Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mitigated On/Before/After now use DateTimeFilter #11472

Open
wants to merge 1 commit into
base: bugfix
Choose a base branch
from
Open

Mitigated On/Before/After now use DateTimeFilter #11472

wants to merge 1 commit into from
+7 −6

Conversation

hblankenship
Copy link
Collaborator

Fixes filtering for mitigation for the on/before/after fields

[sc-7759]

@dryrunsecurity DryRunSecurity
Copy link

DryRun Security Summary

The pull request enhances the Defect Dojo application's filtering capabilities by adding DateTimeFilter for mitigated date fields, improving the ability to track and manage findings more precisely.

Expand for full summary

Summary:

The changes in this pull request are focused on improving the filtering functionality of the Defect Dojo application, specifically related to the mitigated date of findings. The changes include the addition of a DateTimeFilter for the mitigated_on, mitigated_before, and mitigated_after fields in the ApiFindingFilter and FindingFilterHelper classes. This enhancement allows for more precise filtering of findings based on the mitigated date, which can be useful for security teams to better understand the status of findings and track their remediation progress.

From an application security perspective, these changes do not directly address any specific security vulnerabilities. However, they do improve the overall functionality and usability of the Defect Dojo application, which can indirectly contribute to a more secure environment by providing security teams with better tools to manage and track findings.

Files Changed:

  • dojo/filters.py: This file contains the changes related to the addition of the DateTimeFilter for the mitigated_on, mitigated_before, and mitigated_after fields in the ApiFindingFilter and FindingFilterHelper classes. These changes improve the filtering functionality of the Defect Dojo application, allowing for more granular control over the tracking and management of findings based on their mitigated date.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

Maffooch
Maffooch reviewed Jan 2, 2025
View reviewed changes
dojo/filters.py
Comment on lines +1460 to +1462
mitigated_on = DateTimeFilter(field_name="mitigated", lookup_expr="exact")
mitigated_before = DateTimeFilter(field_name="mitigated", lookup_expr="lt")
mitigated_after = DateTimeFilter(field_name="mitigated", lookup_expr="gt")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If a user were to be reliant on passing a date to this filter, would the API accept the absence of the timestamp? For example, if the query was mitigated_on=2025-01-02 would a validation error be thrown?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A validation error does not get thrown if you use 2025-01-02 without the timestamp. Should it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Maffooch Maffooch Maffooch left review comments

At least 4 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hblankenship @Maffooch