Skip to content

Added Ability to Edit found_by value in API #13542

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Oct 29, 2025
Merged

Added Ability to Edit found_by value in API #13542

merged 2 commits into from
Oct 29, 2025

Conversation

@Jino-T
Copy link
Contributor

@Jino-T Jino-T commented Oct 27, 2025
edited
Loading

[sc-11934]

Tested and functional in API & Pro UI

Not able to remove found_by value associated with finding's test.

  • Ex: If finding was imported with Semgrep parser, you are unable to remove Semgrep from the found_by field.
  • A separate portion of code must check to make sure that this value is always present in found_by.
  • Let me know if you want me to look into this further and allow this functionality.

@github-actions github-actions bot added the apiv2 label Oct 27, 2025
@dryrunsecurity
Copy link

dryrunsecurity bot commented Oct 27, 2025
edited
Loading

DryRun Security

🔴 Risk threshold exceeded.

This pull request modifies a sensitive file (dojo/api_v2/serializers.py) with detected sensitive edits; review is recommended and you can configure sensitive paths and allowed authors in .dryrunsecurity.yaml. The scanner flagged the same file twice at a failing risk threshold but the findings are non-blocking.

🔴 Configured Codepaths Edit in dojo/api_v2/serializers.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.
🔴 Configured Codepaths Edit in dojo/api_v2/serializers.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.

We've notified @mtesauro.

All finding details can be found in the DryRun Security Dashboard.

@Maffooch Maffooch changed the title Added Ability to Edit found_by value in Pro-UI and API Added Ability to Edit found_by value in API Oct 27, 2025
@valentijnscholten
Copy link
Member

valentijnscholten commented Oct 27, 2025

I wonder how this field is used/edited? In the code it looks like it's only used to maintain a list of test types that reported this finding via the set of duplicates?

Maffooch
Maffooch previously requested changes Oct 27, 2025
View reviewed changes
@Jino-T @Maffooch
Update dojo/api_v2/serializers.py
ce7b737 
Use found_by.set to better replace values

Co-authored-by: Cody Maffucci <[email protected]>
@Jino-T
Copy link
Contributor Author

Jino-T commented Oct 28, 2025

Good idea Cody. I tested your suggestion and it works in the API.

@Jino-T Jino-T requested a review from Maffooch October 28, 2025 15:48
@Jino-T Jino-T dismissed Maffooch’s stale review October 28, 2025 15:48

Changes were made

@Maffooch Maffooch requested a review from blakeaowens October 28, 2025 16:16
@valentijnscholten valentijnscholten added this to the 2.52.0 milestone Oct 28, 2025
mtesauro
mtesauro approved these changes Oct 28, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch requested a review from blakeaowens October 29, 2025 17:31
@Maffooch Maffooch requested a review from blakeaowens October 29, 2025 17:32
@Maffooch
Copy link
Contributor

Maffooch commented Oct 29, 2025

Not sure if three approvals is quite enough...

@Maffooch Maffooch merged commit 62ba5e5 into DefectDojo:dev Oct 29, 2025
151 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@valentijnscholten valentijnscholten valentijnscholten approved these changes

@Maffooch Maffooch Maffooch approved these changes

@blakeaowens blakeaowens blakeaowens approved these changes

@paulOsinski paulOsinski Awaiting requested review from paulOsinski

Assignees

No one assigned

Labels

apiv2

Projects

None yet

Milestone

2.52.0

Development

Successfully merging this pull request may close these issues.

5 participants

@Jino-T @valentijnscholten @Maffooch @mtesauro @blakeaowens