Skip to content

excel export: enhance handling of finding groups, better logging#12435

Merged
Maffooch merged 2 commits into
DefectDojo:bugfixfrom
valentijnscholten:excel-export-error-logging
May 15, 2025
Merged

excel export: enhance handling of finding groups, better logging#12435
Maffooch merged 2 commits into
DefectDojo:bugfixfrom
valentijnscholten:excel-export-error-logging

Conversation

@valentijnscholten

@valentijnscholten valentijnscholten commented May 12, 2025
edited
Loading

Copy link
Copy Markdown
Member

Enhance logging for errors during Excel exports. Or rather they are warnings, so we log them at warning level from now on.

Inspired by #11911

Added later: Some more testing lead me to what I believe is a copy-and-paste error where get_foreign_keys() was not called.

So the PR now also fixes the conversion problem and outputs finding group values correctly:

image

fixes #10012

@dryrunsecurity

dryrunsecurity Bot commented May 12, 2025
edited
Loading

Copy link
Copy Markdown

DryRun Security

This pull request introduces potential logging risks, including a debug log that might expose sensitive finding information and a reduction in error logging severity that could obscure important processing issues.

💭 Unconfirmed Findings (2)
Vulnerability Potential Information Disclosure via Logging
Description Debug log statement logs finding ID during processing, which could expose sensitive finding information if log files are not properly secured. This may lead to unintended information leakage.
Vulnerability Reduced Error Visibility
Description Error logging severity was changed from 'logger.error()' to 'logger.warning()', which reduces the visibility and severity of potential processing errors. This change may mask underlying issues in attribute handling and make troubleshooting more difficult.

All finding details can be found in the DryRun Security Dashboard.

@Maffooch Maffooch requested review from dogboat and hblankenship May 12, 2025 18:04
@Maffooch Maffooch changed the base branch from master to bugfix May 12, 2025 18:05
@Maffooch Maffooch added this to the 2.46.3 milestone May 12, 2025
@valentijnscholten valentijnscholten force-pushed the excel-export-error-logging branch from 26dbdf6 to 1ec7a06 Compare May 12, 2025 18:07
@valentijnscholten valentijnscholten changed the title excel export: enhance error logging excel export: enhance handling of finding groups, better logging May 12, 2025
mtesauro
mtesauro approved these changes May 15, 2025
View reviewed changes

@mtesauro mtesauro left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@Maffooch Maffooch merged commit ccf049f into DefectDojo:bugfix May 15, 2025
77 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtesauro mtesauro mtesauro approved these changes

@dogboat dogboat dogboat approved these changes

@Maffooch Maffooch Maffooch approved these changes

+1 more reviewer

@hblankenship hblankenship hblankenship approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

2.46.3

Development

Successfully merging this pull request may close these issues.

5 participants

@valentijnscholten @mtesauro @dogboat @hblankenship @Maffooch