Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Global Audit View: Vulnerabilities #2472

Merged
merged 16 commits into from
Feb 21, 2024
Merged

Global Audit View: Vulnerabilities #2472

merged 16 commits into from
Feb 21, 2024

Commits on Feb 8, 2024

  1. Global Audit View: Vulnerabilities 

    Adds two new API methods to the FindingResource, which return a
filtered list (ACL and optional other filters) of every finding, either
by occurrence or grouped by vulnerability, to allow users to quickly
get every finding for all of their projects.

Signed-off-by: RBickert <[email protected]>
    @rbt-mm
    rbt-mm committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    8c2dc7b View commit details
    Browse the repository at this point in the history

  2. Add tests 

    Adds test for the new class `GroupedFinding` and for the new methods in
the `FindingResource`.

Signed-off-by: RBickert <[email protected]>
    @rbt-mm
    rbt-mm committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    1f94afe View commit details
    Browse the repository at this point in the history

  3. Fix for PostgreSQL and MSSQL 

    Signed-off-by: RBickert <[email protected]>
    @rbt-mm
    rbt-mm committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    ace1728 View commit details
    Browse the repository at this point in the history

  4. Put logic for new API methods in dedicated class 

    Calculate severity if NULL in database

Adjust tests

Signed-off-by: RBickert <[email protected]>
    @rbt-mm
    rbt-mm committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    38f9034 View commit details
    Browse the repository at this point in the history

  5. Integrate pagination and ordering in backend 

    Integrates server side pagination and ordering in
FindingsSearchQueryManager to reduce the Frontend traffic by only
sending the necessary data

Signed-off-by: RBickert <[email protected]>
    @rbt-mm
    rbt-mm committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    5a9d3b9 View commit details
    Browse the repository at this point in the history

  6. Fix checkstyle errors 

    Signed-off-by: RBickert <[email protected]>
    @rbt-mm
    rbt-mm committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    bec9ef8 View commit details
    Browse the repository at this point in the history

  7. Change from hierarchic ACL to simple ACL 

    Signed-off-by: RBickert <[email protected]>
    @rbt-mm
    rbt-mm committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    d8e1dbb View commit details
    Browse the repository at this point in the history

  8. Fix possible SQL injection for PostgreSQL 

    Signed-off-by: RBickert <[email protected]>
    @rbt-mm
    rbt-mm committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    e23a159 View commit details
    Browse the repository at this point in the history

  9. Adjust tests to new ACL logic 

    Signed-off-by: RBickert <[email protected]>
    @rbt-mm
    rbt-mm committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    465d1b6 View commit details
    Browse the repository at this point in the history

  10. Fix wrong query when getting grouped findings 

    Signed-off-by: RBickert <[email protected]>
    @rbt-mm
    rbt-mm committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    d0aae46 View commit details
    Browse the repository at this point in the history

  11. Remove first and last occurrence from grouped finding 

    Signed-off-by: RBickert <[email protected]>
    @rbt-mm
    rbt-mm committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    00ca26b View commit details
    Browse the repository at this point in the history

  12. Rename "CVSS" to "CVSSv3" 

    Signed-off-by: RBickert <[email protected]>
    @rbt-mm
    rbt-mm committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    7d6b59e View commit details
    Browse the repository at this point in the history

  13. Add CVSSv2 to FindingsSearchQueryManager 

    Adds filters and sorting for CVSSv2 to the FindingsSearchQueryManager
to use it in the Vulnerability Audit in the Frontend

Signed-off-by: RBickert <[email protected]>
    @rbt-mm
    rbt-mm committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    1eb0399 View commit details
    Browse the repository at this point in the history

  14. Fix duplicate entries in Vulnerability Audit 

    Fixes duplicate entries of the same finding appearing for
every team membership of the user

Signed-off-by: RBickert <[email protected]>
    @rbt-mm
    rbt-mm committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    fa3cc93 View commit details
    Browse the repository at this point in the history

  15. Make "getAllFindings" test consistent by ordering result 

    Signed-off-by: RBickert <[email protected]>
    @rbt-mm
    rbt-mm committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    506b0dc View commit details
    Browse the repository at this point in the history

  16. Remove CweImporter from FindingResourceTest 

    Signed-off-by: RBickert <[email protected]>
    @rbt-mm
    rbt-mm committed Feb 8, 2024
    Configuration menu
    Copy the full SHA
    33ce964 View commit details
    Browse the repository at this point in the history