Add DTSA to vulnid

[manuel-sommer]

https://security-tracker.debian.org/tracker/data/missing-epochs --> Search for DTSA

[dryrunsecurity]

DryRun Security Summary

The pull request primarily focuses on updates to the application's configuration files, including changes to the SHA-256 hash value in the .settings.dist.py.sha256sum file and the addition of new vulnerability URL patterns and adjustments to various settings in the settings.dist.py file, which are generally positive changes that improve the application's security and functionality.

Expand for full summary

Summary:

The changes in this pull request are primarily focused on updates to the application's configuration files, specifically the .settings.dist.py file and the settings.dist.py file. The changes include updating the SHA-256 hash value in the .settings.dist.py.sha256sum file, as well as adding new vulnerability URL patterns and adjusting various settings in the settings.dist.py file.

From an application security perspective, these changes are important to review, as they could potentially impact the security and functionality of the application. The changes to the hash value in the .settings.dist.py.sha256sum file could indicate a change to the underlying configuration file, which should be reviewed to ensure that no security-sensitive settings have been modified. The updates to the vulnerability URL patterns and other settings in the settings.dist.py file are generally positive, as they improve the application's ability to provide users with more information about identified vulnerabilities and enhance the overall functionality of the application.

Files Changed:

1. dojo/settings/.settings.dist.py.sha256sum: The SHA-256 hash value in this file has been updated from 5172af16b842adfccbedc14bea15ff1da2ee45c10e129e905f156dcdffd27396 to 1b1f0b7210b79790c2bf1a3fdb62e24521544600bb4b460ed6a15cfd26f68640. This change should be reviewed to ensure that the underlying configuration file has been updated appropriately and that no security-sensitive settings have been modified.

2. dojo/settings/settings.dist.py: This file has been updated to include new vulnerability URL patterns for various vulnerability identifiers, such as "DSA", "DTSA", "TEMP", and others. Additionally, the changes include updates to the application's settings, such as adjusting the default behavior for deduplicating findings, configuring the asynchronous processing of finding imports, and enabling the creation of a cloud banner. These changes are generally positive, as they improve the functionality and usability of the application, particularly in the areas of vulnerability management and reporting.

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

[mtesauro]

Approved

[mtesauro]

@manuel-sommer OK, I have to ask, where are you finding all these? None of them surprised me that they exist but I'm super curious if these are being reported by a tool you're using or if you're just searching around to find them.

Sorry, my curiosity is getting the better of me. 😄

[manuel-sommer]

A mixture of both. Multiple of them were reported through tools. I regularly review the findings and from time to time I find vulnids which can't be resolved. Then, I make a PR. Also, to deal with this in future scenarios, I advanced my research for future occurances of other findings. --> e.g. https://linuxsecurity.com/ --> Advisories
Last, before I use a scanner, I review the appropriate parser and fix as many inconsistencies as possible for future use.

[github-actions]

This pull request has conflicts, please resolve those before we can evaluate the pull request.

[github-actions]

Conflicts have been resolved. A maintainer will review the pull request shortly.

[Maffooch]

Sorry, my curiosity is getting the better of me. 😄

I have been very curious as well 😂 you're quite the detective @manuel-sommer

[manuel-sommer]

Could we merge this please @mtesauro ?