Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Implement Albibaba Linux vulnids #12304

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 26, 2025
Merged

Implement Albibaba Linux vulnids #12304

merged 1 commit into from
Apr 26, 2025

Conversation

manuel-sommer
Copy link
Contributor

@github-actions github-actions bot added settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR ui labels Apr 23, 2025
@dryrunsecurity DryRunSecurity
Copy link

DryRun Security

🔴 Risk threshold exceeded.

This pull request involves a sensitive edit to the dojo/templatetags/display_tags.py file and includes a patch for Alibaba Cloud Linux 2 security advisory support with improved vulnerability reference handling.

⚠️ Configured Codepaths Edit in dojo/templatetags/display_tags.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.
💭 Unconfirmed Findings (1)
Vulnerability Alibaba Cloud Linux 2 Security Advisory Support
Description A patch that adds support for Alinux2 security advisory URL handling, expanding vulnerability reference capabilities. The implementation uses HTTPS and points to an official Alibaba Cloud mirror, with input transformation to potentially prevent URL manipulation.

We've notified @mtesauro.

All finding details can be found in the DryRun Security Dashboard.

mtesauro
mtesauro approved these changes Apr 24, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 48a7a73 into DefectDojo:bugfix Apr 26, 2025
75 of 76 checks passed
@manuel-sommer manuel-sommer deleted the alibabacloudlinuxvulnid branch April 27, 2025 20:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@hblankenship hblankenship hblankenship approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR ui
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@manuel-sommer @mtesauro @dogboat @hblankenship @Maffooch