Thanks to visit codestin.com
Credit goes to github.com

Skip to content

🐛 fix broken AWS Endpoints #11902

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Mar 6, 2025
Merged

🐛 fix broken AWS Endpoints #11902

merged 5 commits into from
Mar 6, 2025

Conversation

quirinziessler
Copy link
Contributor

fix for #11814

@github-actions github-actions bot added New Migration Adding a new migration file. Take care when merging. docs unittests parser labels Feb 26, 2025
@quirinziessler quirinziessler mentioned this pull request Feb 26, 2025
Closed
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Feb 26, 2025
edited
Loading

DryRun Security Summary

The PR enhances security by implementing consistent character sanitization for resource identifiers in AWS Security Hub and Inspector2 parsers, replacing special characters with underscores to prevent potential injection and parsing vulnerabilities.

Expand for full summary

The PR updates AWS Security Hub and Inspector2 parsers and related components, introducing consistent character replacement for resource identifiers across multiple files to sanitize endpoint hosts by replacing special characters with underscores.

Security findings:

  1. In dojo/tools/aws_inspector2/parser.py: Character sanitization added to prevent potential URL/hostname generation issues, reducing risks of injection or path traversal scenarios.
  2. In dojo/tools/awssecurityhub/guardduty.py and dojo/tools/awssecurityhub/inspector.py: Input sanitization improvements by replacing : and / characters with underscores, preventing potential parsing or injection risks.
  3. In dojo/db_migrations/0222_aws_sechub_update_endpoints.py: Potential data integrity consideration due to irreversible hostname modifications during migration.

Code Analysis

We ran 9 analyzers against 6 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer Findings
Configured Codepaths Analyzer 1 finding

Overall Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

@quirinziessler
Copy link
Contributor Author

@Maffooch can we move this forward with this weeks release?

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 3, 2025

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@dogboat
Copy link
Contributor

dogboat commented Mar 4, 2025

@quirinziessler Looks like there's a merge conflict now, would you please resolve it? Thanks!

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 4, 2025

Conflicts have been resolved. A maintainer will review the pull request shortly.

@manuel-sommer
Copy link
Contributor

Merge conflicts have been resolved @dogboat

Maffooch
Maffooch approved these changes Mar 5, 2025
View reviewed changes
Copy link
Contributor

@Maffooch Maffooch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good! Once the migrations are fixed up, and tests pass, we can move forward with this one 😄

@quirinziessler quirinziessler reopened this Mar 5, 2025
valentijnscholten
valentijnscholten requested changes Mar 5, 2025
View reviewed changes
Copy link
Member

@valentijnscholten valentijnscholten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add a note to the upgrade notes that mentions this migration will happen? If an instance has a lot of endpoints, it can take a while during the upgrade.

valentijnscholten
valentijnscholten approved these changes Mar 5, 2025
View reviewed changes
Copy link
Member

@valentijnscholten valentijnscholten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@quirinziessler
Copy link
Contributor Author

Sure @valentijnscholten. Thanks for the input!

No pressure but release notes are now for 2.44.1 😉

mtesauro
mtesauro approved these changes Mar 6, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit da0321f into DefectDojo:bugfix Mar 6, 2025
70 of 71 checks passed
paulOsinski pushed a commit to paulOsinski/django-DefectDojo that referenced this pull request Mar 6, 2025
@quirinziessler @manuel-sommer
🐛 fix broken AWS Endpoints (DefectDojo#11902)
792cd3d 
* 🐛 fix for AWS Parser endpoints

* ruff

* resolve conflicts

* added upgrade note

---------

Co-authored-by: manuelsommer <[email protected]>
@quirinziessler quirinziessler deleted the fix_aws_endpoints branch March 17, 2025 19:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@valentijnscholten valentijnscholten valentijnscholten approved these changes

@dogboat dogboat dogboat approved these changes

@Maffooch Maffooch Maffooch approved these changes

@manuel-sommer manuel-sommer manuel-sommer approved these changes

Assignees
No one assigned
Labels
docs New Migration Adding a new migration file. Take care when merging. parser unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@quirinziessler @dogboat @manuel-sommer @mtesauro @valentijnscholten @Maffooch