diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index 217f0317688..2a28453c537 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -15,13 +15,13 @@ jobs: - name: Setup Hugo uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0 with: - hugo-version: '0.152.1' # renovate: datasource=github-releases depName=gohugoio/hugo + hugo-version: '0.152.2' # renovate: datasource=github-releases depName=gohugoio/hugo extended: true - name: Setup Node uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: - node-version: '24.11.0' # TODO: Renovate helper might not be needed here - needs to be fully tested + node-version: '24.11.1' # TODO: Renovate helper might not be needed here - needs to be fully tested - name: Cache dependencies uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 diff --git a/.github/workflows/k8s-tests.yml b/.github/workflows/k8s-tests.yml index 6ad83c848f0..c313e42b3fe 100644 --- a/.github/workflows/k8s-tests.yml +++ b/.github/workflows/k8s-tests.yml @@ -16,7 +16,7 @@ jobs: # databases, broker and k8s are independent, so we don't need to test each combination # lastest k8s version (https://kubernetes.io/releases/) and the oldest officially supported version # are tested (https://kubernetes.io/releases/) - - k8s: 'v1.34.0' # renovate: datasource=github-releases depName=kubernetes/kubernetes versioning=loose + - k8s: 'v1.34.2' # renovate: datasource=github-releases depName=kubernetes/kubernetes versioning=loose os: debian - k8s: 'v1.31.13' # renovate: datasource=custom.endoflife-oldest-maintained depName=kubernetes os: debian diff --git a/.github/workflows/release-x-manual-helm-chart.yml b/.github/workflows/release-x-manual-helm-chart.yml index a1105697c7d..9dd8d65d192 100644 --- a/.github/workflows/release-x-manual-helm-chart.yml +++ b/.github/workflows/release-x-manual-helm-chart.yml @@ -77,7 +77,7 @@ jobs: echo "chart_version=$(ls build | cut -d '-' -f 2,3 | sed 's|\.tgz||')" >> $GITHUB_ENV - name: Create release ${{ inputs.release_number }} - uses: softprops/action-gh-release@6da8fa9354ddfdc4aeace5fc48d7f679b5214090 # v2.4.1 + uses: softprops/action-gh-release@5be0e66d93ac7ed76da52eca8bb058f665c3a5fe # v2.4.2 with: name: '${{ inputs.release_number }} 🌈' tag_name: ${{ inputs.release_number }} diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml index 4639ecea596..fc2925921d2 100644 --- a/.github/workflows/renovate.yaml +++ b/.github/workflows/renovate.yaml @@ -21,4 +21,4 @@ jobs: uses: suzuki-shunsuke/github-action-renovate-config-validator@c22827f47f4f4a5364bdba19e1fe36907ef1318e # v1.1.1 with: strict: "true" - validator_version: 41.168.0 # renovate: datasource=github-releases depName=renovatebot/renovate + validator_version: 42.5.4 # renovate: datasource=github-releases depName=renovatebot/renovate diff --git a/.github/workflows/test-helm-chart.yml b/.github/workflows/test-helm-chart.yml index f20915f3f9a..9e9bd8a9658 100644 --- a/.github/workflows/test-helm-chart.yml +++ b/.github/workflows/test-helm-chart.yml @@ -32,7 +32,7 @@ jobs: helm dependency update ./helm/defectdojo - name: Set up chart-testing - uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 + uses: helm/chart-testing-action@6ec842c01de15ebb84c8627d2744a0c2f2755c9f # v2.8.0 with: yamale_version: 6.0.0 # renovate: datasource=pypi depName=yamale versioning=semver yamllint_version: 1.37.1 # renovate: datasource=pypi depName=yamllint versioning=semver diff --git a/.github/workflows/validate_docs_build.yml b/.github/workflows/validate_docs_build.yml index 01e2371bec3..8580ab8b408 100644 --- a/.github/workflows/validate_docs_build.yml +++ b/.github/workflows/validate_docs_build.yml @@ -12,13 +12,13 @@ jobs: - name: Setup Hugo uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0 with: - hugo-version: '0.152.1' # renovate: datasource=github-releases depName=gohugoio/hugo + hugo-version: '0.152.2' # renovate: datasource=github-releases depName=gohugoio/hugo extended: true - name: Setup Node uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0 with: - node-version: '24.11.0' # TODO: Renovate helper might not be needed here - needs to be fully tested + node-version: '24.11.1' # TODO: Renovate helper might not be needed here - needs to be fully tested - name: Cache dependencies uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 diff --git a/Dockerfile.integration-tests-debian b/Dockerfile.integration-tests-debian index 06cf3b7c435..2041a086c72 100644 --- a/Dockerfile.integration-tests-debian +++ b/Dockerfile.integration-tests-debian @@ -1,7 +1,7 @@ # code: language=Dockerfile -FROM openapitools/openapi-generator-cli:v7.16.0@sha256:e56372add5e038753fb91aa1bbb470724ef58382fdfc35082bf1b3e079ce353c AS openapitools +FROM openapitools/openapi-generator-cli:v7.17.0@sha256:868b97eb4e5080d2cdfd5b3eeaa4d52e4bbb7c56f14e234b08b0b0bc4f38a78f AS openapitools # currently only supports x64, no arm yet due to chrome and selenium dependencies FROM python:3.13.7-slim-trixie@sha256:5f55cdf0c5d9dc1a415637a5ccc4a9e18663ad203673173b8cda8f8dcacef689 AS build WORKDIR /app diff --git a/Dockerfile.nginx-alpine b/Dockerfile.nginx-alpine index 7c608d08444..aa867828a2f 100644 --- a/Dockerfile.nginx-alpine +++ b/Dockerfile.nginx-alpine @@ -63,7 +63,7 @@ COPY dojo/ ./dojo/ # always collect static for debug toolbar as we can't make it dependant on env variables or build arguments without breaking docker layer caching RUN env DD_SECRET_KEY='.' DD_DJANGO_DEBUG_TOOLBAR_ENABLED=True python3 manage.py collectstatic --noinput --verbosity=2 && true -FROM nginx:1.29.2-alpine3.22@sha256:61e01287e546aac28a3f56839c136b31f590273f3b41187a36f46f6a03bbfe22 +FROM nginx:1.29.3-alpine3.22@sha256:b3c656d55d7ad751196f21b7fd2e8d4da9cb430e32f646adcf92441b72f82b14 ARG uid=1001 ARG appuser=defectdojo COPY --from=collectstatic /app/static/ /usr/share/nginx/html/static/ diff --git a/docker-compose.override.dev.yml b/docker-compose.override.dev.yml index 65b39e350ec..bc31139a352 100644 --- a/docker-compose.override.dev.yml +++ b/docker-compose.override.dev.yml @@ -60,4 +60,4 @@ services: protocol: tcp mode: host "webhook.endpoint": - image: mccutchen/go-httpbin:2.18.3@sha256:3992f3763e9ce5a4307eae0a869a78b4df3931dc8feba74ab823dd2444af6a6b + image: mccutchen/go-httpbin:2.19.0@sha256:be41c6c3772393c097e15f9f8ac381de4ce9e9841c545556af98fbe2e707c619 diff --git a/docker-compose.yml b/docker-compose.yml index 24832c74e3e..ada66ba1a57 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -120,7 +120,7 @@ services: source: ./docker/extra_settings target: /app/docker/extra_settings postgres: - image: postgres:18.0-alpine@sha256:48c8ad3a7284b82be4482a52076d47d879fd6fb084a1cbfccbd551f9331b0e40 + image: postgres:18.1-alpine@sha256:154ea39af68ff30dec041cd1f1b5600009993724c811dbadde54126eb10bedd1 environment: POSTGRES_DB: ${DD_DATABASE_NAME:-defectdojo} POSTGRES_USER: ${DD_DATABASE_USER:-defectdojo} diff --git a/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md b/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md index 8645d3ba184..c702099f7bc 100644 --- a/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md +++ b/docs/content/en/connecting_your_tools/import_scan_files/using_reimport.md @@ -32,6 +32,10 @@ Any vulnerabilities which were not contained in the previous import will be adde If any incoming Findings match Findings that already exist, the incoming Findings will be discarded rather than recorded as Duplicates. These Findings have been recorded already \- no need to add a new Finding object. The Test page will show these Findings as **Left Untouched**. +### Fields fix_available and fix_version + +If any incoming Findings match Findings that already exist, the incoming Finding is checked if the fields `fix_available` and `fix_version` differ and are updated if yes. These Findings have been recorded already \- no need to add a new Finding object. The Test page will show these Findings as **Left Untouched**. + ### Close Findings If there are any Findings that already exist in the Test but which are not present in the incoming report, you can choose to automatically set those Findings to Inactive and Mitigated (on the assumption that those vulnerabilities have been resolved since the previous import). The Test page will show these Findings as **Closed**. diff --git a/docs/content/en/customize_dojo/user_management/configure_sso.md b/docs/content/en/customize_dojo/user_management/configure_sso.md index b66fa08dbf7..da6c9ca5f33 100644 --- a/docs/content/en/customize_dojo/user_management/configure_sso.md +++ b/docs/content/en/customize_dojo/user_management/configure_sso.md @@ -511,7 +511,7 @@ If during the login process you get the following error: *The in the client app settings.* and the `redirect_uri` HTTP GET parameter starts with `http://` instead of `https://` you need to add -`SOCIAL_AUTH_REDIRECT_IS_HTTPS = True` to Docker environment variables, or to your `local_settings.py` file. +`DD_SOCIAL_AUTH_REDIRECT_IS_HTTPS = True` to Docker Compose environment variables, or `SOCIAL_AUTH_REDIRECT_IS_HTTPS` to your `local_settings.py` file. 2. Restart DefectDojo, and 'Login With Okta' should appear on the login screen. diff --git a/docs/content/en/open_source/upgrading/2.53.md b/docs/content/en/open_source/upgrading/2.53.md new file mode 100644 index 00000000000..aa0909a7010 --- /dev/null +++ b/docs/content/en/open_source/upgrading/2.53.md @@ -0,0 +1,51 @@ +--- +title: 'Upgrading to DefectDojo Version 2.53.x' +toc_hide: true +weight: -20251103 +description: Helm chart changes for initializer annotations. +--- + +## Helm Chart Changes + +This release introduces an important change to the Helm chart configuration for the initializer job. + +### Breaking changes + +#### Initializer Annotation Handling + +- **Renamed initializer annotations**: The `initializer.annotations` field has been renamed to `initializer.podAnnotations` for clarity and consistency with other DefectDojo resources. +- **Merged annotation support**: Global `extraAnnotations` are now automatically merged with the initializer's `podAnnotations` to ensure consistent annotation handling across all resources. + +> The previous implementation did not merge global `extraAnnotations` with the initializer job's pod annotations, causing inconsistencies in annotation management. + +#### Moved values + +The following Helm chart values have been modified in this release: + +- `initializer.annotations` → `initializer.podAnnotations` (applies to Pod template metadata within the Job) + +Note: `initializer.jobAnnotations` affects the Job spec metadata, while `initializer.podAnnotations` affects the Pod template metadata within the Job. + +#### Migration + +If you were using: + +```yaml +initializer: + annotations: + foo: bar +``` + +Update to: + +```yaml +initializer: + podAnnotations: + foo: bar +``` + +Both `extraAnnotations` and `initializer.podAnnotations` will now be properly applied to the initializer pod. + +## Reimport updates fields fix_available and fix_version + +Reimport will update existing findings `fix_available` and `fix_version` fields based on the incoming scan report. diff --git a/docs/content/supported_tools/parsers/api/_index.md b/docs/content/supported_tools/parsers/api/_index.md index 14859189003..2cc476beda1 100644 --- a/docs/content/supported_tools/parsers/api/_index.md +++ b/docs/content/supported_tools/parsers/api/_index.md @@ -11,14 +11,21 @@ All parsers that use API pull have common basic configuration steps, but with di Follow these steps to set up API importing: +## Tool Configuration + 1. Configure the API authentication details by navigating to `Configuration -> Tool Configuration -> Add Tool Configuration`. Enter a `Name`, selecting the related `Tool Type` and `Authentication Type` "API Key". Paste your credentials - to the proper fields based on definitions below. + into the proper fields based on the selected parser. + +## Product-Level Configuration + +1. Navigate to `Products -> All Products` and select a product from the list. + +2. Click