Add a filter for Findings for Has Any JIRA (grouped or single)

[hblankenship]

[sc-4131]

Added a filter for Has Any JIRA which will filter the findings on having group jira or jira_issue. This will also allow a dashboard tile to exist that shows all findings with any type of JIRA issue.

[dryrunsecurity]

DryRun Security Summary

The code change introduces a new filter in the Django application to allow users to filter findings based on whether they have a JIRA issue associated with them, as part of the application's vulnerability management capabilities and JIRA integration, with potential security considerations around the JIRA integration, sensitive information exposure, the complexity of "Finding Groups", and the importance of a robust permissions and authorization system.

Expand for full summary

Summary:

This code change introduces a new filter called "FindingHasJIRAFilter" in the Django application, which allows users to filter findings based on whether they have a JIRA issue associated with them or not. This feature is part of the application's vulnerability management capabilities and integration with the JIRA issue tracking system.

From an application security perspective, the key points to consider are the potential risks associated with the JIRA integration, the exposure of sensitive information through the filtering functionality, the complexity introduced by the "Finding Groups" feature, and the importance of having a robust permissions and authorization system to ensure that users can only access and perform actions that they are authorized to do. It is crucial to ensure that the implementation of these features is done securely, with appropriate controls and safeguards in place to protect sensitive information and prevent unauthorized access or actions.

Files Changed:

• dojo/filters.py: This file has been updated to include the implementation of the new "FindingHasJIRAFilter" filter. This filter is used to allow users to filter findings based on whether they have a JIRA issue associated with them or not. The code also suggests the existence of "Finding Groups", which allow multiple findings to be grouped together, and a permissions and authorization system with various roles and permissions defined.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[Maffooch]

Suggested change

	has_any_jira = FindingHasJIRAFilter(label="Has Any JIRA")
	has_any_jira = FindingHasJIRAFilter(label="Has Any JIRA")

This should be present if groups are enabled or not, since regular jira links are a part of this