Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sample Data: Remove audit logs entries #11752

Merged
merged 1 commit into from
Feb 7, 2025
Merged

Sample Data: Remove audit logs entries #11752

merged 1 commit into from
Feb 7, 2025

Conversation

Maffooch
Copy link
Contributor

@Maffooch Maffooch commented Feb 6, 2025

For some reason, loading sample data in a local setting does not work with auditlog.logentry entries, but it has been working in out unit tests. This PR will remove all auditlog.logentry entries from the sample data to ensure that both cases can work.

[sc-10141]

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Feb 6, 2025

DryRun Security Summary

The pull request modifies a Django test command to exclude audit logs from sample data dumps, introducing potential risks in data traceability, error handling, and validation processes.

Expand for full summary

This PR modifies a Django management command test to exclude auditlog entries when dumping sample data. Security findings:

  1. Data Handling Risk: Excluding auditlog.logentry might mask historical audit trail information in test scenarios, potentially reducing traceability and making it harder to track changes during testing.

  2. Test Methodology Concern: Generic exception handling in the test method could suppress specific error details, which might prevent proper error diagnosis and identification of potential data loading issues.

  3. Data Validation Limitation: The test lacks explicit data validation or integrity checks, which means potential data anomalies might go undetected during the sample data loading process.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

mtesauro
mtesauro approved these changes Feb 7, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit 17f0c38 into DefectDojo:bugfix Feb 7, 2025
72 checks passed
@Maffooch Maffooch deleted the fixture-fix branch February 7, 2025 16:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grendel513 grendel513 grendel513 approved these changes

@cneill cneill cneill approved these changes

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

Assignees
No one assigned
Labels
unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Maffooch @grendel513 @cneill @mtesauro @dogboat