8000 Added optional `mitigation` attribute to findings by Ilyesbdlala · Pull Request #1639 · secureCodeBox/secureCodeBox · GitHub 8000
[go: up one dir, main page]
Skip to content

Added optional mitigation attribute to findings #1639

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Ilyesbdlala merged 12 commits into from
Mar 21, 2023
Merged

Added optional mitigation attribute to findings #1639

Ilyesbdlala merged 12 commits into from
Mar 21, 2023

Conversation

@Ilyesbdlala
Copy link
Member
@Ilyesbdlala Ilyesbdlala commented Mar 13, 2023
edited
Loading

Description

Relates to #519
The attribute mitigation is added to scanners who include explicit solution in their results or where the solution is almost always the same (i.e ncrack -> use a more secure password)
Scanners that are usually informational (such as NMAP) are excluded.

Scanners affected:

  • ncrack
  • ssh-scan
  • trivy
  • typo3scan
  • Zap/Zap-Advanced
  • sslyze

Checklist

  • Test your changes as thoroughly as possible before you commit them. Preferably, automate your test by unit/integration tests.
  • Make sure that all your commits are signed-off and that you are added to the Contributors file.
  • Make sure that all CI finish successfully.
  • Optional (but appreciated): Make sure that all commits are Verified.

@Ilyesbdlala Ilyesbdlala added breaking Changes requiring a major release findings labels Mar 13, 2023
@Ilyesbdlala Ilyesbdlala added this to the v4.0.0 milestone Mar 13, 2023
@Ilyesbdlala Ilyesbdlala self-assigned this Mar 13, 2023
@secureCodeBoxBot
Copy link
Contributor
secureCodeBoxBot commented Mar 13, 2023

This pull request includes breaking changes. Please make sure that you included the breaking changes and the steps required to upgrade in UPGRADING.md.
✨ Thank you for your contribution! ✨

@github-actions
Copy link
github-actions bot commented Mar 13, 2023
edited
Loading

MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
⚠️ JAVASCRIPT eslint 9 1 0.57s
✅ JSON eslint-plugin-jsonc 1 0 1.04s
⚠️ SPELL misspell 10 1 0.06s

See errors details in artifact MegaLinter reports on CI Job page
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

@Ilyesbdlala Ilyesbdlala mentioned this pull request Mar 15, 2023
Closed
9 tasks
@Ilyesbdlala Ilyesbdlala force-pushed the feature/mitigation-attribute branch from 2c07f0e to 855c47e Compare March 15, 2023 10:18
J12934
J12934 requested changes Mar 17, 2023
View reviewed changes
Copy link
Member
@J12934 J12934 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good, some really minor notes then it should be ready to go 🚀

J12934
J12934 previously approved these changes Mar 20, 2023
View reviewed changes
Ilyesbdlala and others added 12 commits March 21, 2023 13:52
@Ilyesbdlala
#519 Added mitigation attribute to findings-schema
36a8d57 
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
#519 Added mitigation attribute to Trivy findings
5935cd1 
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
#519 Added mitigation attribute to ncrack findings
7c8fbc5 
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
#519 Added mitigation attribute to ssh-scan findings by renaming `hi…
94fefd7 
…nt` to `mitigation`

Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
#519 Added mitigation attribute to sslyze findings by renaming `hint…
9fc8f82 
…` to `mitigation`

Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
#519 Added mitigation attribute to zap/zap-advanced findings by re-u…
ab245b9 
…sing the zap_solution attribute

Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
#519 Added mitigation attribute to typo3scan findings
1f75dd6 
Linked to Advisory URL

Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
#519 Included the breaking change of hint attribute to `mitigation…
e2d4482 
…` in the v4 section of UPGRADING.MD

Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
#519 Small fix to the snapshot of ssh-scan
7446b7f 
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
Fix attribute mitigation to be null when not available
ea27df7 
Co-authored-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>

Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala @J12934
Fix typo UPGRADING.md
c179b2e 
Co-authored-by: Jannik Hollenbach <jannik.hollenbach@iteratec.com>
Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala
Updated ssh-scan snapshot to fit change
1b03bca 
mitigation "" to null when empty

Signed-off-by: Ilyes Ben Dlala <ilyes.bendlala@iteratec.com>
@Ilyesbdlala Ilyesbdlala force-pushed the feature/mitigation-attribute branch from a96a5dd to 1b03bca Compare March 21, 2023 12:52
@Ilyesbdlala Ilyesbdlala requested a review from J12934 March 21, 2023 13:35
@Ilyesbdlala Ilyesbdlala merged commit 2b43477 into main Mar 21, 2023
@Ilyesbdlala Ilyesbdlala deleted the feature/mitigation-attribute branch March 21, 2023 14:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@J12934 J12934 J12934 approved these changes

Assignees

@Ilyesbdlala Ilyesbdlala

Labels

breaking Changes requiring a major release findings

Projects

secureCodeBox
Archived in project

Milestone

v4.0.0

Development

Successfully merging this pull request may close these issues.

4 participants

@Ilyesbdlala @secureCodeBoxBot @J12934
0