django-DefectDojo icon indicating copy to clipboard operation
django-DefectDojo copied to clipboard
verified publisher icon DefectDojo

Improving date of discovery filter

Open hblankenship opened this issue 1 year ago • 1 comments

[sc-5885]

Fixed missing filter on Discovery Date. Now able to specify a range with from and to.

Test results

Tested locally and includes a fix for when labels are 'missing' in the report builder html.

hblankenship avatar May 14 '24 15:05 hblankenship

Hi there :wave:, @dryrunsecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Configured Codepaths Analyzer :white_check_mark: 0 findings
Sensitive Files Analyzer :white_check_mark: 0 findings
AppSec Analyzer :white_check_mark: 0 findings
Authn/Authz Analyzer :white_check_mark: 0 findings
Secrets Analyzer :white_check_mark: 0 findings

[!Note] :green_circle: Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy :robot:. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The changes in this pull request focus on improving the handling of placeholder text for input fields and select elements in the dojo/templates/dojo/report_builder.html file. The code now checks if the label element for an input field or select element exists and has valid HTML content before setting the placeholder text. This ensures that the placeholder text is not set if the label is not available.

For select elements with the multiple attribute, the code checks if the label element exists and has valid HTML content before setting the placeholder_text_multiple option for the Chosen.js library. This is a positive change that helps maintain the user experience.

From an application security perspective, these changes do not introduce any obvious security concerns. The code is focused on improving the user experience by setting appropriate placeholder text for form elements, which is a common practice in web application development.

However, it's important to review the overall codebase and ensure that there are no other security vulnerabilities, such as cross-site scripting (XSS), SQL injection, or improper input validation, as these could potentially impact the application's security.

Files Changed:

  1. dojo/templates/dojo/report_builder.html: The changes in this file focus on the handling of placeholder text for input fields and select elements. The code now checks if the label element exists and has valid HTML content before setting the placeholder text, ensuring a better user experience.

  2. dojo/filters.py: This file contains a set of Django filters for various models in the Defect Dojo application, including Finding, Product, Engagement, Endpoint, and others. These filters provide advanced search and filtering capabilities for the application's data, which is an important feature for a security-focused application.

Powered by DryRun Security

dryrunsecurity[bot] avatar May 14 '24 15:05 dryrunsecurity[bot]