Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reimport Legacy Reimport: Bump logging from debug to warning #11566

Open
wants to merge 1 commit into
base: bugfix
Choose a base branch
from
Open

Reimport Legacy Reimport: Bump logging from debug to warning #11566

wants to merge 1 commit into from

Conversation

Maffooch
Copy link
Contributor

When a legacy reimport algo is encountered, the logging shouldn be a bit more verbose

@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The pull request improves the reimport functionality in DefectDojo by modifying the default deduplication algorithm to log a warning, encouraging users to adopt more robust methods for matching and tracking security findings.

Expand for full summary

Summary:

The code change in this pull request is focused on improving the reimport functionality in the DefectDojo application security tool. The key change is the modification of the default "legacy" deduplication algorithm in the default_reimporter.py file, where a warning is now logged instead of a debug message. This change encourages users to review their deduplication configuration and use more robust algorithms, as the legacy deduplication approach may not be as effective in accurately matching new findings to existing ones. While the rest of the changes are focused on the core reimport functionality, they are important for ensuring the reliability and accuracy of the reimport process, which is a critical feature for security teams managing their vulnerability data. Overall, this change is a step towards enhancing the deduplication and reimport capabilities in DefectDojo, which can have a positive impact on the application security posture of the organizations using the tool.

Files Changed:

  • dojo/importers/default_reimporter.py: This file is responsible for processing and updating findings during a reimport of a security scan report in the DefectDojo application security tool. The key change in this file is the modification of the match_new_finding_to_existing_finding() method, where the default "legacy" deduplication algorithm has been changed to log a warning instead of a debug message. This change encourages users to review their deduplication configuration and use more robust algorithms, as the legacy deduplication approach may not be as effective in accurately matching new findings to existing ones. The rest of the changes in this file are focused on the core reimport functionality, handling the processing of findings, matching new findings to existing ones, and managing the various states of findings (new, reactivated, mitigated, etc.).

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Jan 16, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch mentioned this pull request Jan 16, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@cneill cneill cneill approved these changes

At least 4 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Maffooch @cneill @mtesauro