Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Docs updates: 2.44.2 #11985

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Mar 17, 2025
Merged

Docs updates: 2.44.2 #11985

merged 9 commits into from
Mar 17, 2025

Conversation

paulOsinski
Copy link
Contributor

@paulOsinski paulOsinski commented Mar 10, 2025
edited
Loading

  • removes https://docs.defectdojo.com/tags/ from docs: this is a 'Taxonomy' page created by Hugo and not something we use. Has no relation to the DD Tags feature. (Credit due to @h-enk for this one!)
  • adds guide to audit logging
  • adds guide to assigning permissions in DefectDojo Pro

[sc-10460]
[sc-10474]
[sc-10205]

@github-actions github-actions bot added the docs label Mar 10, 2025
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Mar 10, 2025
edited
Loading

DryRun Security Summary

Documentation updates for DefectDojo reveal potential information disclosure risks through insecure URLs, sensitive path references, and system detail exposures across multiple documentation files.

Expand for full summary

PR Summary:
Documentation updates for DefectDojo, focusing on user management, permissions, audit logging, and configuration settings across multiple documentation files.

Security Findings:

  1. Insecure Base URL Risk (docs/config/_default/hugo.toml):

    • Base URL uses http://localhost/, which is an insecure, non-encrypted protocol
    • Potential exposure to man-in-the-middle attacks if accidentally deployed externally

  2. URL Exposure (docs/content/en/connecting_your_tools/universal_parser.md):

    • References a community presentation URL that should be verified for security
    • Detailed parser functionality explanation could potentially assist attackers

  3. Potential Information Disclosure (Multiple Files):

    • Documentation references to specific UI elements, paths, and system details
    • Image references might contain sensitive system information
    • Includes links to internal documentation paths that could reveal system structure

  4. Sensitive Path References (docs/content/en/customize_dojo/user_management/pro_permissions_overhaul.md):

    • Contains relative links to documentation pages that might expose system details
    • References to Beta UI elements indicating potential unreleased features

  5. URL Integrity Concerns:

    • Multiple files contain markdown links that should be carefully verified to prevent potential information disclosure or navigation issues

While no critical code vulnerabilities were found, the documentation reveals several potential information exposure points that should be carefully reviewed.

View PR in the DryRun Dashboard.

@paulOsinski paulOsinski changed the title docs updates for 2.44.2 Docs updates: 2.44.2 Mar 10, 2025
dogboat
dogboat requested changes Mar 14, 2025
View reviewed changes
@Maffooch Maffooch requested a review from dogboat March 17, 2025 16:36
dogboat
dogboat requested changes Mar 17, 2025
View reviewed changes
cneill
cneill reviewed Mar 17, 2025
View reviewed changes
Copy link
Contributor

@cneill cneill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tiny nitpick, otherwise looks good

@Maffooch Maffooch requested a review from cneill March 17, 2025 18:30
@Maffooch Maffooch merged commit bcca5a0 into DefectDojo:bugfix Mar 17, 2025
77 checks passed
iago-r pushed a commit to iago-r/django-DefectDojo that referenced this pull request Mar 27, 2025
@paulOsinski @Maffooch
@dogboat @cneill
Docs updates: 2.44.2 (DefectDojo#11985)
9614aae 
* rm Hugo taxonomy pages from docs: the unused 'https://docs.defectdojo.com/tags' page for example

* Pro Release notes : 2.44.1 (DefectDojo#11983)

* update changelog 2.44

* 2.44.1 release notes

---------

Co-authored-by: Paul Osinski <[email protected]>

* document permissions overhaul

* add audit log documentation

* Apply suggestions from code review

* Rename odic.png to oidc.png

* Update docs/content/en/changelog/changelog.md

Co-authored-by: Sean Reid <[email protected]>

* Update docs/content/en/customize_dojo/user_management/audit_logging.md

Co-authored-by: Charles Neill <[email protected]>

---------

Co-authored-by: Paul Osinski <[email protected]>
Co-authored-by: Cody Maffucci <[email protected]>
Co-authored-by: Sean Reid <[email protected]>
Co-authored-by: Charles Neill <[email protected]>
@paulOsinski paulOsinski deleted the docsupdates branch March 28, 2025 19:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Maffooch Maffooch Maffooch approved these changes

@cneill cneill cneill approved these changes

@dogboat dogboat dogboat approved these changes

@hblankenship hblankenship hblankenship approved these changes

Assignees
No one assigned
Labels
docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@paulOsinski @cneill @dogboat @hblankenship @Maffooch