_link/helper.py: The changes in this file address a scenario where a finding group's status is not always accessible through the obj.status() method, and instead, the obj.status attribute is used. The code introduces a try-except block to handle the case where obj.status() raises a TypeError exception, and then checks if the finding group's status does not contain the "Active" string, in which case, the group is not pushed to JIRA.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 4fdd555 into DefectDojo:bugfix Oct 27, 2024
72 checks passed
@Maffooch Maffooch deleted the groups branch December 5, 2024 16:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants