Skip to content

Added Ability to Edit found_by value in API #13542

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: dev
Choose a base branch
from
Open

Added Ability to Edit found_by value in API #13542

wants to merge 2 commits into from
+13 −0

Conversation

@Jino-T
Copy link
Contributor

@Jino-T Jino-T commented Oct 27, 2025
edited by Maffooch
Loading

[sc-11934]

Tested and functional in API.

Not able to remove found_by value associated with finding's test.

  • Ex: If finding was imported with Semgrep parser, you are unable to remove Semgrep from the found_by field.
  • A separate portion of code must check to make sure that this value is always present in found_by.
  • Let me know if you want me to look into this further and allow this functionality.

@github-actions github-actions bot added the apiv2 label Oct 27, 2025
@dryrunsecurity
Copy link

dryrunsecurity bot commented Oct 27, 2025
edited
Loading

DryRun Security

🔴 Risk threshold exceeded.

This pull request modifies a sensitive file (dojo/api_v2/serializers.py) with detected sensitive edits; review is recommended and you can configure sensitive paths and allowed authors in .dryrunsecurity.yaml. The scanner flagged the same file twice at a failing risk threshold but the findings are non-blocking.

🔴 Configured Codepaths Edit in dojo/api_v2/serializers.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.
🔴 Configured Codepaths Edit in dojo/api_v2/serializers.py
Vulnerability Configured Codepaths Edit
Description Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml.

We've notified @mtesauro.

All finding details can be found in the DryRun Security Dashboard.

@Maffooch Maffooch changed the title Added Ability to Edit found_by value in Pro-UI and API Added Ability to Edit found_by value in API Oct 27, 2025
@valentijnscholten
Copy link
Member

I wonder how this field is used/edited? In the code it looks like it's only used to maintain a list of test types that reported this finding via the set of duplicates?

Maffooch
Maffooch previously requested changes Oct 27, 2025
View reviewed changes
@Jino-T @Maffooch
Update dojo/api_v2/serializers.py
ce7b737 
Use found_by.set to better replace values

Co-authored-by: Cody Maffucci <46459665+Maffooch@users.noreply.github.com>
@Jino-T
Copy link
Contributor Author

Jino-T commented Oct 28, 2025

Good idea Cody. I tested your suggestion and it works in the API.

@Jino-T Jino-T requested a review from Maffooch October 28, 2025 15:48
@Jino-T Jino-T dismissed Maffooch’s stale review October 28, 2025 15:48

Changes were made

@Maffooch Maffooch requested a review from blakeaowens October 28, 2025 16:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@valentijnscholten valentijnscholten valentijnscholten approved these changes

@Maffooch Maffooch Maffooch approved these changes

@mtesauro mtesauro Awaiting requested review from mtesauro mtesauro is a code owner

@paulOsinski paulOsinski Awaiting requested review from paulOsinski

@blakeaowens blakeaowens Awaiting requested review from blakeaowens

At least 4 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

apiv2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Jino-T @valentijnscholten @Maffooch