Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🎉 make vulnids more robust #11569

Open
wants to merge 2 commits into
base: bugfix
Choose a base branch
from
Open

🎉 make vulnids more robust #11569

wants to merge 2 commits into from

Conversation

manuel-sommer
Copy link
Contributor

@manuel-sommer manuel-sommer commented Jan 15, 2025
edited
Loading

  • Alphabetical ordering
  • added examples where possible
  • added a hyphen where possible to make the keys more unique

@github-actions github-actions bot added the settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR label Jan 15, 2025
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jan 15, 2025
edited
Loading

DryRun Security Summary

The pull request enhances the DefectDojo application's security and functionality by updating vulnerability URL mappings and specifying acceptable file upload types in the configuration settings.

Expand for full summary

Summary:

The code changes in this pull request are focused on improving the functionality and security of the DefectDojo application. The key changes include updating the VULNERABILITY_URLS dictionary to include new vulnerability ID prefixes and their corresponding URLs, as well as updating the FILE_UPLOAD_TYPES setting to specify a list of acceptable file types that can be uploaded to the application.

From an application security perspective, these changes are positive steps towards enhancing the security and usability of the DefectDojo application. The updated VULNERABILITY_URLS dictionary ensures that users can easily access vulnerability information from various sources, which can help in understanding and addressing identified vulnerabilities. The FILE_UPLOAD_TYPES setting is also an important security consideration, as it helps to restrict the types of files that can be uploaded to the application, thereby mitigating the risk of arbitrary file upload vulnerabilities.

Files Changed:

  • dojo/settings/settings.dist.py: This file contains the configuration settings for the DefectDojo application. The key changes in this pull request include:
    1. Updating the VULNERABILITY_URLS dictionary to include new vulnerability ID prefixes and their corresponding URLs, allowing the application to link to the appropriate vulnerability information pages.
    2. Updating the FILE_UPLOAD_TYPES setting to include a list of acceptable file types that can be uploaded to a given object via arbitrary file upload, helping to mitigate the risk of arbitrary file upload vulnerabilities.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

@manuel-sommer
Copy link
Contributor Author

For "VNS": "https://vulners.com/" I did not find an example

mtesauro
mtesauro approved these changes Jan 16, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

At least 4 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@manuel-sommer @mtesauro