Add DTSA to vulnid

[manuel-sommer]

https://security-tracker.debian.org/tracker/data/missing-epochs --> Search for DTSA

[dryrunsecurity]

DryRun Security Summary

The pull request updates the configuration files for the DefectDojo application, including a change to the SHA-256 checksum file for the settings.dist.py file and the addition of new vulnerability URL mappings to the settings.dist.py file, which do not introduce any immediate security concerns.

Expand for full summary

Summary:

The changes in this pull request are focused on updating configuration files for the DefectDojo application. The first change updates the SHA-256 checksum file for the settings.dist.py configuration file, while the second change adds new vulnerability URL mappings to the settings.dist.py file itself.

From an application security perspective, the changes do not introduce any immediate security concerns. The update to the checksum file is a routine maintenance task to ensure the integrity of the configuration file, and the addition of new vulnerability URL mappings is an enhancement to the application's functionality.

However, it is important to ensure that the new hash value in the checksum file is correct and that the settings.dist.py file has been properly reviewed for any security vulnerabilities or issues. Additionally, the process of updating the checksum file should be secure, and the new hash value should be properly propagated to any systems or environments that rely on it.

Files Changed:

1. dojo/settings/.settings.dist.py.sha256sum: This file contains a SHA-256 hash value that can be used to verify the integrity of the settings.dist.py file. The code change updates the hash value from 93f0a72eaae484814b5b38dba8dc57d529ea3c414b7fa4da8b2e347851dba46e to 697aa434382990cee958fe4876b00edb0ee30275fce26fb14ce5f6b59833c9e1.

2. dojo/settings/settings.dist.py: This file is a configuration file for the DefectDojo application. The code change adds new vulnerability URL mappings to the VULNERABILITY_URLS dictionary, allowing the application to generate links to vulnerability information for specific vulnerability identifiers (e.g., DSA, DTSA, TEMP).

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mtesauro]

Approved

[mtesauro]

@manuel-sommer OK, I have to ask, where are you finding all these? None of them surprised me that they exist but I'm super curious if these are being reported by a tool you're using or if you're just searching around to find them.

Sorry, my curiosity is getting the better of me. 😄

[manuel-sommer]

A mixture of both. Multiple of them were reported through tools. I regularly review the findings and from time to time I find vulnids which can't be resolved. Then, I make a PR. Also, to deal with this in future scenarios, I advanced my research for future occurances of other findings. --> e.g. https://linuxsecurity.com/ --> Advisories
Last, before I use a scanner, I review the appropriate parser and fix as many inconsistencies as possible for future use.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[Maffooch]

Sorry, my curiosity is getting the better of me. 😄

I have been very curious as well 😂 you're quite the detective @manuel-sommer