Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

summarizing multiple similar findings into problems #11432

Closed
wants to merge 15 commits into from

including problem for sensitiveCodePaths

f833581
Select commit
Loading
Failed to load commit list.
Closed

summarizing multiple similar findings into problems #11432

including problem for sensitiveCodePaths
f833581
Select commit
Loading
Failed to load commit list.
DryRunSecurity / Sensitive Files Analyzer succeeded Dec 23, 2024 in 0s

DryRun Security

Details

Sensitive Files Analyzer Findings: 4 detected

⚠️ Potential Sensitive File .dryrunsecurity.yaml (click for details)
Type Potential Sensitive File
Description The reason that this file is considered sensitive is because the dryrun security configuration file contains important and security critical configurations that if changed could result in vulnerabilities not being discovered prior to deployment.
Filename .dryrunsecurity.yaml
CodeLink

django-DefectDojo/.dryrunsecurity.yaml

Lines 18 to 24 in f833581

- 'dojo/metrics/*.py'
- 'dojo/note_type/*.py'
- 'dojo/notes/*.py'
- 'dojo/problem/*.py'
- 'dojo/product/*.py'
- 'dojo/product_type/*.py'
- 'dojo/reports/*.py'
⚠️ Potential Sensitive File docs/package-lock.json (click for details)
Type Potential Sensitive File
Description Node.js/ExpressJS/Next.js applications manage their dependencies through package.json and package-lock.json files. A change in these files may indicate an addition of a library/dependency which could introduce additional risk to the application either through vulnerable code, expansion of the application's attack surface via additional routes, or malicious code.
Filename docs/package-lock.json
CodeLink

django-DefectDojo/docs/package-lock.json

Lines 3636 to 3650 in f833581

"license": "MIT"
},
"node_modules/nanoid": {
"version": "3.3.8",
"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.8.tgz",
"integrity": "sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==",
"funding": [
{
"type": "github",
"url": "https://github.com/sponsors/ai"
}
],
"bin": {
"nanoid": "bin/nanoid.cjs"
},
⚠️ Potential Sensitive File dojo/problem/urls.py (click for details)
Type Potential Sensitive File
Description When a urls.py file is changed it often means that there have been changes to HTTP routes or endpoints in your Django application. As such, this changes the attack surface of the application and is a marker for risk.
Filename dojo/problem/urls.py
CodeLink

django-DefectDojo/dojo/problem/urls.py

Lines 1 to 27 in f833581

from django.urls import re_path
from dojo.problem import views
urlpatterns = [
# Listing operations
re_path(
r"^problems/all$",
views.ListProblems.as_view(),
name="all_problems",
),
re_path(
r"^problems/open$",
views.ListOpenProblems.as_view(),
name="open_problems",
),
re_path(
r"^problems/closed$",
views.ListClosedProblems.as_view(),
name="closed_problems",
),
re_path(
r"^problems/(?P<problem_id>\d+)/findings$",
views.ProblemFindings.as_view(),
name="problem_findings",
)
]
⚠️ Potential Sensitive File dojo/urls.py (click for details)
Type Potential Sensitive File
Description When a urls.py file is changed it often means that there have been changes to HTTP routes or endpoints in your Django application. As such, this changes the attack surface of the application and is a marker for risk.
Filename dojo/urls.py
CodeLink

django-DefectDojo/dojo/urls.py

Lines 82 to 88 in f833581

from dojo.engagement.urls import urlpatterns as eng_urls
from dojo.finding.urls import urlpatterns as finding_urls
from dojo.finding_group.urls import urlpatterns as finding_group_urls
from dojo.problem.urls import urlpatterns as problems_urls
from dojo.github_issue_link.urls import urlpatterns as github_urls
from dojo.group.urls import urlpatterns as group_urls
from dojo.home.urls import urlpatterns as home_urls
View more details on DryRunSecurity