Skip to content

view_endpoint: fix error #12343

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
May 1, 2025
Merged

view_endpoint: fix error #12343

merged 10 commits into from
May 1, 2025

Conversation

valentijnscholten
Copy link
Member

@valentijnscholten valentijnscholten commented Apr 29, 2025
edited
Loading

Fixes #12295

The view endpoint page (used to view a host) was broken since #11952.

The problem is that the zip here cannot be set to be strict as the lists are deliberately created with different lengths. I believe this is done to be a "performant" way to pad the endpoints into num_cols columns. Any solution that could work with strict=True would have to determine the length of the queryset with endpoints. This could be considered inefficient for large querysets (even though maybe django just does a count() query). I believe we should just accept that this zip needs strict=False.

Added a UI test to prevent regressions. #12344 should prove that it fails if an error is present in the view_endpoint code.

@valentijnscholten valentijnscholten added this to the 2.46.0 milestone Apr 29, 2025
@github-actions github-actions bot added the ui label Apr 29, 2025
@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Apr 29, 2025
edited
Loading

DryRun Security

This pull request involves a potential template rendering modification that could introduce unexpected behavior by allowing unequal list zipping, and includes some test file updates to expand test coverage.

💭 Unconfirmed Findings (2)
Vulnerability Potential Unintended Behavior in Template Rendering
Description Located in dojo/templatetags/display_tags.py, this change involves modifying the zip() function from strict=True to strict=False, which allows zipping of unequal lists. This could potentially cause unexpected rendering by padding with None values, leading to visual or logical template inconsistencies.
Vulnerability Test File Modifications
Description Changes in tests/endpoint_test.py appear to be focused on expanding test coverage. No direct security vulnerabilities were detected in these modifications.

All finding details can be found in the DryRun Security Dashboard.

@valentijnscholten valentijnscholten mentioned this pull request Apr 29, 2025
Open
3 tasks
@valentijnscholten valentijnscholten marked this pull request as draft April 29, 2025 21:32
@valentijnscholten valentijnscholten marked this pull request as ready for review April 30, 2025 06:15
mtesauro
mtesauro approved these changes Apr 30, 2025
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit 5635f69 into DefectDojo:bugfix May 1, 2025
77 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@hblankenship hblankenship hblankenship approved these changes

@Maffooch Maffooch Maffooch approved these changes

@kiblik kiblik Awaiting requested review from kiblik

Assignees
No one assigned
Labels
integration_tests ui
Projects
None yet
Milestone
2.46.0
Development

Successfully merging this pull request may close these issues.
5 participants
@valentijnscholten @mtesauro @dogboat @hblankenship @Maffooch