Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ELBA vulnerability URL #11138

Merged
merged 1 commit into from
Nov 1, 2024
Merged

Add ELBA vulnerability URL #11138

merged 1 commit into from
Nov 1, 2024

Conversation

manuel-sommer
Copy link
Contributor

No description provided.

@github-actions github-actions bot added the settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR label Oct 27, 2024
@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The pull request primarily involves updates to the configuration files for the DefectDojo application, including a modification to the SHA-256 hash file and updates to the settings.dist.py file, which include the addition of a new vulnerability URL mapping and the expansion of the allowed file upload types.

Expand for full summary

Summary:

The code changes in this pull request primarily involve updates to the configuration files for the DefectDojo application. The changes include a modification to the SHA-256 hash file for the default configuration file, as well as updates to the settings.dist.py file itself.

The change to the SHA-256 hash file could potentially indicate that the underlying configuration file has been modified, which is worth investigating further to ensure that the changes do not introduce any security vulnerabilities, such as the exposure of sensitive information. It's important to review the actual changes to the dojo/settings/.settings.dist.py file and verify the authenticity of the change.

The updates to the settings.dist.py file include the addition of a new vulnerability URL mapping and the expansion of the allowed file upload types. These changes appear to be routine updates to the application's configuration settings and do not seem to introduce any significant security risks.

Files Changed:

  1. dojo/settings/.settings.dist.py.sha256sum: The SHA-256 hash value for the default configuration file has been updated. This change should be reviewed to ensure that the underlying configuration file has not been modified in a way that could introduce security vulnerabilities.

  2. dojo/settings/settings.dist.py: The changes in this file include the addition of a new vulnerability URL mapping for the "ELBA" vulnerability type and an update to the FILE_UPLOAD_TYPES setting to include the ".elba" file extension as an acceptable file type for arbitrary file uploads. These changes appear to be routine updates to the application's configuration settings and do not introduce any obvious security risks.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Oct 28, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 5a80eee into DefectDojo:bugfix Nov 1, 2024
72 checks passed
@manuel-sommer manuel-sommer deleted the add_elba branch November 1, 2024 18:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Maffooch Maffooch Maffooch approved these changes

@mtesauro mtesauro mtesauro approved these changes

@cneill cneill cneill approved these changes

@grendel513 grendel513 grendel513 approved these changes

Assignees
No one assigned
Labels
settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@manuel-sommer @grendel513 @cneill @mtesauro @Maffooch