on `Settings` and select `Add API Scan Configuration` -2. In the `Product` settings select `Add API Scan Configuration` and select the - previously added `Tool Configuration`. Provide values based on definitions below. +3. Select the previously added `Tool Configuration` and provide additional values based on the selected parser. -3. After this is done, you can import the findings on the `Product` page through - `Findings -> Import Scan Results`. As the `Scan type`, select the related type, - the API scan configuration from the last step, and click `Import`. +4. After this is done, you can import the findings on the `Product` page through + `Findings -> Import Scan Results`. As the `Scan type`, select the related type + (the `API Scan Configuration` created above) and click `Import`. diff --git a/docs/content/supported_tools/parsers/api/sonarqube.md b/docs/content/supported_tools/parsers/api/sonarqube.md index 2fe14567d6f..3f38e022ebe 100644 --- a/docs/content/supported_tools/parsers/api/sonarqube.md +++ b/docs/content/supported_tools/parsers/api/sonarqube.md @@ -2,20 +2,24 @@ title: "SonarQube API Import" toc_hide: true --- -All parsers which using API have common basic configuration step but with different values. Please, [read these steps](../) at first. +All parsers that use API pull have common basic configuration steps, but with different values. Please, [read these steps](../) first. -In `Tool Configuration`, select `Tool Type` to "SonarQube" and `Authentication Type` "API Key". -Note the url must be in the format of `https:///api` +## Tool Configuration + +In `Tool Configuration`, select `Tool Type` "SonarQube" and `Authentication Type` "API Key". +The URL must be in the format of `https:///api` Paste your SonarQube API token in the "API Key" field. -By default the tool will import vulnerabilities issues -and security hotspots only, but additional filters can be setup using the -Extras field separated by commas (e.g. `BUG,VULNERABILITY,CODE_SMELL`). When using -SonarCloud, you must also specify the Organization ID in the Extras field as follows -`OrgID=sonarcloud-organzation-ID`. If also specifying issue type filters, please -seperate the items in the Extras field by a vertical bar as follows -`BUG,VULNERABILITY,CODE_SMELL|OrgID=sonarcloud-organzation-ID` - -In "Add API Scan Configuration" +By default, the tool will import vulnerability issues +and security hotspots only, but additional filters can be applied using the +"Extras" field separated by commas (e.g. `BUG,VULNERABILITY,CODE_SMELL`). When using +SonarCloud, you must also specify the Organization ID in the "Extras" field (e.g. +`OrgID=sonarcloud-organzation-ID`). When also specifying issue type filters, please +separate the items in the "Extras" field by a vertical bar (e.g. +`BUG,VULNERABILITY,CODE_SMELL|OrgID=sonarcloud-organzation-ID`) + +## Product-Level Configuration + +In `Add API Scan Configuration` - `Service key 1` must be the SonarQube project key, which can be found by navigating to a specific project and selecting the value from the url @@ -24,23 +28,29 @@ In "Add API Scan Configuration" use the name of the Product as the project key in SonarQube. If you would like to import findings from multiple projects, you can specify multiple keys as separated `API Scan Configuration` in the `Product` settings. -- If using SonarCloud, the orginization ID can be used from step 1, but it - can be overiden by supplying a different orginization ID in the `Service key 2` input field. +- If using SonarCloud, the organization ID can be used from step 1, but it + can be overridden by supplying a different organization ID in the `Service key 2` input field. ## Multiple SonarQube API Configurations -In the import or re-import dialog you can select which `API Scan +In the import or re-import dialog, you can select which `API Scan Configuration` shall be used. If you do not choose any, DefectDojo will use the `API Scan Configuration` of the Product if there is only one defined or the SonarQube `Tool Configuration` if there is only one. -## Multi Branch Scanning +## Multi-Branch Scanning -If using a version of SonarQube with multi branch scanning, the branch tha be scanned can -be supplied in the `branch_tag` fieild at import/re-import time. If the branch does not exist, -a notification will be generated in the alerts table indicating that branch to be imported +If using a version of SonarQube with multi-branch scanning, the branch to be scanned can +be supplied in the `branch_tag` field at import/re-import time. If the branch does not exist, +a notification will be generated in the alerts table, indicating that branch to be imported does not exist. If a branch name is not supplied during import/re-import, the default branch of the SonarQube project will be used. -**Note:**: If `https` is used for the SonarQube, the certificate must be -trusted by the DefectDojo instance. +## Custom Trust + +If you are connecting to SonarQube via HTTPS, the issuer of the certificate that is presented by +SonarQube must be trusted. + +One way of achieving this is by defining the `REQUESTS_CA_BUNDLE` environment variable to point +to a PEM-encoded certificate file in the container (e.g. `REQUESTS_CA_BUNDLE=/app/media/cacerts.pem`). +To ensure the certificate is persisted, the file should be in a mounted volume. \ No newline at end of file diff --git a/docs/content/supported_tools/parsers/file/n0s1.md b/docs/content/supported_tools/parsers/file/n0s1.md new file mode 100644 index 00000000000..c310a20a505 --- /dev/null +++ b/docs/content/supported_tools/parsers/file/n0s1.md @@ -0,0 +1,18 @@ +--- +title: "n0s1 Scanner" +toc_hide: true +--- + +### File Types +Parser n0s1 expects a JSON file of scanner n0s1. + +### Sample Scan Data +Sample n0s1 scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/n0s1). + +### Link To Tool +See n0s1 on GitHub: https://github.com/spark1security/n0s1 + +### Default Deduplication Hashcode Fields +By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/): + +- description diff --git a/docs/package-lock.json b/docs/package-lock.json index 26c62b5a377..4d260357f6f 100644 --- a/docs/package-lock.json +++ b/docs/package-lock.json @@ -9,8 +9,8 @@ "version": "1.8.0", "license": "MIT", "dependencies": { - "@docsearch/css": "4.2.0", - "@docsearch/js": "4.2.0", + "@docsearch/css": "4.3.2", + "@docsearch/js": "4.3.2", "@tabler/icons": "3.35.0", "@thulite/doks-core": "1.8.3", "@thulite/images": "3.3.3", @@ -20,7 +20,7 @@ }, "devDependencies": { "prettier": "3.6.2", - "vite": "7.1.11" + "vite": "7.2.2" }, "engines": { "node": ">=20.11.0" @@ -83,6 +83,7 @@ "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.28.4.tgz", "integrity": "sha512-2BCOP7TN8M+gVDj7/ht3hsaO/B/n5oDbiAyyvnRlNOs+u1o+JWNYTQrmpuNp1/Wq2gcFrI01JAW+paEKDMx/CA==", "license": "MIT", + "peer": true, "dependencies": { "@babel/code-frame": "^7.27.1", "@babel/generator": "^7.28.3", @@ -1481,16 +1482,19 @@ } }, "node_modules/@docsearch/css": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/@docsearch/css/-/css-4.2.0.tgz", - "integrity": "sha512-65KU9Fw5fGsPPPlgIghonMcndyx1bszzrDQYLfierN+Ha29yotMHzVS94bPkZS6On9LS8dE4qmW4P/fGjtCf/g==", + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/@docsearch/css/-/css-4.3.2.tgz", + "integrity": "sha512-K3Yhay9MgkBjJJ0WEL5MxnACModX9xuNt3UlQQkDEDZJZ0+aeWKtOkxHNndMRkMBnHdYvQjxkm6mdlneOtU1IQ==", "license": "MIT" }, "node_modules/@docsearch/js": { - "version": "4.2.0", - "resolved": "https://registry.npmjs.org/@docsearch/js/-/js-4.2.0.tgz", - "integrity": "sha512-KBHVPO29QiGUFJYeAqxW0oXtGf/aghNmRrIRPT4/28JAefqoCkNn/ZM/jeQ7fHjl0KNM6C+KlLVYjwyz6lNZnA==", - "license": "MIT" + "version": "4.3.2", + "resolved": "https://registry.npmjs.org/@docsearch/js/-/js-4.3.2.tgz", + "integrity": "sha512-xdfpPXMgKRY9EW7U1vtY7gLKbLZFa9ed+t0Dacquq8zXBqAlH9HlUf0h4Mhxm0xatsVeMaIR2wr/u6g0GsZyQw==", + "license": "MIT", + "dependencies": { + "htm": "3.1.1" + } }, "node_modules/@esbuild/aix-ppc64": { "version": "0.25.11", @@ -2120,6 +2124,7 @@ "resolved": "https://registry.npmjs.org/@popperjs/core/-/core-2.11.8.tgz", "integrity": "sha512-P1st0aksCrn9sGZhp8GMYwBnQsbvAWsZAX44oXNNvLHGqAOcoVxmjZiohstwQ7SqKnbR47akdNi+uleWD8+g6A==", "license": "MIT", + "peer": true, "funding": { "type": "opencollective", "url": "https://opencollective.com/popperjs" @@ -2726,6 +2731,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "baseline-browser-mapping": "^2.8.19", "caniuse-lite": "^1.0.30001751", @@ -3318,6 +3324,12 @@ "node": ">= 0.4" } }, + "node_modules/htm": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/htm/-/htm-3.1.1.tgz", + "integrity": "sha512-983Vyg8NwUE7JkZ6NmOqpCZ+sh1bKv2iYTlUkzlWmA5JD2acKoxd4KVxbMmxX/85mtfdnDmTFoNKcg5DGAvxNQ==", + "license": "Apache-2.0" + }, "node_modules/inflight": { "version": "1.0.6", "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", @@ -3797,6 +3809,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "nanoid": "^3.3.11", "picocolors": "^1.1.1", @@ -4453,6 +4466,7 @@ "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz", "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", "license": "MIT", + "peer": true, "engines": { "node": ">=12" }, @@ -4558,9 +4572,9 @@ "license": "MIT" }, "node_modules/vite": { - "version": "7.1.11", - "resolved": "https://registry.npmjs.org/vite/-/vite-7.1.11.tgz", - "integrity": "sha512-uzcxnSDVjAopEUjljkWh8EIrg6tlzrjFUfMcR1EVsRDGwf/ccef0qQPRyOrROwhrTDaApueq+ja+KLPlzR/zdg==", + "version": "7.2.2", + "resolved": "https://registry.npmjs.org/vite/-/vite-7.2.2.tgz", + "integrity": "sha512-BxAKBWmIbrDgrokdGZH1IgkIk/5mMHDreLDmCJ0qpyJaAteP8NvMhkwr/ZCQNqNH97bw/dANTE9PDzqwJghfMQ==", "dev": true, "license": "MIT", "dependencies": { @@ -4656,6 +4670,7 @@ "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", "dev": true, "license": "MIT", + "peer": true, "engines": { "node": ">=12" }, diff --git a/docs/package.json b/docs/package.json index 69785ab15ee..1b99722c010 100644 --- a/docs/package.json +++ b/docs/package.json @@ -16,8 +16,8 @@ "preview": "vite preview --outDir public" }, "dependencies": { - "@docsearch/css": "4.2.0", - "@docsearch/js": "4.2.0", + "@docsearch/css": "4.3.2", + "@docsearch/js": "4.3.2", "@tabler/icons": "3.35.0", "@thulite/doks-core": "1.8.3", "@thulite/images": "3.3.3", @@ -27,7 +27,7 @@ }, "devDependencies": { "prettier": "3.6.2", - "vite": "7.1.11" + "vite": "7.2.2" }, "engines": { "node": ">=20.11.0" diff --git a/dojo/__init__.py b/dojo/__init__.py index effca246b4b..75c2142e9d9 100644 --- a/dojo/__init__.py +++ b/dojo/__init__.py @@ -4,6 +4,6 @@ # Django starts so that shared_task will use this app. from .celery import app as celery_app # noqa: F401 -__version__ = "2.52.2" +__version__ = "2.53.0-dev" __url__ = "https://github.com/DefectDojo/django-DefectDojo" __docs__ = "https://documentation.defectdojo.com" diff --git a/dojo/db_migrations/0247_remove_finding_insert_insert_and_more.py b/dojo/db_migrations/0247_remove_finding_insert_insert_and_more.py new file mode 100644 index 00000000000..43bad6c2a7c --- /dev/null +++ b/dojo/db_migrations/0247_remove_finding_insert_insert_and_more.py @@ -0,0 +1,49 @@ +# Generated by Django 5.1.13 on 2025-11-01 12:54 + +import pgtrigger.compiler +import pgtrigger.migrations +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ('dojo', '0246_endpoint_idx_ep_product_lower_host_and_more'), + ] + + operations = [ + pgtrigger.migrations.RemoveTrigger( + model_name='finding', + name='insert_insert', + ), + pgtrigger.migrations.RemoveTrigger( + model_name='finding', + name='update_update', + ), + pgtrigger.migrations.RemoveTrigger( + model_name='finding', + name='delete_delete', + ), + migrations.AddField( + model_name='finding', + name='fix_version', + field=models.CharField(blank=True, help_text='Version of the affected component in which the flaw is fixed.', max_length=100, null=True, verbose_name='Fix version'), + ), + migrations.AddField( + model_name='findingevent', + name='fix_version', + field=models.CharField(blank=True, help_text='Version of the affected component in which the flaw is fixed.', max_length=100, null=True, verbose_name='Fix version'), + ), + pgtrigger.migrations.AddTrigger( + model_name='finding', + trigger=pgtrigger.compiler.Trigger(name='insert_insert', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_findingevent" ("active", "component_name", "component_version", "created", "cve", "cvssv3", "cvssv3_score", "cvssv4", "cvssv4_score", "cwe", "date", "defect_review_requested_by_id", "description", "duplicate", "duplicate_finding_id", "dynamic_finding", "effort_for_fixing", "epss_percentile", "epss_score", "false_p", "file_path", "fix_available", "fix_version", "hash_code", "id", "impact", "is_mitigated", "kev_date", "known_exploited", "last_reviewed", "last_reviewed_by_id", "last_status_update", "line", "mitigated", "mitigated_by_id", "mitigation", "nb_occurences", "numerical_severity", "out_of_scope", "param", "payload", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "planned_remediation_date", "planned_remediation_version", "publish_date", "ransomware_used", "refs", "reporter_id", "review_requested_by_id", "risk_accepted", "sast_sink_object", "sast_source_file_path", "sast_source_line", "sast_source_object", "scanner_confidence", "service", "severity", "severity_justification", "sla_expiration_date", "sla_start_date", "sonarqube_issue_id", "static_finding", "steps_to_reproduce", "test_id", "thread_id", "title", "under_defect_review", "under_review", "unique_id_from_tool", "url", "verified", "vuln_id_from_tool") VALUES (NEW."active", NEW."component_name", NEW."component_version", NEW."created", NEW."cve", NEW."cvssv3", NEW."cvssv3_score", NEW."cvssv4", NEW."cvssv4_score", NEW."cwe", NEW."date", NEW."defect_review_requested_by_id", NEW."description", NEW."duplicate", NEW."duplicate_finding_id", NEW."dynamic_finding", NEW."effort_for_fixing", NEW."epss_percentile", NEW."epss_score", NEW."false_p", NEW."file_path", NEW."fix_available", NEW."fix_version", NEW."hash_code", NEW."id", NEW."impact", NEW."is_mitigated", NEW."kev_date", NEW."known_exploited", NEW."last_reviewed", NEW."last_reviewed_by_id", NEW."last_status_update", NEW."line", NEW."mitigated", NEW."mitigated_by_id", NEW."mitigation", NEW."nb_occurences", NEW."numerical_severity", NEW."out_of_scope", NEW."param", NEW."payload", _pgh_attach_context(), NOW(), \'insert\', NEW."id", NEW."planned_remediation_date", NEW."planned_remediation_version", NEW."publish_date", NEW."ransomware_used", NEW."refs", NEW."reporter_id", NEW."review_requested_by_id", NEW."risk_accepted", NEW."sast_sink_object", NEW."sast_source_file_path", NEW."sast_source_line", NEW."sast_source_object", NEW."scanner_confidence", NEW."service", NEW."severity", NEW."severity_justification", NEW."sla_expiration_date", NEW."sla_start_date", NEW."sonarqube_issue_id", NEW."static_finding", NEW."steps_to_reproduce", NEW."test_id", NEW."thread_id", NEW."title", NEW."under_defect_review", NEW."under_review", NEW."unique_id_from_tool", NEW."url", NEW."verified", NEW."vuln_id_from_tool"); RETURN NULL;', hash='7420e87ec2d068d96796af35888c418c547b768a', operation='INSERT', pgid='pgtrigger_insert_insert_2fbbb', table='dojo_finding', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='finding', + trigger=pgtrigger.compiler.Trigger(name='update_update', sql=pgtrigger.compiler.UpsertTriggerSql(condition='WHEN (OLD."active" IS DISTINCT FROM (NEW."active") OR OLD."component_name" IS DISTINCT FROM (NEW."component_name") OR OLD."component_version" IS DISTINCT FROM (NEW."component_version") OR OLD."cve" IS DISTINCT FROM (NEW."cve") OR OLD."cvssv3" IS DISTINCT FROM (NEW."cvssv3") OR OLD."cvssv3_score" IS DISTINCT FROM (NEW."cvssv3_score") OR OLD."cvssv4" IS DISTINCT FROM (NEW."cvssv4") OR OLD."cvssv4_score" IS DISTINCT FROM (NEW."cvssv4_score") OR OLD."cwe" IS DISTINCT FROM (NEW."cwe") OR OLD."date" IS DISTINCT FROM (NEW."date") OR OLD."defect_review_requested_by_id" IS DISTINCT FROM (NEW."defect_review_requested_by_id") OR OLD."description" IS DISTINCT FROM (NEW."description") OR OLD."duplicate" IS DISTINCT FROM (NEW."duplicate") OR OLD."duplicate_finding_id" IS DISTINCT FROM (NEW."duplicate_finding_id") OR OLD."dynamic_finding" IS DISTINCT FROM (NEW."dynamic_finding") OR OLD."effort_for_fixing" IS DISTINCT FROM (NEW."effort_for_fixing") OR OLD."epss_percentile" IS DISTINCT FROM (NEW."epss_percentile") OR OLD."epss_score" IS DISTINCT FROM (NEW."epss_score") OR OLD."false_p" IS DISTINCT FROM (NEW."false_p") OR OLD."file_path" IS DISTINCT FROM (NEW."file_path") OR OLD."fix_available" IS DISTINCT FROM (NEW."fix_available") OR OLD."fix_version" IS DISTINCT FROM (NEW."fix_version") OR OLD."hash_code" IS DISTINCT FROM (NEW."hash_code") OR OLD."id" IS DISTINCT FROM (NEW."id") OR OLD."impact" IS DISTINCT FROM (NEW."impact") OR OLD."is_mitigated" IS DISTINCT FROM (NEW."is_mitigated") OR OLD."kev_date" IS DISTINCT FROM (NEW."kev_date") OR OLD."known_exploited" IS DISTINCT FROM (NEW."known_exploited") OR OLD."last_reviewed" IS DISTINCT FROM (NEW."last_reviewed") OR OLD."last_reviewed_by_id" IS DISTINCT FROM (NEW."last_reviewed_by_id") OR OLD."line" IS DISTINCT FROM (NEW."line") OR OLD."mitigated" IS DISTINCT FROM (NEW."mitigated") OR OLD."mitigated_by_id" IS DISTINCT FROM (NEW."mitigated_by_id") OR OLD."mitigation" IS DISTINCT FROM (NEW."mitigation") OR OLD."nb_occurences" IS DISTINCT FROM (NEW."nb_occurences") OR OLD."numerical_severity" IS DISTINCT FROM (NEW."numerical_severity") OR OLD."out_of_scope" IS DISTINCT FROM (NEW."out_of_scope") OR OLD."param" IS DISTINCT FROM (NEW."param") OR OLD."payload" IS DISTINCT FROM (NEW."payload") OR OLD."planned_remediation_date" IS DISTINCT FROM (NEW."planned_remediation_date") OR OLD."planned_remediation_version" IS DISTINCT FROM (NEW."planned_remediation_version") OR OLD."publish_date" IS DISTINCT FROM (NEW."publish_date") OR OLD."ransomware_used" IS DISTINCT FROM (NEW."ransomware_used") OR OLD."refs" IS DISTINCT FROM (NEW."refs") OR OLD."reporter_id" IS DISTINCT FROM (NEW."reporter_id") OR OLD."review_requested_by_id" IS DISTINCT FROM (NEW."review_requested_by_id") OR OLD."risk_accepted" IS DISTINCT FROM (NEW."risk_accepted") OR OLD."sast_sink_object" IS DISTINCT FROM (NEW."sast_sink_object") OR OLD."sast_source_file_path" IS DISTINCT FROM (NEW."sast_source_file_path") OR OLD."sast_source_line" IS DISTINCT FROM (NEW."sast_source_line") OR OLD."sast_source_object" IS DISTINCT FROM (NEW."sast_source_object") OR OLD."scanner_confidence" IS DISTINCT FROM (NEW."scanner_confidence") OR OLD."service" IS DISTINCT FROM (NEW."service") OR OLD."severity" IS DISTINCT FROM (NEW."severity") OR OLD."severity_justification" IS DISTINCT FROM (NEW."severity_justification") OR OLD."sla_expiration_date" IS DISTINCT FROM (NEW."sla_expiration_date") OR OLD."sla_start_date" IS DISTINCT FROM (NEW."sla_start_date") OR OLD."sonarqube_issue_id" IS DISTINCT FROM (NEW."sonarqube_issue_id") OR OLD."static_finding" IS DISTINCT FROM (NEW."static_finding") OR OLD."steps_to_reproduce" IS DISTINCT FROM (NEW."steps_to_reproduce") OR OLD."test_id" IS DISTINCT FROM (NEW."test_id") OR OLD."thread_id" IS DISTINCT FROM (NEW."thread_id") OR OLD."title" IS DISTINCT FROM (NEW."title") OR OLD."under_defect_review" IS DISTINCT FROM (NEW."under_defect_review") OR OLD."under_review" IS DISTINCT FROM (NEW."under_review") OR OLD."unique_id_from_tool" IS DISTINCT FROM (NEW."unique_id_from_tool") OR OLD."url" IS DISTINCT FROM (NEW."url") OR OLD."verified" IS DISTINCT FROM (NEW."verified") OR OLD."vuln_id_from_tool" IS DISTINCT FROM (NEW."vuln_id_from_tool"))', func='INSERT INTO "dojo_findingevent" ("active", "component_name", "component_version", "created", "cve", "cvssv3", "cvssv3_score", "cvssv4", "cvssv4_score", "cwe", "date", "defect_review_requested_by_id", "description", "duplicate", "duplicate_finding_id", "dynamic_finding", "effort_for_fixing", "epss_percentile", "epss_score", "false_p", "file_path", "fix_available", "fix_version", "hash_code", "id", "impact", "is_mitigated", "kev_date", "known_exploited", "last_reviewed", "last_reviewed_by_id", "last_status_update", "line", "mitigated", "mitigated_by_id", "mitigation", "nb_occurences", "numerical_severity", "out_of_scope", "param", "payload", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "planned_remediation_date", "planned_remediation_version", "publish_date", "ransomware_used", "refs", "reporter_id", "review_requested_by_id", "risk_accepted", "sast_sink_object", "sast_source_file_path", "sast_source_line", "sast_source_object", "scanner_confidence", "service", "severity", "severity_justification", "sla_expiration_date", "sla_start_date", "sonarqube_issue_id", "static_finding", "steps_to_reproduce", "test_id", "thread_id", "title", "under_defect_review", "under_review", "unique_id_from_tool", "url", "verified", "vuln_id_from_tool") VALUES (NEW."active", NEW."component_name", NEW."component_version", NEW."created", NEW."cve", NEW."cvssv3", NEW."cvssv3_score", NEW."cvssv4", NEW."cvssv4_score", NEW."cwe", NEW."date", NEW."defect_review_requested_by_id", NEW."description", NEW."duplicate", NEW."duplicate_finding_id", NEW."dynamic_finding", NEW."effort_for_fixing", NEW."epss_percentile", NEW."epss_score", NEW."false_p", NEW."file_path", NEW."fix_available", NEW."fix_version", NEW."hash_code", NEW."id", NEW."impact", NEW."is_mitigated", NEW."kev_date", NEW."known_exploited", NEW."last_reviewed", NEW."last_reviewed_by_id", NEW."last_status_update", NEW."line", NEW."mitigated", NEW."mitigated_by_id", NEW."mitigation", NEW."nb_occurences", NEW."numerical_severity", NEW."out_of_scope", NEW."param", NEW."payload", _pgh_attach_context(), NOW(), \'update\', NEW."id", NEW."planned_remediation_date", NEW."planned_remediation_version", NEW."publish_date", NEW."ransomware_used", NEW."refs", NEW."reporter_id", NEW."review_requested_by_id", NEW."risk_accepted", NEW."sast_sink_object", NEW."sast_source_file_path", NEW."sast_source_line", NEW."sast_source_object", NEW."scanner_confidence", NEW."service", NEW."severity", NEW."severity_justification", NEW."sla_expiration_date", NEW."sla_start_date", NEW."sonarqube_issue_id", NEW."static_finding", NEW."steps_to_reproduce", NEW."test_id", NEW."thread_id", NEW."title", NEW."under_defect_review", NEW."under_review", NEW."unique_id_from_tool", NEW."url", NEW."verified", NEW."vuln_id_from_tool"); RETURN NULL;', hash='d7e612a41414689328bb28abab60a073aa989fad', operation='UPDATE', pgid='pgtrigger_update_update_92175', table='dojo_finding', when='AFTER')), + ), + pgtrigger.migrations.AddTrigger( + model_name='finding', + trigger=pgtrigger.compiler.Trigger(name='delete_delete', sql=pgtrigger.compiler.UpsertTriggerSql(func='INSERT INTO "dojo_findingevent" ("active", "component_name", "component_version", "created", "cve", "cvssv3", "cvssv3_score", "cvssv4", "cvssv4_score", "cwe", "date", "defect_review_requested_by_id", "description", "duplicate", "duplicate_finding_id", "dynamic_finding", "effort_for_fixing", "epss_percentile", "epss_score", "false_p", "file_path", "fix_available", "fix_version", "hash_code", "id", "impact", "is_mitigated", "kev_date", "known_exploited", "last_reviewed", "last_reviewed_by_id", "last_status_update", "line", "mitigated", "mitigated_by_id", "mitigation", "nb_occurences", "numerical_severity", "out_of_scope", "param", "payload", "pgh_context_id", "pgh_created_at", "pgh_label", "pgh_obj_id", "planned_remediation_date", "planned_remediation_version", "publish_date", "ransomware_used", "refs", "reporter_id", "review_requested_by_id", "risk_accepted", "sast_sink_object", "sast_source_file_path", "sast_source_line", "sast_source_object", "scanner_confidence", "service", "severity", "severity_justification", "sla_expiration_date", "sla_start_date", "sonarqube_issue_id", "static_finding", "steps_to_reproduce", "test_id", "thread_id", "title", "under_defect_review", "under_review", "unique_id_from_tool", "url", "verified", "vuln_id_from_tool") VALUES (OLD."active", OLD."component_name", OLD."component_version", OLD."created", OLD."cve", OLD."cvssv3", OLD."cvssv3_score", OLD."cvssv4", OLD."cvssv4_score", OLD."cwe", OLD."date", OLD."defect_review_requested_by_id", OLD."description", OLD."duplicate", OLD."duplicate_finding_id", OLD."dynamic_finding", OLD."effort_for_fixing", OLD."epss_percentile", OLD."epss_score", OLD."false_p", OLD."file_path", OLD."fix_available", OLD."fix_version", OLD."hash_code", OLD."id", OLD."impact", OLD."is_mitigated", OLD."kev_date", OLD."known_exploited", OLD."last_reviewed", OLD."last_reviewed_by_id", OLD."last_status_update", OLD."line", OLD."mitigated", OLD."mitigated_by_id", OLD."mitigation", OLD."nb_occurences", OLD."numerical_severity", OLD."out_of_scope", OLD."param", OLD."payload", _pgh_attach_context(), NOW(), \'delete\', OLD."id", OLD."planned_remediation_date", OLD."planned_remediation_version", OLD."publish_date", OLD."ransomware_used", OLD."refs", OLD."reporter_id", OLD."review_requested_by_id", OLD."risk_accepted", OLD."sast_sink_object", OLD."sast_source_file_path", OLD."sast_source_line", OLD."sast_source_object", OLD."scanner_confidence", OLD."service", OLD."severity", OLD."severity_justification", OLD."sla_expiration_date", OLD."sla_start_date", OLD."sonarqube_issue_id", OLD."static_finding", OLD."steps_to_reproduce", OLD."test_id", OLD."thread_id", OLD."title", OLD."under_defect_review", OLD."under_review", OLD."unique_id_from_tool", OLD."url", OLD."verified", OLD."vuln_id_from_tool"); RETURN NULL;', hash='b78d66e2d4e1cb791b58b944a8b9204f13fe1552', operation='DELETE', pgid='pgtrigger_delete_delete_72933', table='dojo_finding', when='AFTER')), + ), + ] diff --git a/dojo/finding/deduplication.py b/dojo/finding/deduplication.py new file mode 100644 index 00000000000..7f334236dbf --- /dev/null +++ b/dojo/finding/deduplication.py @@ -0,0 +1,564 @@ +import logging +from operator import attrgetter + +import hyperlink +from django.conf import settings +from django.db.models import Prefetch +from django.db.models.query_utils import Q + +from dojo.celery import app +from dojo.decorators import dojo_async_task, dojo_model_from_id, dojo_model_to_id +from dojo.models import Finding, System_Settings + +logger = logging.getLogger(__name__) +deduplicationLogger = logging.getLogger("dojo.specific-loggers.deduplication") + + +def get_finding_models_for_deduplication(finding_ids): + """ + Load findings with optimal prefetching for deduplication operations. + This avoids N+1 queries when accessing test, engagement, product, endpoints, and original_finding. + + Args: + finding_ids: A list of Finding IDs + + Returns: + A list of Finding models with related objects prefetched + + """ + if not finding_ids: + return [] + + return list( + Finding.objects.filter(id__in=finding_ids) + .select_related("test", "test__engagement", "test__engagement__product", "test__test_type") + .prefetch_related( + "endpoints", + # Prefetch duplicates of each finding to avoid N+1 when set_duplicate iterates + Prefetch( + "original_finding", + queryset=Finding.objects.only("id", "duplicate_finding_id").order_by("-id"), + ), + ), + ) + + +@dojo_model_to_id +@dojo_async_task +@app.task +@dojo_model_from_id +def do_dedupe_finding_task(new_finding, *args, **kwargs): + return do_dedupe_finding(new_finding, *args, **kwargs) + + +@dojo_async_task +@app.task +def do_dedupe_batch_task(finding_ids, *args, **kwargs): + """ + Async task to deduplicate a batch of findings. The findings are assumed to be in the same test. + Similar to post_process_findings_batch but focused only on deduplication. + """ + # Load findings with proper prefetching + findings = get_finding_models_for_deduplication(finding_ids) + + if not findings: + logger.debug(f"no findings found for batch deduplication with IDs: {finding_ids}") + return + + # Batch dedupe + dedupe_batch_of_findings(findings) + + +def do_dedupe_finding(new_finding, *args, **kwargs): + from dojo.utils import get_custom_method # noqa: PLC0415 -- circular import + if dedupe_method := get_custom_method("FINDING_DEDUPE_METHOD"): + return dedupe_method(new_finding, *args, **kwargs) + + try: + enabled = System_Settings.objects.get(no_cache=True).enable_deduplication + except System_Settings.DoesNotExist: + logger.warning("system settings not found") + enabled = False + + if enabled: + deduplicationLogger.debug("dedupe for: " + str(new_finding.id) + + ":" + str(new_finding.title)) + deduplicationAlgorithm = new_finding.test.deduplication_algorithm + deduplicationLogger.debug("deduplication algorithm: " + deduplicationAlgorithm) + if deduplicationAlgorithm == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL: + deduplicate_unique_id_from_tool(new_finding) + elif deduplicationAlgorithm == settings.DEDUPE_ALGO_HASH_CODE: + deduplicate_hash_code(new_finding) + elif deduplicationAlgorithm == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE: + deduplicate_uid_or_hash_code(new_finding) + else: + deduplicationLogger.debug("no configuration per parser found; using legacy algorithm") + deduplicate_legacy(new_finding) + else: + deduplicationLogger.debug("dedupe: skipping dedupe because it's disabled in system settings get()") + return None + + +def deduplicate_legacy(new_finding): + _dedupe_batch_legacy([new_finding]) + + +def deduplicate_unique_id_from_tool(new_finding): + _dedupe_batch_unique_id([new_finding]) + + +def deduplicate_hash_code(new_finding): + _dedupe_batch_hash_code([new_finding]) + + +def deduplicate_uid_or_hash_code(new_finding): + _dedupe_batch_uid_or_hash([new_finding]) + + +def set_duplicate(new_finding, existing_finding): + deduplicationLogger.debug(f"new_finding.status(): {new_finding.id} {new_finding.status()}") + deduplicationLogger.debug(f"existing_finding.status(): {existing_finding.id} {existing_finding.status()}") + if existing_finding.duplicate: + deduplicationLogger.debug("existing finding: %s:%s:duplicate=%s;duplicate_finding=%s", existing_finding.id, existing_finding.title, existing_finding.duplicate, existing_finding.duplicate_finding.id if existing_finding.duplicate_finding else "None") + msg = "Existing finding is a duplicate" + raise Exception(msg) + if existing_finding.id == new_finding.id: + msg = "Can not add duplicate to itself" + raise Exception(msg) + if is_duplicate_reopen(new_finding, existing_finding): + msg = "Found a regression. Ignore this so that a new duplicate chain can be made" + raise Exception(msg) + if new_finding.duplicate and finding_mitigated(existing_finding): + msg = "Skip this finding as we do not want to attach a new duplicate to a mitigated finding" + raise Exception(msg) + + deduplicationLogger.debug("Setting new finding " + str(new_finding.id) + " as a duplicate of existing finding " + str(existing_finding.id)) + new_finding.duplicate = True + new_finding.active = False + new_finding.verified = False + new_finding.duplicate_finding = existing_finding + + # Make sure transitive duplication is flattened + # if A -> B and B is made a duplicate of C here, afterwards: + # A -> C and B -> C should be true + # Ordering is ensured by the prefetch in post_process_findings_batch + # (we prefetch "original_finding" ordered by -id), so avoid calling + # order_by here to prevent bypassing the prefetch cache. + for find in new_finding.original_finding.all(): + new_finding.original_finding.remove(find) + set_duplicate(find, existing_finding) + existing_finding.found_by.add(new_finding.test.test_type) + logger.debug("saving new finding: %d", new_finding.id) + super(Finding, new_finding).save() + logger.debug("saving existing finding: %d", existing_finding.id) + super(Finding, existing_finding).save() + + +def is_duplicate_reopen(new_finding, existing_finding) -> bool: + return finding_mitigated(existing_finding) and finding_not_human_set_status(existing_finding) and not finding_mitigated(new_finding) + + +def finding_mitigated(finding: Finding) -> bool: + return finding.active is False and (finding.is_mitigated is True or finding.mitigated is not None) + + +def finding_not_human_set_status(finding: Finding) -> bool: + return finding.out_of_scope is False and finding.false_p is False + + +def set_duplicate_reopen(new_finding, existing_finding): + logger.debug("duplicate reopen existing finding") + existing_finding.mitigated = new_finding.mitigated + existing_finding.is_mitigated = new_finding.is_mitigated + existing_finding.active = new_finding.active + existing_finding.verified = new_finding.verified + existing_finding.notes.create(author=existing_finding.reporter, + entry="This finding has been automatically re-opened as it was found in recent scans.") + existing_finding.save() + + +def is_deduplication_on_engagement_mismatch(new_finding, to_duplicate_finding): + if new_finding.test.engagement != to_duplicate_finding.test.engagement: + deduplication_mismatch = new_finding.test.engagement.deduplication_on_engagement \ + or to_duplicate_finding.test.engagement.deduplication_on_engagement + if deduplication_mismatch: + deduplicationLogger.debug(f"deduplication_mismatch: {deduplication_mismatch} for new_finding {new_finding.id} and to_duplicate_finding {to_duplicate_finding.id} with test.engagement {new_finding.test.engagement.id} and {to_duplicate_finding.test.engagement.id}") + return deduplication_mismatch + return False + + +def get_endpoints_as_url(finding): + return [hyperlink.parse(str(e)) for e in finding.endpoints.all()] + + +def are_urls_equal(url1, url2, fields): + deduplicationLogger.debug("Check if url %s and url %s are equal in terms of %s.", url1, url2, fields) + for field in fields: + if (field == "scheme" and url1.scheme != url2.scheme) or (field == "host" and url1.host != url2.host): + return False + if (field == "port" and url1.port != url2.port) or (field == "path" and url1.path != url2.path) or (field == "query" and url1.query != url2.query) or (field == "fragment" and url1.fragment != url2.fragment) or (field == "userinfo" and url1.userinfo != url2.userinfo) or (field == "user" and url1.user != url2.user): + return False + return True + + +def are_endpoints_duplicates(new_finding, to_duplicate_finding): + fields = settings.DEDUPE_ALGO_ENDPOINT_FIELDS + if len(fields) == 0: + deduplicationLogger.debug("deduplication by endpoint fields is disabled") + return True + + list1 = get_endpoints_as_url(new_finding) + list2 = get_endpoints_as_url(to_duplicate_finding) + + deduplicationLogger.debug( + f"Starting deduplication by endpoint fields for finding {new_finding.id} with urls {list1} and finding {to_duplicate_finding.id} with urls {list2}", + ) + if list1 == [] and list2 == []: + return True + + for l1 in list1: + for l2 in list2: + if are_urls_equal(l1, l2, fields): + return True + + deduplicationLogger.debug(f"endpoints are not duplicates: {new_finding.id} and {to_duplicate_finding.id}") + return False + + +def build_dedupe_scope_queryset(test): + scope_on_engagement = test.engagement.deduplication_on_engagement + if scope_on_engagement: + scope_q = Q(test__engagement=test.engagement) + else: + # Product scope limited to current product, but exclude engagements that opted into engagement-scoped dedupe + scope_q = Q(test__engagement__product=test.engagement.product) & ( + Q(test__engagement=test.engagement) + | Q(test__engagement__deduplication_on_engagement=False) + ) + + return ( + Finding.objects.filter(scope_q) + .select_related("test", "test__engagement", "test__test_type") + .prefetch_related("endpoints") + ) + + +def find_candidates_for_deduplication_hash(test, findings): + base_queryset = build_dedupe_scope_queryset(test) + hash_codes = {f.hash_code for f in findings if getattr(f, "hash_code", None) is not None} + if not hash_codes: + return {} + existing_qs = ( + base_queryset.filter(hash_code__in=hash_codes) + .exclude(hash_code=None) + .exclude(duplicate=True) + .order_by("id") + ) + existing_by_hash = {} + for ef in existing_qs: + existing_by_hash.setdefault(ef.hash_code, []).append(ef) + deduplicationLogger.debug(f"Found {len(existing_by_hash)} existing findings by hash codes") + return existing_by_hash + + +def find_candidates_for_deduplication_unique_id(test, findings): + base_queryset = build_dedupe_scope_queryset(test) + unique_ids = {f.unique_id_from_tool for f in findings if getattr(f, "unique_id_from_tool", None) is not None} + if not unique_ids: + return {} + existing_qs = base_queryset.filter(unique_id_from_tool__in=unique_ids).exclude(unique_id_from_tool=None).exclude(duplicate=True).order_by("id") + # unique_id_from_tool can only apply to the same test_type because it is parser dependent + existing_qs = existing_qs.filter(test__test_type=test.test_type) + existing_by_uid = {} + for ef in existing_qs: + existing_by_uid.setdefault(ef.unique_id_from_tool, []).append(ef) + deduplicationLogger.debug(f"Found {len(existing_by_uid)} existing findings by unique IDs") + return existing_by_uid + + +def find_candidates_for_deduplication_uid_or_hash(test, findings): + base_queryset = build_dedupe_scope_queryset(test) + hash_codes = {f.hash_code for f in findings if getattr(f, "hash_code", None) is not None} + unique_ids = {f.unique_id_from_tool for f in findings if getattr(f, "unique_id_from_tool", None) is not None} + if not hash_codes and not unique_ids: + return {}, {} + + cond = Q() + if hash_codes: + cond |= Q(hash_code__isnull=False, hash_code__in=hash_codes) + if unique_ids: + # unique_id_from_tool can only apply to the same test_type because it is parser dependent + uid_q = Q(unique_id_from_tool__isnull=False, unique_id_from_tool__in=unique_ids) & Q(test__test_type=test.test_type) + cond |= uid_q + + existing_qs = base_queryset.filter(cond).exclude(duplicate=True).order_by("id") + + existing_by_hash = {} + existing_by_uid = {} + for ef in existing_qs: + if ef.hash_code is not None: + existing_by_hash.setdefault(ef.hash_code, []).append(ef) + if ef.unique_id_from_tool is not None: + existing_by_uid.setdefault(ef.unique_id_from_tool, []).append(ef) + deduplicationLogger.debug(f"Found {len(existing_by_uid)} existing findings by unique IDs") + deduplicationLogger.debug(f"Found {len(existing_by_hash)} existing findings by hash codes") + return existing_by_uid, existing_by_hash + + +def find_candidates_for_deduplication_legacy(test, findings): + base_queryset = build_dedupe_scope_queryset(test) + titles = {f.title for f in findings if getattr(f, "title", None)} + cwes = {f.cwe for f in findings if getattr(f, "cwe", 0)} + cwes.discard(0) + if not titles and not cwes: + return {}, {} + + existing_qs = base_queryset.filter(Q(title__in=titles) | Q(cwe__in=cwes)).exclude(duplicate=True).order_by("id") + + by_title = {} + by_cwe = {} + for ef in existing_qs: + if ef.title: + by_title.setdefault(ef.title, []).append(ef) + if getattr(ef, "cwe", 0): + by_cwe.setdefault(ef.cwe, []).append(ef) + deduplicationLogger.debug(f"Found {len(by_title)} existing findings by title") + deduplicationLogger.debug(f"Found {len(by_cwe)} existing findings by CWE") + deduplicationLogger.debug(f"Found {len(existing_qs)} existing findings by title or CWE") + return by_title, by_cwe + + +def _is_candidate_older(new_finding, candidate): + # Ensure the newer finding is marked as duplicate of the older finding + is_older = candidate.id < new_finding.id + if not is_older: + deduplicationLogger.debug(f"candidate is newer than or equal to new finding: {new_finding.id} and candidate {candidate.id}") + return is_older + + +def match_hash_candidate(new_finding, candidates_by_hash): + if new_finding.hash_code is None: + return None + possible_matches = candidates_by_hash.get(new_finding.hash_code, []) + deduplicationLogger.debug(f"Finding {new_finding.id}: Found {len(possible_matches)} findings with same hash_code, ids={[(c.id, c.hash_code) for c in possible_matches]}") + + for candidate in possible_matches: + if not _is_candidate_older(new_finding, candidate): + continue + if is_deduplication_on_engagement_mismatch(new_finding, candidate): + deduplicationLogger.debug("deduplication_on_engagement_mismatch, skipping dedupe.") + continue + if are_endpoints_duplicates(new_finding, candidate): + return candidate + return None + + +def match_unique_id_candidate(new_finding, candidates_by_uid): + if new_finding.unique_id_from_tool is None: + return None + + possible_matches = candidates_by_uid.get(new_finding.unique_id_from_tool, []) + deduplicationLogger.debug(f"Finding {new_finding.id}: Found {len(possible_matches)} findings with same unique_id_from_tool, ids={[(c.id, c.unique_id_from_tool) for c in possible_matches]}") + for candidate in possible_matches: + if not _is_candidate_older(new_finding, candidate): + deduplicationLogger.debug("UID: newer candidate, skipping dedupe.") + continue + if is_deduplication_on_engagement_mismatch(new_finding, candidate): + deduplicationLogger.debug("deduplication_on_engagement_mismatch, skipping dedupe.") + continue + return candidate + return None + + +def match_uid_or_hash_candidate(new_finding, candidates_by_uid, candidates_by_hash): + # Combine UID and hash candidates and walk oldest-first + uid_list = candidates_by_uid.get(new_finding.unique_id_from_tool, []) if new_finding.unique_id_from_tool is not None else [] + hash_list = candidates_by_hash.get(new_finding.hash_code, []) if new_finding.hash_code is not None else [] + deduplicationLogger.debug("Finding %s: UID_OR_HASH: uid_list ids=%s hash_list ids=%s", new_finding.id, [c.id for c in uid_list], [c.id for c in hash_list]) + combined_by_id = {c.id: c for c in uid_list} + for c in hash_list: + combined_by_id.setdefault(c.id, c) + deduplicationLogger.debug("Finding %s: UID_OR_HASH: combined candidate ids (sorted)=%s", new_finding.id, sorted(combined_by_id.keys())) + for candidate_id in sorted(combined_by_id.keys()): + candidate = combined_by_id[candidate_id] + if not _is_candidate_older(new_finding, candidate): + continue + if is_deduplication_on_engagement_mismatch(new_finding, candidate): + deduplicationLogger.debug("deduplication_on_engagement_mismatch, skipping dedupe.") + return None + if are_endpoints_duplicates(new_finding, candidate): + deduplicationLogger.debug("UID_OR_HASH: endpoints match, returning candidate %s with test_type %s unique_id_from_tool %s hash_code %s", candidate.id, candidate.test.test_type, candidate.unique_id_from_tool, candidate.hash_code) + return candidate + deduplicationLogger.debug("UID_OR_HASH: endpoints mismatch, skipping candidate %s", candidate.id) + return None + + +def match_legacy_candidate(new_finding, candidates_by_title, candidates_by_cwe): + # --------------------------------------------------------- + # 1) Collects all the findings that have the same: + # (title and static_finding and dynamic_finding) + # or (CWE and static_finding and dynamic_finding) + # as the new one + # (this is "cond1") + # --------------------------------------------------------- + candidates = [] + if getattr(new_finding, "title", None): + candidates.extend(candidates_by_title.get(new_finding.title, [])) + if getattr(new_finding, "cwe", 0): + candidates.extend(candidates_by_cwe.get(new_finding.cwe, [])) + + for candidate in candidates: + if not _is_candidate_older(new_finding, candidate): + continue + if is_deduplication_on_engagement_mismatch(new_finding, candidate): + deduplicationLogger.debug( + "deduplication_on_engagement_mismatch, skipping dedupe.") + continue + + flag_endpoints = False + flag_line_path = False + + # --------------------------------------------------------- + # 2) If existing and new findings have endpoints: compare them all + # Else look at line+file_path + # (if new finding is not static, do not deduplicate) + # --------------------------------------------------------- + + if candidate.endpoints.count() != 0 and new_finding.endpoints.count() != 0: + list1 = [str(e) for e in new_finding.endpoints.all()] + list2 = [str(e) for e in candidate.endpoints.all()] + if all(x in list1 for x in list2): + deduplicationLogger.debug("%s: existing endpoints are present in new finding", candidate.id) + flag_endpoints = True + elif new_finding.static_finding and new_finding.file_path and len(new_finding.file_path) > 0: + if str(candidate.line) == str(new_finding.line) and candidate.file_path == new_finding.file_path: + deduplicationLogger.debug("%s: file_path and line match", candidate.id) + flag_line_path = True + else: + deduplicationLogger.debug("no endpoints on one of the findings and file_path doesn't match; Deduplication will not occur") + else: + deduplicationLogger.debug("find.static/dynamic: %s/%s", candidate.static_finding, candidate.dynamic_finding) + deduplicationLogger.debug("new_finding.static/dynamic: %s/%s", new_finding.static_finding, new_finding.dynamic_finding) + deduplicationLogger.debug("find.file_path: %s", candidate.file_path) + deduplicationLogger.debug("new_finding.file_path: %s", new_finding.file_path) + deduplicationLogger.debug("no endpoints on one of the findings and the new finding is either dynamic or doesn't have a file_path; Deduplication will not occur") + + flag_hash = candidate.hash_code == new_finding.hash_code + + deduplicationLogger.debug( + "deduplication flags for new finding (" + ("dynamic" if new_finding.dynamic_finding else "static") + ") " + str(new_finding.id) + " and existing finding " + str(candidate.id) + + " flag_endpoints: " + str(flag_endpoints) + " flag_line_path:" + str(flag_line_path) + " flag_hash:" + str(flag_hash)) + + if (flag_endpoints or flag_line_path) and flag_hash: + return candidate + return None + + +def _dedupe_batch_hash_code(findings): + if not findings: + return + test = findings[0].test + candidates_by_hash = find_candidates_for_deduplication_hash(test, findings) + if not candidates_by_hash: + return + for new_finding in findings: + deduplicationLogger.debug(f"deduplication start for finding {new_finding.id} with DEDUPE_ALGO_HASH_CODE") + match = match_hash_candidate(new_finding, candidates_by_hash) + if match: + try: + set_duplicate(new_finding, match) + except Exception as e: + deduplicationLogger.debug(str(e)) + + +def _dedupe_batch_unique_id(findings): + if not findings: + return + test = findings[0].test + candidates_by_uid = find_candidates_for_deduplication_unique_id(test, findings) + if not candidates_by_uid: + return + for new_finding in findings: + deduplicationLogger.debug(f"deduplication start for finding {new_finding.id} with DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL") + match = match_unique_id_candidate(new_finding, candidates_by_uid) + if match: + try: + set_duplicate(new_finding, match) + except Exception as e: + deduplicationLogger.debug(str(e)) + + +def _dedupe_batch_uid_or_hash(findings): + if not findings: + return + + test = findings[0].test + candidates_by_uid, existing_by_hash = find_candidates_for_deduplication_uid_or_hash(test, findings) + if not (candidates_by_uid or existing_by_hash): + return + for new_finding in findings: + deduplicationLogger.debug(f"deduplication start for finding {new_finding.id} with DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE") + if new_finding.duplicate: + continue + + match = match_uid_or_hash_candidate(new_finding, candidates_by_uid, existing_by_hash) + if match: + try: + set_duplicate(new_finding, match) + except Exception as e: + deduplicationLogger.debug(str(e)) + continue + + +def _dedupe_batch_legacy(findings): + if not findings: + return + test = findings[0].test + candidates_by_title, candidates_by_cwe = find_candidates_for_deduplication_legacy(test, findings) + if not (candidates_by_title or candidates_by_cwe): + return + for new_finding in findings: + deduplicationLogger.debug(f"deduplication start for finding {new_finding.id} with DEDUPE_ALGO_LEGACY") + match = match_legacy_candidate(new_finding, candidates_by_title, candidates_by_cwe) + if match: + try: + set_duplicate(new_finding, match) + except Exception as e: + deduplicationLogger.debug(str(e)) + + +def dedupe_batch_of_findings(findings, *args, **kwargs): + """Batch deduplicate a list of findings. The findings are assumed to be in the same test.""" + # Pro has customer implementation which will call the Pro dedupe methods, but also the normal OS dedupe methods. + from dojo.utils import get_custom_method # noqa: PLC0415 -- circular import + if batch_dedupe_method := get_custom_method("FINDING_DEDUPE_BATCH_METHOD"): + deduplicationLogger.debug(f"Using custom deduplication method: {batch_dedupe_method.