Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for engagement_end_date not being used #11174

Merged
merged 1 commit into from
Nov 1, 2024
Merged

Fix for engagement_end_date not being used #11174

merged 1 commit into from
Nov 1, 2024

Conversation

hblankenship
Copy link
Collaborator

When a scan was imported or reimported, the engagement_end_date was not being used and was defaulting to now + 365 days. This change sets the target_end appropriately for engagements.

[sc-8190]

@github-actions github-actions bot added the apiv2 label Oct 31, 2024
@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The code change in this pull request is a maintenance update that improves the handling of the engagement_end_date field in the CommonImportScanSerializer class of the Defect Dojo application's API, ensuring that the target_end field is only updated when the engagement_end_date is provided, preventing it from becoming None when the engagement_end_date is not present.

Expand for full summary

Summary:

The code change in this pull request appears to be a maintenance update that improves the handling of the engagement_end_date field in the CommonImportScanSerializer class of the Defect Dojo application's API. Previously, the target_end field was being set to the engagement_end_date regardless of whether the engagement_end_date was provided or not, which could lead to issues if the engagement_end_date was not provided. The change addresses this by only updating the target_end field if the engagement_end_date is actually provided, preventing the target_end field from becoming None when the engagement_end_date is not present.

From an application security perspective, this change does not introduce any obvious security concerns. It is a bug fix that enhances the reliability and consistency of the Defect Dojo application's API, without introducing any new functionality that could lead to security vulnerabilities. Overall, this code change is a positive maintenance update that improves the application's stability and user experience.

Files Changed:

  • dojo/api_v2/serializers.py: The changes are made in the setup_common_context method of the CommonImportScanSerializer class. The update ensures that the target_end field is only updated when the engagement_end_date is provided, preventing it from becoming None when the engagement_end_date is not present.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Nov 1, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit 68e0a8b into bugfix Nov 1, 2024
74 checks passed
@Maffooch Maffooch deleted the hb-fix-engagement-end branch November 1, 2024 21:45
@mtesauro mtesauro mentioned this pull request Nov 6, 2024
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Maffooch Maffooch Maffooch approved these changes

@mtesauro mtesauro mtesauro approved these changes

@cneill cneill cneill approved these changes

@grendel513 grendel513 grendel513 approved these changes

Assignees
No one assigned
Labels
apiv2
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@hblankenship @grendel513 @cneill @mtesauro @Maffooch