Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🎉 add MGASA vulnid #11668

Open
wants to merge 1 commit into
base: bugfix
Choose a base branch
from
Open

🎉 add MGASA vulnid #11668

wants to merge 1 commit into from

Conversation

manuel-sommer
Copy link
Contributor

No description provided.

@github-actions github-actions bot added the settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR label Jan 27, 2025
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Jan 27, 2025
edited
Loading

DryRun Security Summary

The pull request enhances DefectDojo's vulnerability ID mapping functionality by adding new mappings for "MGASA-", "OSV-", and "PYSEC-" prefixes in the settings file, enabling automatic generation of links to corresponding vulnerability information pages.

Expand for full summary

Summary:

The code change in this pull request is focused on enhancing the vulnerability ID mapping functionality in the dojo/settings/settings.dist.py file of the DefectDojo application. Specifically, it is adding new mappings for the "MGASA-", "OSV-", and "PYSEC-" vulnerability ID prefixes, which will allow DefectDojo to automatically generate links to the corresponding vulnerability information pages when these prefixes are encountered in the data being processed.

From an application security perspective, this change is a positive improvement that will increase the usefulness and value of the DefectDojo application for organizations managing their application security posture. By expanding the set of supported vulnerability ID formats, DefectDojo can provide more comprehensive and accurate vulnerability information to its users, which can help improve their overall security awareness and decision-making.

Files Changed:

  • dojo/settings/settings.dist.py: This file has been updated to add new vulnerability ID mapping formats to the saml2_attrib_map_format function. Specifically, the following new mappings have been added:
    1. "MGASA-": "https://advisories.mageia.org/&&.html" - This maps the "MGASA-" vulnerability ID prefix to the Mageia Linux security advisories URL.
    2. "OSV-": "https://osv.dev/vulnerability/" - This maps the "OSV-" vulnerability ID prefix to the OSV (Open Source Vulnerabilities) vulnerability database URL.
    3. "PYSEC-": "https://osv.dev/vulnerability/" - This maps the "PYSEC-" vulnerability ID prefix to the OSV vulnerability database URL.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Jan 27, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@manuel-sommer manuel-sommer reopened this Jan 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Maffooch Maffooch Maffooch approved these changes

@mtesauro mtesauro mtesauro approved these changes

At least 4 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
settings_changes Needs changes to settings.py based on changes in settings.dist.py included in this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@manuel-sommer @mtesauro @Maffooch