Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Jira webhook comment duplicate patch #12333

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Apr 29, 2025
Merged

Jira webhook comment duplicate patch #12333

merged 3 commits into from
Apr 29, 2025

Conversation

Maffooch
Copy link
Contributor

This PR updates a few things to catch some corner cases:

[sc-10999]

@Maffooch Maffooch requested a review from mtesauro as a code owner April 29, 2025 00:10
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Apr 29, 2025
edited
Loading

DryRun Security

This pull request identifies a potential information disclosure risk in the regex stripping logic within the Jira link views, which could compromise comment traceability by inadvertently removing important metadata from user comments.

💭 Unconfirmed Findings (1)
Vulnerability Potential Information Disclosure through Regex Stripping
Description Located in dojo/jira_link/views.py, this finding highlights a risk where the regex used to strip user prefixes could unintentionally remove important context from comments. This might impact audit trails and comment traceability by obscuring original comment metadata if the prefix format changes.

All finding details can be found in the DryRun Security Dashboard.

mtesauro
mtesauro approved these changes Apr 29, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch added this to the 2.46.0 milestone Apr 29, 2025
valentijnscholten
valentijnscholten approved these changes Apr 29, 2025
View reviewed changes
Copy link
Member

@valentijnscholten valentijnscholten left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a little hard to oversee all the possible variations without unit cases. At the same it looks like this is a safe change as it only looks at comments created in the last 30 seconds, reducing the chance of falsely dropping a commdn and not storing it.

@Maffooch Maffooch merged commit 51c70e8 into DefectDojo:bugfix Apr 29, 2025
77 checks passed
@Maffooch Maffooch deleted the jira-webhook-comment-duplicate-patch branch April 29, 2025 19:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@valentijnscholten valentijnscholten valentijnscholten approved these changes

@dogboat dogboat dogboat approved these changes

@hblankenship hblankenship hblankenship approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.46.0
Development

Successfully merging this pull request may close these issues.
5 participants
@Maffooch @mtesauro @valentijnscholten @dogboat @hblankenship