🐛 fix AWS Endpoints broken #11815
🐛 fix AWS Endpoints broken #11815
Conversation
DryRun Security SummaryThe PR standardizes AWS endpoint host naming by replacing special characters with underscores across multiple files, addressing data transformation risks, improving input sanitization, and managing potential information disclosure in documentation. Expand for full summaryThe PR updates AWS-related parsers and migrations to standardize endpoint host naming by replacing special characters with underscores across multiple files. Security findings include:
No critical vulnerabilities were identified, but careful testing is recommended to ensure data integrity and expected behavior. Code AnalysisWe ran
Overall Riskiness🔴 Risk threshold exceeded. We've notified @mtesauro, @grendel513. |
|
@quirinziessler is the main issue here that endpoints cannot be edited in the UI after they are broken? If so, I am not sure if fixing this parser bug would be worth creating duplicate endpoints for all users using these parsers. For example, if users had 100 endpoints with ARNs containing colons, now they will have another 100 endpoint with underscores instead |
|
@Maffooch the main issue is that within imports errors are thrown and running into an HTTP 500 in the worst case (depending on finding amount). Furthermore the endpoints can not be migrated. Would a migration script solve your concerns? |
|
@Maffooch any news / decision here? |
|
Hi @quirinziessler yes, I think a migration would definitely help users out. Thanks! |
github-actions
bot
added
the
New Migration
done @Maffooch |
Bumps [cryptography](https://github.com/pyca/cryptography) from 44.0.0 to 44.0.1. - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@44.0.0...44.0.1) --- updated-dependencies: - dependency-name: cryptography dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* option a: catch IntegrityErrors * linting * fix object creation * fix object creation * bugfixing * bugfixing * Update dojo/api_v2/serializers.py
…efectDojo#11729) * Importer Close Old Findings: Accommodate different dedupe algorithms * Rename close_old_findings_report_Line31.json to close_old_findings_report_line31.json
…ded outside of import (DefectDojo#11732)
Co-authored-by: Kevin Vuong <[email protected]>
This reverts commit bc1785f.
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
|
Conflicts have been resolved. A maintainer will review the pull request shortly. |
fix for #11814