Thanks to visit codestin.com
Credit goes to github.com

Skip to content

🎉 Add slackware security advisory to vulnid #12113

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 28, 2025
Merged

🎉 Add slackware security advisory to vulnid #12113

merged 1 commit into from
Mar 28, 2025

Conversation

manuel-sommer
Copy link
Contributor

It depends, but some use "SSA:" and some use "SSA-" to define the slackware security advisory. This PR covers both.

@github-actions github-actions bot added settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR ui labels Mar 27, 2025
@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

A patch was implemented in DefectDojo to improve Slackware Security Advisory (SSA) vulnerability URL mapping with considerations for potential URL validation risks in the template tags and settings.

Expand for full summary

Summary: A patch was made to the DefectDojo settings and template tags to add support for Slackware Security Advisory (SSA) vulnerability URL mapping and handling.

Security Findings:
• Potential URL Validation Consideration

  • Location: dojo/templatetags/display_tags.py
  • Risk: Potential unvalidated URL construction
  • Explanation: The code constructs vulnerability URLs without explicit validation of the base URL from settings.VULNERABILITY_URLS

Note: While no direct critical vulnerabilities were found, the URL construction process should be carefully reviewed to ensure it cannot be manipulated or lead to unintended redirects.

Code Analysis

We ran 7 analyzers against 2 files and 1 analyzer had findings. 6 analyzers had no findings.

Analyzer Findings
Configured Codepaths Analyzer 1 finding

Overall Riskiness

🔴 Risk threshold exceeded.

We've notified @mtesauro, @grendel513.

View PR in the DryRun Dashboard.

Maffooch
Maffooch approved these changes Mar 28, 2025
View reviewed changes
Copy link
Contributor

@Maffooch Maffooch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice job catching that there are two ways to achieve the same thing

mtesauro
mtesauro approved these changes Mar 28, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit f0ea0dd into DefectDojo:bugfix Mar 28, 2025
75 of 76 checks passed
@manuel-sommer manuel-sommer deleted the add_slackware_secadvisory branch March 28, 2025 21:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@hblankenship hblankenship hblankenship approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@manuel-sommer @mtesauro @dogboat @hblankenship @Maffooch