Thanks to visit codestin.com
Credit goes to github.com

Skip to content

jira push: log inactive/verified message to debug #12376

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 6, 2025
Merged

jira push: log inactive/verified message to debug #12376

merged 1 commit into from
May 6, 2025

Conversation

valentijnscholten
Copy link
Member

In #11738 we reduced the noise for when a push to jira was triggered for findings that were not active or not verified.

There was one place left where this message was still logged on ERROR level. Since this is a normal scenario, logging to DEBUG is sufficient. User triggering this action via the UI are still getting a msg as feedback.

Reported via Slack: https://owasp.slack.com/archives/C2P5BA8MN/p1746205059640759

@valentijnscholten valentijnscholten added this to the 2.46.1 milestone May 4, 2025
@valentijnscholten valentijnscholten marked this pull request as ready for review May 4, 2025 10:26
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented May 4, 2025

DryRun Security

This pull request modifies logging levels in a way that could potentially hide critical error information and make troubleshooting more difficult by reducing the visibility of diagnostic details about Jira integration attempts.

💭 Unconfirmed Findings (2)
Vulnerability Reduced Error Visibility
Description Critical error information may be hidden from administrators and security monitoring systems. Changing logger from error to debug level reduces prominence of error logging, potentially masking important integration issues or failures.
Vulnerability Potential Diagnostic Information Suppression
Description Debug-level logs are less visible and may be disabled in production environments. This creates a risk of losing important diagnostic information about Jira integration attempts and could impede troubleshooting and security incident investigation.

All finding details can be found in the DryRun Security Dashboard.

@Maffooch Maffooch requested review from dogboat and hblankenship May 5, 2025 19:40
mtesauro
mtesauro approved these changes May 6, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@mtesauro mtesauro merged commit 10155ce into DefectDojo:bugfix May 6, 2025
76 checks passed
Maffooch added a commit that referenced this pull request May 7, 2025
@Maffooch @jfyuen
@cneill @valentijnscholten
Release: Merge release into master from: release/2.46.1 (#12402)
1b6e43b 
* Update versions in application files

* ui: fix "retrieve my username" typo (#12368)

* Minor Semgrep connector docs tweaks (#12373)

* jira push: log inactive/verified message to debug (#12376)

* helm chart publisher: use proper ref for checkout (#12392)

* tags: prevent validation from removing tags (#12400)

* tags: prevent validation from removing tags

* tags: prevent validation from removing tags smoke test

* tags: prevent validation from removing tags smoke test

* tags: prevent validation from removing tags remove ui test

* Update versions in application files

---------

Co-authored-by: DefectDojo release bot <[email protected]>
Co-authored-by: Cody Maffucci <[email protected]>
Co-authored-by: Jean-François YUEN <[email protected]>
Co-authored-by: Charles Neill <[email protected]>
Co-authored-by: valentijnscholten <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@hblankenship hblankenship hblankenship approved these changes

@Maffooch Maffooch Maffooch approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.46.1
Development

Successfully merging this pull request may close these issues.
5 participants
@valentijnscholten @mtesauro @dogboat @hblankenship @Maffooch