Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding range filters for EPSS #11469

Open
wants to merge 1 commit into
base: bugfix
Choose a base branch
from
Open

Adding range filters for EPSS #11469

wants to merge 1 commit into from

Conversation

hblankenship
Copy link
Collaborator

@hblankenship hblankenship commented Dec 24, 2024
edited
Loading

Added EPSS score and percentile range filters. You can set the values to the same number for exact matches.

[sc-7760]

@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The pull request enhances Defect Dojo's filtering capabilities by introducing a PercentageRangeFilter and several specialized filter classes to provide security teams with more granular control over identifying, prioritizing, and managing vulnerabilities.

Expand for full summary

Summary:

The changes made in this pull request appear to be focused on enhancing the filtering capabilities of the Defect Dojo application. The key changes include the addition of a new PercentageRangeFilter class, which allows for filtering on a range of percentage values, such as EPSS score and percentile. Additionally, several specialized filter classes have been introduced, including filters for accepted findings, similar findings, and metrics-related findings. These changes are likely aimed at providing security teams with more granular control over the way they identify, prioritize, and manage vulnerabilities within the application.

From an application security perspective, the addition of the PercentageRangeFilter is particularly interesting, as it could enable security analysts to more effectively identify findings with a high EPSS score or percentile, which may indicate a higher risk. The specialized filters for accepted findings, similar findings, and metrics-related findings could also be useful for security teams to better understand the risk profile of the application and focus their efforts on the most critical issues.

Files Changed:

  • dojo/filters.py: This file contains various filter classes used in the Defect Dojo application. The changes include:
    • Addition of a new PercentageRangeFilter class, which allows filtering on a range of percentage values.
    • Updates to the ApiFindingFilter, FindingFilterHelper, and TemplateFindingFilter classes to include the new PercentageRangeFilter.
    • Addition of new specialized filter classes, such as FindingFilterWithoutObjectLookups, AcceptedFindingFilter, SimilarFindingFilter, ApiTemplateFindingFilter, MetricsFindingFilter, and MetricsEndpointFilter.
    • Modifications to existing filter classes to include new filtering options and functionality.

These changes are aimed at improving the filtering capabilities of the Defect Dojo application, which can be a valuable tool for security teams to manage and prioritize vulnerabilities within their applications.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Dec 27, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

At least 4 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hblankenship @mtesauro