Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Remove non-working DD_SLA_BUSINESS_DAYS feature to avoid confusion #12131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 26, 2025
Merged

Remove non-working DD_SLA_BUSINESS_DAYS feature to avoid confusion #12131

merged 3 commits into from
Apr 26, 2025

Conversation

valentijnscholten
Copy link
Member

As reported in #11833 the SLA Business days feature is nog longer working. There are currently no plans to reintroduce it. This PR removes left over code and configuration settings to avoid confusion.
If the feature returns, it will probably be part of the SLA Configuration settings so it can re-use the existing recalculation logic on configuration changes.
Please follow #11833 for future developments.

@github-actions github-actions bot added New Migration Adding a new migration file. Take care when merging. settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR docs labels Mar 29, 2025
@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The patch simplifies SLA and date handling in DefectDojo by removing business day calculations and related configuration settings, potentially impacting compliance tracking and reporting mechanisms.

Expand for full summary

Summary: The patch involves removing SLA business day calculations across multiple files in the DefectDojo project, simplifying date handling and configuration settings related to finding age and SLA tracking.

Security Findings:
• Potential Security Implications of SLA Calculation Changes

  • Removal of business day calculations might change SLA tracking behavior
  • Could impact compliance and reporting mechanisms
  • Might alter how finding ages and SLA breaches are calculated

• Date Handling Modifications

  • Simplified date type conversions could potentially introduce subtle calculation risks
  • Removal of conditional date calculation logic may affect time-sensitive tracking

• Configuration Changes

  • Removal of DD_SLA_BUSINESS_DAYS and SLA_BUSINESS_DAYS settings
  • Potential impact on existing business logic and reporting processes

• Indirect Security Considerations

  • Simplified code may reduce complexity but could introduce unintended behavioral changes
  • Stakeholders should verify that configuration removal aligns with operational requirements

View PR in the DryRun Dashboard.

@valentijnscholten valentijnscholten changed the title Remove DD_SLA_BUSINESS_DAYS feature Remove non-working DD_SLA_BUSINESS_DAYS feature to avoid confusion Mar 29, 2025
Maffooch
Maffooch requested changes Mar 31, 2025
View reviewed changes
Copy link
Contributor

@Maffooch Maffooch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR looks good overall. I think this should wait until the 2.46.0 release given how close we are to 2.45.0. It would be preferable to allow as much soak time as we can

@Maffooch Maffooch added this to the 2.46.0 milestone Mar 31, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 3, 2025

This pull request has conflicts, please resolve those before we can evaluate the pull request.

@Maffooch
Copy link
Contributor

@valentijnscholten please see conflicts on this one and prep for the 2.46.0 release

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Apr 14, 2025
edited
Loading

DryRun Security

This pull request introduces potential configuration and documentation changes that could impact time-sensitive tracking, date handling, and input validation, with a minor risk of information disclosure through an exposed GitHub issue link.

💭 Unconfirmed Findings (4)
Vulnerability GitHub Issue Link Exposure
Description Reveals internal project tracking information through a publicly visible issue link in the documentation file 'docs/content/en/open_source/upgrading/2.46.md'. Potential risk of information disclosure.
Vulnerability Configuration Removal Implications
Description Removal of 'DD_SLA_BUSINESS_DAYS' setting in 'dojo/settings/settings.dist.py' could impact time-sensitive tracking and security monitoring processes by altering SLA calculation mechanisms.
Vulnerability Date Handling Modifications
Description Changes in date calculation logic across multiple files ('dojo/models.py', 'dojo/utils.py') might introduce unexpected behavior, potentially affecting compliance or tracking mechanisms through simplified date processing.
Vulnerability Tag Validation Changes
Description New tag validation rules in 'docs/content/en/open_source/upgrading/2.46.md' prevent certain characters, representing a potential improvement in input validation to mitigate injection risks.

All finding details can be found in the DryRun Security Dashboard.

@valentijnscholten valentijnscholten force-pushed the sla-business-days-removal branch from f0a2a36 to 3d637d0 Compare April 17, 2025 07:22
@github-actions GitHub Actions
Copy link
Contributor

Conflicts have been resolved. A maintainer will review the pull request shortly.

@Maffooch Maffooch closed this Apr 21, 2025
@Maffooch Maffooch reopened this Apr 21, 2025
mtesauro
mtesauro approved these changes Apr 24, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit a6b411a into DefectDojo:dev Apr 26, 2025
80 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cneill cneill cneill approved these changes

@mtesauro mtesauro mtesauro approved these changes

@Maffooch Maffooch Maffooch approved these changes

@blakeaowens blakeaowens blakeaowens approved these changes

Assignees
No one assigned
Labels
docs New Migration Adding a new migration file. Take care when merging. settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR
Projects
None yet
Milestone
2.46.0
Development

Successfully merging this pull request may close these issues.
5 participants
@valentijnscholten @Maffooch @cneill @mtesauro @blakeaowens