Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request Review Notification Update to Usernames #11295

Merged
merged 3 commits into from
Dec 3, 2024
Merged

Request Review Notification Update to Usernames #11295

merged 3 commits into from
Dec 3, 2024

Conversation

hblankenship
Copy link
Collaborator

[sc-2890]

This update displays the [user fullname (username)] for both the reviewer and the reviewees.

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Nov 19, 2024
edited
Loading

DryRun Security Summary

The pull request enhances the functionality of the dojo/finding/views.py file in the DefectDojo application by modifying the reviewers_string variable to include the user ID of each reviewer and including the user's full name and ID in the description parameter of the create_notification function call, which improves transparency and enhances the overall user experience.

Expand for full summary

Summary:

The code changes in this pull request are focused on enhancing the functionality of the dojo/finding/views.py file, which manages the findings in the DefectDojo application. The key changes include:

  1. Modifying the reviewers_string variable to include the user ID of each reviewer, in addition to their name. This change provides more context about the reviewers when a finding review is requested.

  2. Including the user's full name and ID in the description parameter of the create_notification function call. This provides more detailed information about who requested the review.

From an application security perspective, these changes do not introduce any obvious security risks. The code is focused on improving the user experience and providing more transparency around the review process, which can be beneficial for auditing and tracking purposes. Overall, the changes seem to be a positive step in enhancing the security-related functionality of the DefectDojo application.

Files Changed:

  • dojo/finding/views.py: This file contains the logic for managing findings in the DefectDojo application. The changes in this pull request include:
    • Modifying the reviewers_string variable to include the user ID of each reviewer, in addition to their name.
    • Including the user's full name and ID in the description parameter of the create_notification function call.
      These changes are focused on providing more detailed information about the review process, which can improve transparency and enhance the overall user experience.

Code Analysis

We ran 9 analyzers against 1 file and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

kiblik
kiblik reviewed Nov 20, 2024
View reviewed changes
dojo/finding/views.py Outdated Show resolved Hide resolved
Maffooch
Maffooch reviewed Nov 26, 2024
View reviewed changes
dojo/finding/views.py Outdated Show resolved Hide resolved
Maffooch
Maffooch reviewed Nov 26, 2024
View reviewed changes
dojo/finding/views.py Outdated Show resolved Hide resolved
mtesauro
mtesauro approved these changes Nov 26, 2024
View reviewed changes
Copy link
Contributor

@mtesauro mtesauro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit 100a52d into bugfix Dec 3, 2024
75 checks passed
@Maffooch Maffooch deleted the hb-review-notification-fix branch December 3, 2024 16:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kiblik kiblik kiblik left review comments

@blakeaowens blakeaowens blakeaowens approved these changes

@Maffooch Maffooch Maffooch approved these changes

@mtesauro mtesauro mtesauro approved these changes

@cneill cneill cneill approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@hblankenship @cneill @mtesauro @kiblik @Maffooch @blakeaowens