__name__}") + return batch_dedupe_method(findings, *args, **kwargs) + + if not findings: + return None + + enabled = System_Settings.objects.get().enable_deduplication + + if enabled: + # sort findings by id to ensure deduplication is deterministic/reproducible + findings = sorted(findings, key=attrgetter("id")) + + test = findings[0].test + dedup_alg = test.deduplication_algorithm + + if dedup_alg == settings.DEDUPE_ALGO_HASH_CODE: + logger.debug(f"deduplicating finding batch with DEDUPE_ALGO_HASH_CODE - {len(findings)} findings") + _dedupe_batch_hash_code(findings) + elif dedup_alg == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL: + logger.debug(f"deduplicating finding batch with DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL - {len(findings)} findings") + _dedupe_batch_unique_id(findings) + elif dedup_alg == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE: + logger.debug(f"deduplicating finding batch with DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE - {len(findings)} findings") + _dedupe_batch_uid_or_hash(findings) + else: + logger.debug(f"deduplicating finding batch with LEGACY - {len(findings)} findings") + _dedupe_batch_legacy(findings) + else: + deduplicationLogger.debug("dedupe: skipping dedupe because it's disabled in system settings get()") + return None diff --git a/dojo/finding/helper.py b/dojo/finding/helper.py index a1c7993d30f..277609d3153 100644 --- a/dojo/finding/helper.py +++ b/dojo/finding/helper.py @@ -19,6 +19,11 @@ from dojo.decorators import dojo_async_task, dojo_model_from_id, dojo_model_to_id from dojo.endpoint.utils import save_endpoints_to_add from dojo.file_uploads.helper import delete_related_files +from dojo.finding.deduplication import ( + dedupe_batch_of_findings, + do_dedupe_finding, + get_finding_models_for_deduplication, +) from dojo.models import ( Endpoint, Endpoint_Status, @@ -37,7 +42,6 @@ from dojo.utils import ( calculate_grade, close_external_issue, - do_dedupe_finding, do_false_positive_history, get_current_user, mass_model_updater, @@ -459,6 +463,59 @@ def post_process_finding_save_internal(finding, dedupe_option=True, rules_option jira_helper.push_to_jira(finding.finding_group) +@dojo_async_task(signature=True) +@app.task +def post_process_findings_batch_signature(finding_ids, *args, dedupe_option=True, rules_option=True, product_grading_option=True, + issue_updater_option=True, push_to_jira=False, user=None, **kwargs): + return post_process_findings_batch(finding_ids, dedupe_option, rules_option, product_grading_option, + issue_updater_option, push_to_jira, user, **kwargs) + + +@dojo_async_task +@app.task +def post_process_findings_batch(finding_ids, *args, dedupe_option=True, rules_option=True, product_grading_option=True, + issue_updater_option=True, push_to_jira=False, user=None, **kwargs): + + if not finding_ids: + return + + system_settings = System_Settings.objects.get() + + # use list() to force a complete query execution and related objects to be loaded once + findings = get_finding_models_for_deduplication(finding_ids) + + if not findings: + logger.debug(f"no findings found for batch deduplication with IDs: {finding_ids}") + return + + # Batch dedupe with single queries per algorithm; fallback to per-finding for anything else + if dedupe_option and system_settings.enable_deduplication: + dedupe_batch_of_findings(findings) + + if system_settings.false_positive_history: + # Only perform false positive history if deduplication is disabled + if system_settings.enable_deduplication: + deduplicationLogger.warning("skipping false positive history because deduplication is also enabled") + else: + for finding in findings: + do_false_positive_history(finding, *args, **kwargs) + + # Non-status changing tasks + if issue_updater_option: + for finding in findings: + tool_issue_updater.async_tool_issue_update(finding) + + if product_grading_option and system_settings.enable_product_grade: + calculate_grade(findings[0].test.engagement.product) + + if push_to_jira: + for finding in findings: + if finding.has_jira_issue or not finding.finding_group: + jira_helper.push_to_jira(finding) + else: + jira_helper.push_to_jira(finding.finding_group) + + @receiver(pre_delete, sender=Finding) def finding_pre_delete(sender, instance, **kwargs): logger.debug("finding pre_delete: %d", instance.id) diff --git a/dojo/importers/default_importer.py b/dojo/importers/default_importer.py index 188a31b6acb..63f41b8f744 100644 --- a/dojo/importers/default_importer.py +++ b/dojo/importers/default_importer.py @@ -1,5 +1,6 @@ import logging +from django.conf import settings from django.core.files.uploadedfile import TemporaryUploadedFile from django.core.serializers import serialize from django.db.models.query_utils import Q @@ -157,10 +158,9 @@ def process_findings( parsed_findings: list[Finding], **kwargs: dict, ) -> list[Finding]: - # Progressive batching for chord execution - post_processing_task_signatures = [] - current_batch_number = 1 - max_batch_size = 1024 + # Batched post-processing (no chord): dispatch a task per 1000 findings or on final finding + batch_finding_ids: list[int] = [] + batch_max_size = getattr(settings, "IMPORT_REIMPORT_DEDUPE_BATCH_SIZE", 1000) """ Saves findings in memory that were parsed from the scan report into the database. @@ -237,32 +237,34 @@ def process_findings( finding = self.process_vulnerability_ids(finding) # Categorize this finding as a new one new_findings.append(finding) - # all data is already saved on the finding, we only need to trigger post processing - - # We create a signature for the post processing task so we can decide to apply it async or sync + # all data is already saved on the finding, we only need to trigger post processing in batches push_to_jira = self.push_to_jira and (not self.findings_groups_enabled or not self.group_by) - post_processing_task_signature = finding_helper.post_process_finding_save_signature( - finding, - dedupe_option=True, - rules_option=True, - product_grading_option=False, - issue_updater_option=True, - push_to_jira=push_to_jira, - ) - - post_processing_task_signatures.append(post_processing_task_signature) - - # Check if we should launch a chord (batch full or end of findings) - if we_want_async(async_user=self.user) and post_processing_task_signatures: - post_processing_task_signatures, current_batch_number, _ = self.maybe_launch_post_processing_chord( - post_processing_task_signatures, - current_batch_number, - max_batch_size, - is_final_finding, - ) - else: - # Execute task immediately for synchronous processing - post_processing_task_signature() + batch_finding_ids.append(finding.id) + + # If batch is full or we're at the end, dispatch one batched task + if len(batch_finding_ids) >= batch_max_size or is_final_finding: + finding_ids_batch = list(batch_finding_ids) + batch_finding_ids.clear() + if we_want_async(async_user=self.user): + finding_helper.post_process_findings_batch_signature( + finding_ids_batch, + dedupe_option=True, + rules_option=True, + product_grading_option=True, + issue_updater_option=True, + push_to_jira=push_to_jira, + )() + else: + finding_helper.post_process_findings_batch( + finding_ids_batch, + dedupe_option=True, + rules_option=True, + product_grading_option=True, + issue_updater_option=True, + push_to_jira=push_to_jira, + ) + + # No chord: tasks are dispatched immediately above per batch for (group_name, findings) in group_names_to_findings_dict.items(): finding_helper.add_findings_to_auto_group( diff --git a/dojo/importers/default_reimporter.py b/dojo/importers/default_reimporter.py index 4813d92453a..10b3ac7148a 100644 --- a/dojo/importers/default_reimporter.py +++ b/dojo/importers/default_reimporter.py @@ -183,9 +183,7 @@ def process_findings( self.unchanged_items = [] self.group_names_to_findings_dict = {} # Progressive batching for chord execution - post_processing_task_signatures = [] - current_batch_number = 1 - max_batch_size = 1024 + # No chord: we dispatch per 1000 findings or on the final finding logger.debug(f"starting reimport of {len(parsed_findings) if parsed_findings else 0} items.") logger.debug("STEP 1: looping over findings from the reimported report and trying to match them to existing findings") @@ -205,6 +203,9 @@ def process_findings( continue cleaned_findings.append(sanitized) + batch_finding_ids: list[int] = [] + batch_max_size = 1000 + for idx, unsaved_finding in enumerate(cleaned_findings): is_final = idx == len(cleaned_findings) - 1 # Some parsers provide "mitigated" field but do not set timezone (because they are probably not available in the report) @@ -255,31 +256,34 @@ def process_findings( finding, unsaved_finding, ) - # all data is already saved on the finding, we only need to trigger post processing - - # Execute post-processing task immediately if async, otherwise execute synchronously + # all data is already saved on the finding, we only need to trigger post processing in batches push_to_jira = self.push_to_jira and (not self.findings_groups_enabled or not self.group_by) - - post_processing_task_signature = finding_helper.post_process_finding_save_signature( - finding, - dedupe_option=True, - rules_option=True, - product_grading_option=False, - issue_updater_option=True, - push_to_jira=push_to_jira, - ) - post_processing_task_signatures.append(post_processing_task_signature) - - # Check if we should launch a chord (batch full or end of findings) - if we_want_async(async_user=self.user) and post_processing_task_signatures: - post_processing_task_signatures, current_batch_number, _ = self.maybe_launch_post_processing_chord( - post_processing_task_signatures, - current_batch_number, - max_batch_size, - is_final, - ) - else: - post_processing_task_signature() + batch_finding_ids.append(finding.id) + + # If batch is full or we're at the end, dispatch one batched task + if len(batch_finding_ids) >= batch_max_size or is_final: + finding_ids_batch = list(batch_finding_ids) + batch_finding_ids.clear() + if we_want_async(async_user=self.user): + finding_helper.post_process_findings_batch_signature( + finding_ids_batch, + dedupe_option=True, + rules_option=True, + product_grading_option=True, + issue_updater_option=True, + push_to_jira=push_to_jira, + )() + else: + finding_helper.post_process_findings_batch( + finding_ids_batch, + dedupe_option=True, + rules_option=True, + product_grading_option=True, + issue_updater_option=True, + push_to_jira=push_to_jira, + ) + + # No chord: tasks are dispatched immediately above per batch self.to_mitigate = (set(self.original_items) - set(self.reactivated_items) - set(self.unchanged_items)) # due to #3958 we can have duplicates inside the same report @@ -483,6 +487,10 @@ def process_matched_mitigated_finding( to cover circumstances where mitigation timestamps are different, and decide which one to honor """ + if existing_finding.fix_available != unsaved_finding.fix_available: + existing_finding.fix_available = unsaved_finding.fix_available + existing_finding.fix_version = unsaved_finding.fix_version + # if the reimported item has a mitigation time, we can compare if unsaved_finding.is_mitigated: # The new finding is already mitigated, so nothing to change on the @@ -592,6 +600,9 @@ def process_matched_active_finding( # First check that the existing finding is definitely not mitigated if not (existing_finding.mitigated and existing_finding.is_mitigated): logger.debug("Reimported item matches a finding that is currently open.") + if existing_finding.fix_available != unsaved_finding.fix_available: + existing_finding.fix_available = unsaved_finding.fix_available + existing_finding.fix_version = unsaved_finding.fix_version if unsaved_finding.is_mitigated: logger.debug("Reimported mitigated item matches a finding that is currently open, closing.") # TODO: Implement a date comparison for opened defectdojo findings before closing them by reimporting, diff --git a/dojo/jira_link/helper.py b/dojo/jira_link/helper.py index bf2b0101fed..c3df5e1cf37 100644 --- a/dojo/jira_link/helper.py +++ b/dojo/jira_link/helper.py @@ -783,7 +783,11 @@ def push_finding_to_jira(finding, *args, **kwargs): @app.task @dojo_model_from_id(model=Finding_Group) def push_finding_group_to_jira(finding_group, *args, **kwargs): + # Look for findings that have single ticket associations separate from the group + for finding in finding_group.findings.filter(jira_issue__isnull=False): + update_jira_issue(finding, *args, **kwargs) if finding_group.has_jira_issue: + # Update the jira issue for the group return update_jira_issue(finding_group, *args, **kwargs) return add_jira_issue(finding_group, *args, **kwargs) diff --git a/dojo/management/commands/clear_celery_queue.py b/dojo/management/commands/clear_celery_queue.py new file mode 100644 index 00000000000..514d6892bfa --- /dev/null +++ b/dojo/management/commands/clear_celery_queue.py @@ -0,0 +1,115 @@ +import logging + +from django.core.management.base import BaseCommand + +from dojo.celery import app + +logger = logging.getLogger(__name__) + + +class Command(BaseCommand): + help = "Clear (purge) all tasks from Celery queues" + + def add_arguments(self, parser): + parser.add_argument( + "--queue", + type=str, + help="Specific queue name to clear (default: all queues)", + ) + parser.add_argument( + "--dry-run", + action="store_true", + help="Show what would be cleared without actually clearing", + ) + parser.add_argument( + "--force", + action="store_true", + help="Skip confirmation prompt (use with caution)", + ) + + def handle(self, *args, **options): + queue_name = options["queue"] + dry_run = options["dry_run"] + force = options["force"] + + # Get connection to broker + with app.connection() as conn: + # Get all queues or specific queue + if queue_name: + queues = [queue_name] + self.stdout.write(f"Targeting queue: {queue_name}") + else: + # Get all active queues from the broker + inspector = app.control.inspect() + active_queues = inspector.active_queues() + if active_queues: + # Extract unique queue names from all workers + queues = set() + for worker_queues in active_queues.values(): + queues.update(queue_info["name"] for queue_info in worker_queues) + queues = list(queues) + else: + # Fallback: try common default queue + queues = ["celery"] + self.stdout.write(f"Found {len(queues)} queue(s) to process") + + if not queues: + self.stdout.write(self.style.WARNING("No queues found to clear")) + return + + # Show what will be cleared + total_purged = 0 + for queue in queues: + try: + # Get queue length using channel + with conn.channel() as channel: + _, message_count, _ = channel.queue_declare(queue=queue, passive=True) + except Exception as e: + logger.debug(f"Could not get message count for queue {queue}: {e}") + message_count = "unknown" + + if dry_run: + self.stdout.write( + self.style.WARNING(f" Would purge {message_count} messages from queue: {queue}"), + ) + else: + self.stdout.write(f" Queue '{queue}': {message_count} messages") + + if dry_run: + self.stdout.write(self.style.SUCCESS("\nDry run complete. Use without --dry-run to actually purge.")) + return + + # Confirmation prompt + if not force: + self.stdout.write( + self.style.WARNING( + f"\nThis will permanently delete all messages from {len(queues)} queue(s).", + ), + ) + confirm = input("Are you sure you want to continue? (yes/no): ") + if confirm.lower() not in {"yes", "y"}: + self.stdout.write(self.style.ERROR("Operation cancelled.")) + return + + # Purge queues using direct channel purge + self.stdout.write("\nPurging queues...") + for queue in queues: + try: + with conn.channel() as channel: + purged_count = channel.queue_purge(queue=queue) + total_purged += purged_count + self.stdout.write( + self.style.SUCCESS(f" ✓ Purged {purged_count} messages from queue: {queue}"), + ) + except Exception as e: + self.stdout.write( + self.style.ERROR(f" ✗ Failed to purge queue '{queue}': {e}"), + ) + logger.error(f"Error purging queue {queue}: {e}") + + if total_purged > 0: + self.stdout.write( + self.style.SUCCESS(f"\nSuccessfully purged {total_purged} message(s) from {len(queues)} queue(s)."), + ) + else: + self.stdout.write(self.style.WARNING("\nNo messages were purged (queues may have been empty).")) diff --git a/dojo/management/commands/dedupe.py b/dojo/management/commands/dedupe.py index 90e063c975f..a8e0a538cfe 100644 --- a/dojo/management/commands/dedupe.py +++ b/dojo/management/commands/dedupe.py @@ -1,12 +1,19 @@ import logging +from django.conf import settings from django.core.management.base import BaseCommand +from django.db.models import Prefetch +from dojo.finding.deduplication import ( + dedupe_batch_of_findings, + do_dedupe_batch_task, + do_dedupe_finding, + do_dedupe_finding_task, + get_finding_models_for_deduplication, +) from dojo.models import Finding, Product from dojo.utils import ( calculate_grade, - do_dedupe_finding, - do_dedupe_finding_task, get_system_setting, mass_model_updater, ) @@ -26,11 +33,11 @@ def generate_hash_code(f): class Command(BaseCommand): """ - Updates hash codes and/or runs deduplication for findings. Hashcode calculation always runs in the foreground, dedupe by default runs in the background. - Usage: manage.py dedupe [--parser "Parser1 Scan" --parser "Parser2 Scan"...] [--hash_code_only] [--dedupe_only] [--dedupe_sync]' + Updates hash codes and/or runs deduplication for findings. Hashcode calculation always runs in the foreground, dedupe by default runs in the background in batch mode. + Usage: manage.py dedupe [--parser "Parser1 Scan" --parser "Parser2 Scan"...] [--hash_code_only] [--dedupe_only] [--dedupe_sync] [--dedupe_batch_mode]' """ - help = 'Usage: manage.py dedupe [--parser "Parser1 Scan" --parser "Parser2 Scan"...] [--hash_code_only] [--dedupe_only] [--dedupe_sync]' + help = 'Usage: manage.py dedupe [--parser "Parser1 Scan" --parser "Parser2 Scan"...] [--hash_code_only] [--dedupe_only] [--dedupe_sync] [--dedupe_batch_mode]' def add_arguments(self, parser): parser.add_argument( @@ -43,28 +50,45 @@ def add_arguments(self, parser): parser.add_argument("--hash_code_only", action="store_true", help="Only compute hash codes") parser.add_argument("--dedupe_only", action="store_true", help="Only run deduplication") parser.add_argument("--dedupe_sync", action="store_true", help="Run dedupe in the foreground, default false") + parser.add_argument( + "--dedupe_batch_mode", + action="store_true", + default=True, + help="Deduplicate in batches (similar to import), works with both sync and async modes (default: True)", + ) def handle(self, *args, **options): restrict_to_parsers = options["parser"] hash_code_only = options["hash_code_only"] dedupe_only = options["dedupe_only"] dedupe_sync = options["dedupe_sync"] + dedupe_batch_mode = options.get("dedupe_batch_mode", True) # Default to True (batch mode enabled) if restrict_to_parsers is not None: - findings = Finding.objects.filter(test__test_type__name__in=restrict_to_parsers) + findings = Finding.objects.filter(test__test_type__name__in=restrict_to_parsers).exclude(duplicate=True) logger.info("######## Will process only parsers %s and %d findings ########", *restrict_to_parsers, findings.count()) else: # add filter on id to make counts not slow on mysql - findings = Finding.objects.all().filter(id__gt=0) + # exclude duplicates to avoid reprocessing findings that are already marked as duplicates + findings = Finding.objects.all().filter(id__gt=0).exclude(duplicate=True) logger.info("######## Will process the full database with %d findings ########", findings.count()) + # Prefetch related objects for synchronous deduplication + findings = findings.select_related( + "test", "test__engagement", "test__engagement__product", "test__test_type", + ).prefetch_related( + "endpoints", + Prefetch( + "original_finding", + queryset=Finding.objects.only("id", "duplicate_finding_id").order_by("-id"), + ), + ) + # Phase 1: update hash_codes without deduplicating if not dedupe_only: logger.info("######## Start Updating Hashcodes (foreground) ########") - # only prefetch here for hash_code calculation - finds = findings.prefetch_related("endpoints", "test__test_type") - mass_model_updater(Finding, finds, generate_hash_code, fields=["hash_code"], order="asc", log_prefix="hash_code computation ") + mass_model_updater(Finding, findings, generate_hash_code, fields=["hash_code"], order="asc", log_prefix="hash_code computation ") logger.info("######## Done Updating Hashcodes########") @@ -72,17 +96,72 @@ def handle(self, *args, **options): if not hash_code_only: if get_system_setting("enable_deduplication"): logger.info("######## Start deduplicating (%s) ########", ("foreground" if dedupe_sync else "background")) - if dedupe_sync: + if dedupe_batch_mode: + self._dedupe_batch_mode(findings, dedupe_sync=dedupe_sync) + elif dedupe_sync: mass_model_updater(Finding, findings, do_dedupe_finding, fields=None, order="desc", page_size=100, log_prefix="deduplicating ") else: # async tasks only need the id mass_model_updater(Finding, findings.only("id"), lambda f: do_dedupe_finding_task(f.id), fields=None, order="desc", log_prefix="deduplicating ") - # update the grading (if enabled) - logger.debug("Updating grades for products...") - for product in Product.objects.all(): - calculate_grade(product) + if dedupe_sync: + # update the grading (if enabled) and only useful in sync mode + # in async mode the background task that grades products every hour will pick it up + logger.debug("Updating grades for products...") + for product in Product.objects.all(): + calculate_grade(product) logger.info("######## Done deduplicating (%s) ########", ("foreground" if dedupe_sync else "tasks submitted to celery")) else: logger.debug("skipping dedupe because it's disabled in system settings") + + def _dedupe_batch_mode(self, findings_queryset, *, dedupe_sync: bool = True): + """ + Deduplicate findings in batches of max 1000 per test (similar to import process). + This is more efficient than processing findings one-by-one. + Can run synchronously or asynchronously. + """ + mode_str = "synchronous" if dedupe_sync else "asynchronous" + logger.info(f"######## Deduplicating in batch mode ({mode_str}) ########") + + batch_max_size = getattr(settings, "IMPORT_REIMPORT_DEDUPE_BATCH_SIZE", 1000) + total_findings = findings_queryset.count() + logger.info(f"Processing {total_findings} findings in batches of max {batch_max_size} per test ({mode_str})") + + # Group findings by test_id to process them in batches per test + test_ids = findings_queryset.values_list("test_id", flat=True).distinct() + total_tests = len(test_ids) + total_processed = 0 + + for test_id in test_ids: + # Get finding IDs for this test (exclude duplicates to avoid reprocessing) + test_finding_ids = list(findings_queryset.filter(test_id=test_id).exclude(duplicate=True).values_list("id", flat=True)) + + if not test_finding_ids: + continue + + # Process findings for this test in batches of max batch_max_size + batch_finding_ids = [] + for idx, finding_id in enumerate(test_finding_ids): + is_final_finding_for_test = idx == len(test_finding_ids) - 1 + batch_finding_ids.append(finding_id) + + # If batch is full or we're at the end of this test's findings, process the batch + if len(batch_finding_ids) >= batch_max_size or is_final_finding_for_test: + if dedupe_sync: + # Synchronous: load findings and process immediately + batch_findings = get_finding_models_for_deduplication(batch_finding_ids) + logger.debug(f"Deduplicating batch of {len(batch_findings)} findings for test {test_id}") + dedupe_batch_of_findings(batch_findings) + else: + # Asynchronous: submit task with finding IDs + logger.debug(f"Submitting async batch task for {len(batch_finding_ids)} findings for test {test_id}") + do_dedupe_batch_task(batch_finding_ids) + + total_processed += len(batch_finding_ids) + batch_finding_ids = [] + + if total_processed % (batch_max_size * 10) == 0: + logger.info(f"Processed {total_processed}/{total_findings} findings") + + logger.info(f"######## Completed batch deduplication for {total_processed} findings across {total_tests} tests ({mode_str}) ########") diff --git a/dojo/models.py b/dojo/models.py index 0f586dcfbb6..24875b400f1 100644 --- a/dojo/models.py +++ b/dojo/models.py @@ -2234,6 +2234,7 @@ def deduplication_algorithm(self): @property def hash_code_fields(self): + """Retrieve OS HASH_CODE_FIELDS_PER_SCANNER settings. Be aware when calling this to make sure Pro doesn't use these OS seetings""" hashCodeFields = None if hasattr(settings, "HASHCODE_FIELDS_PER_SCANNER"): @@ -2434,6 +2435,11 @@ class Finding(models.Model): default=None, verbose_name=_("Fix Available"), help_text=_("Denotes if there is a fix available for this flaw.")) + fix_version = models.CharField(null=True, + blank=True, + max_length=100, + verbose_name=_("Fix version"), + help_text=_("Version of the affected component in which the flaw is fixed.")) impact = models.TextField(verbose_name=_("Impact"), null=True, blank=True, @@ -2911,7 +2917,7 @@ def compute_hash_code(self): # Allow Pro to overwrite compute hash_code which gets dedupe settings from a database instead of django.settings from dojo.utils import get_custom_method # noqa: PLC0415 circular import if compute_hash_code_method := get_custom_method("FINDING_COMPUTE_HASH_METHOD"): - deduplicationLogger.debug("using custom compute_hash_code method") + deduplicationLogger.debug("using custom FINDING_COMPUTE_HASH_METHOD method") return compute_hash_code_method(self) # Check if all needed settings are defined @@ -3494,15 +3500,16 @@ def violates_sla(self): def set_hash_code(self, dedupe_option): from dojo.utils import get_custom_method # noqa: PLC0415 circular import if hash_method := get_custom_method("FINDING_HASH_METHOD"): + deduplicationLogger.debug("Using custom hash method") hash_method(self, dedupe_option) # Finding.save is called once from serializers.py with dedupe_option=False because the finding is not ready yet, for example the endpoints are not built # It is then called a second time with dedupe_option defaulted to true; now we can compute the hash_code and run the deduplication elif dedupe_option: if self.hash_code is not None: - deduplicationLogger.debug("Hash_code already computed for finding") + deduplicationLogger.debug("Hash_code already computed for finding %i", self.id) else: self.hash_code = self.compute_hash_code() - deduplicationLogger.debug("Hash_code computed for finding: %s", self.hash_code) + deduplicationLogger.debug("Hash_code computed for finding %i: %s", self.id, self.hash_code) class FindingAdmin(admin.ModelAdmin): diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 54c9af4f23b..359b6c8edde 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -115,6 +115,7 @@ DD_SOCIAL_AUTH_CREATE_USER=(bool, True), # if True creates user at first login DD_SOCIAL_AUTH_CREATE_USER_MAPPING=(str, "username"), # could also be email or fullname DD_SOCIAL_LOGIN_AUTO_REDIRECT=(bool, False), # auto-redirect if there is only one social login method + DD_SOCIAL_AUTH_REDIRECT_IS_HTTPS=(bool, False), # If true, the redirect after login will use the HTTPS protocol DD_SOCIAL_AUTH_TRAILING_SLASH=(bool, True), DD_SOCIAL_AUTH_OIDC_AUTH_ENABLED=(bool, False), DD_SOCIAL_AUTH_OIDC_OIDC_ENDPOINT=(str, ""), @@ -273,6 +274,8 @@ DD_EDITABLE_MITIGATED_DATA=(bool, False), # new feature that tracks history across multiple reimports for the same test DD_TRACK_IMPORT_HISTORY=(bool, True), + # Batch size for import/reimport deduplication processing + DD_IMPORT_REIMPORT_DEDUPE_BATCH_SIZE=(int, 1000), # Delete Auditlogs older than x month; -1 to keep all logs DD_AUDITLOG_FLUSH_RETENTION_PERIOD=(int, -1), # Batch size for flushing audit logs per task run @@ -582,6 +585,7 @@ def generate_url(scheme, double_slashes, user, password, host, port, path, param # Showing login form (form is not needed for external auth: OKTA, Google Auth, etc.) SHOW_LOGIN_FORM = env("DD_SOCIAL_AUTH_SHOW_LOGIN_FORM") SOCIAL_LOGIN_AUTO_REDIRECT = env("DD_SOCIAL_LOGIN_AUTO_REDIRECT") +SOCIAL_AUTH_REDIRECT_IS_HTTPS = env("DD_SOCIAL_AUTH_REDIRECT_IS_HTTPS") SOCIAL_AUTH_CREATE_USER = env("DD_SOCIAL_AUTH_CREATE_USER") SOCIAL_AUTH_CREATE_USER_MAPPING = env("DD_SOCIAL_AUTH_CREATE_USER_MAPPING") @@ -1410,6 +1414,7 @@ def saml2_attrib_map_format(din): "Cycognito Scan": ["title", "severity"], "OpenVAS Parser v2": ["title", "severity", "vuln_id_from_tool", "endpoints"], "Snyk Issue API Scan": ["vuln_id_from_tool", "file_path"], + "n0s1 Scanner": ["description"], } # Override the hardcoded settings here via the env var @@ -1693,6 +1698,7 @@ def saml2_attrib_map_format(din): DISABLE_FINDING_MERGE = env("DD_DISABLE_FINDING_MERGE") TRACK_IMPORT_HISTORY = env("DD_TRACK_IMPORT_HISTORY") +IMPORT_REIMPORT_DEDUPE_BATCH_SIZE = env("DD_IMPORT_REIMPORT_DEDUPE_BATCH_SIZE") # ------------------------------------------------------------------------------ # JIRA diff --git a/dojo/templates/dojo/view_finding.html b/dojo/templates/dojo/view_finding.html index c8f79b63b25..2626130ed07 100755 --- a/dojo/templates/dojo/view_finding.html +++ b/dojo/templates/dojo/view_finding.html @@ -554,6 +554,12 @@

{% if finding.component_version %} Component Version {% endif %} + {% if finding.fix_available %} + Fix Available + {% endif %} + {% if finding.fix_version %} + Fixed Version + {% endif %} {% if finding.has_jira_configured or finding.jira_issue %} JIRA JIRA Change @@ -611,6 +617,20 @@

{% endif %} + {% if finding.fix_available %} + + + {{ finding.fix_available }} + + + {% endif %} + {% if finding.fix_version %} + + + {{ finding.fix_version }} + + + {% endif %} {% if finding.has_jira_configured or finding.has_jira_issue or finding.has_jira_group_issue %} {% if finding.has_jira_group_issue %} diff --git a/dojo/tools/anchore_grype/parser.py b/dojo/tools/anchore_grype/parser.py index 2cf89b87f44..34b55b738a9 100644 --- a/dojo/tools/anchore_grype/parser.py +++ b/dojo/tools/anchore_grype/parser.py @@ -121,11 +121,16 @@ def get_findings(self, file, test): finding_description += f"\n**Package URL:** {artifact_purl}" finding_mitigation = None + fix_available = False + fix_version = None if vuln_fix_versions: + fix_available = True finding_mitigation = "Upgrade to version:" if len(vuln_fix_versions) == 1: finding_mitigation += f" {vuln_fix_versions[0]}" + fix_version = vuln_fix_versions[0] else: + fix_version = ", ".join(vuln_fix_versions) for fix_version in vuln_fix_versions: finding_mitigation += f"\n- {fix_version}" @@ -200,6 +205,8 @@ def get_findings(self, file, test): dynamic_finding=False, nb_occurences=1, file_path=file_path, + fix_available=fix_available, + fix_version=fix_version, ) dupes[dupe_key].unsaved_vulnerability_ids = vulnerability_ids diff --git a/dojo/tools/n0s1/__init__.py b/dojo/tools/n0s1/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/dojo/tools/n0s1/parser.py b/dojo/tools/n0s1/parser.py new file mode 100644 index 00000000000..bbfc60422e2 --- /dev/null +++ b/dojo/tools/n0s1/parser.py @@ -0,0 +1,86 @@ + +import json + +from dojo.models import Finding +from dojo.tools.parser_test import ParserTest + + +class N0s1Parser: + def get_scan_types(self): + return ["n0s1 Scanner"] + + def get_label_for_scan_types(self, scan_type): + return scan_type + + def get_description_for_scan_types(self, scan_type): + return "JSON output from the n0s1 scanner." + + def get_tests(self, scan_type, handle): + data = json.load(handle) + subscanner = self.detect_subscanner(data) + test = ParserTest( + name=subscanner, + parser_type=subscanner, + version=data.get("tool", {}).get("version", ""), + description=f"Scan from {subscanner}", + ) + test.findings = self.get_findings_from_data(data) + return [test] + + def get_findings(self, scan_file, test): + data = json.load(scan_file) + return self.get_findings_from_data(data) + + def detect_subscanner(self, data): + platforms = {f.get("details", {}).get("platform", "") for f in data.get("findings", {}).values()} + if "Confluence" in platforms: + return "n0s1 Confluence" + if "GitHub" in platforms: + return "n0s1 GitHub" + if "GitLab" in platforms: + return "n0s1 GitLab" + return "n0s1" + + def get_findings_from_data(self, data): + dupes = {} + regex_configs = {} + if "regex_config" in data and "rules" in data["regex_config"]: + for rule in data["regex_config"]["rules"]: + regex_configs[rule["id"]] = rule + for finding_id, finding_data in data.get("findings", {}).items(): + details = finding_data.get("details", {}) + regex_ref = details.get("matched_regex_config", {}) + regex_id = regex_ref.get("id") + regex_info = regex_configs.get(regex_id, {}) + merged_regex = { + "id": regex_id, + "description": regex_ref.get("description", regex_info.get("description", "N/A")), + "regex": regex_ref.get("regex", regex_info.get("regex", "N/A")), + "keywords": regex_info.get("keywords", []), + "tags": regex_info.get("tags", []), + } + title = merged_regex["id"] or "n0s1 Finding" + description = f"**URL:** {finding_data.get('url', 'N/A')}\n" + description += f"**Secret:** {finding_data.get('secret', 'N/A')}\n" + description += f"**Platform:** {details.get('platform', 'N/A')}\n" + description += f"**Ticket Field:** {details.get('ticket_field', 'N/A')}\n" + description += f"**Regex ID:** {merged_regex['id']}\n" + description += f"**Regex Description:** {merged_regex['description']}\n" + description += f"**Regex Pattern:** {merged_regex['regex']}\n" + if merged_regex["keywords"]: + description += f"**Keywords:** {', '.join(merged_regex['keywords'])}\n" + if merged_regex["tags"]: + description += f"**Tags:** {', '.join(merged_regex['tags'])}\n" + dupe_key = finding_data.get("id", finding_id) + if dupe_key in dupes: + continue + finding = Finding( + title=title, + description=description, + severity="High", + dynamic_finding=True, + static_finding=False, + unique_id_from_tool=dupe_key, + ) + dupes[dupe_key] = finding + return list(dupes.values()) diff --git a/dojo/tools/nexpose/parser.py b/dojo/tools/nexpose/parser.py index 9c03ba8f277..d2a9b28541c 100644 --- a/dojo/tools/nexpose/parser.py +++ b/dojo/tools/nexpose/parser.py @@ -63,7 +63,7 @@ def parse_html_type(self, node): ret += "
  • " + str(node.text).strip() + "
    • " if tag == "orderedlist": i = 1 - for item in list(node): + for i, item in enumerate(node): ret += ( "
      " + str(i) @@ -71,7 +71,6 @@ def parse_html_type(self, node): + self.parse_html_type(item) + "
    " ) - i += 1 if tag == "paragraph": if len(list(node)) > 0: for child in list(node): diff --git a/dojo/utils.py b/dojo/utils.py index fc676e8d2cf..a00ba7b48f1 100644 --- a/dojo/utils.py +++ b/dojo/utils.py @@ -16,7 +16,6 @@ import bleach import crum import cvss -import hyperlink import vobject from asteval import Interpreter from auditlog.models import LogEntry @@ -237,353 +236,6 @@ def match_finding_to_existing_findings(finding, product=None, engagement=None, t return None -# true if both findings are on an engagement that have a different "deduplication on engagement" configuration -def is_deduplication_on_engagement_mismatch(new_finding, to_duplicate_finding): - return not new_finding.test.engagement.deduplication_on_engagement and to_duplicate_finding.test.engagement.deduplication_on_engagement - - -def get_endpoints_as_url(finding): - return [hyperlink.parse(str(e)) for e in finding.endpoints.all()] - - -def are_urls_equal(url1, url2, fields): - # Possible values are: scheme, host, port, path, query, fragment, userinfo, and user. - # For a details description see https://hyperlink.readthedocs.io/en/latest/api.html#attributes - deduplicationLogger.debug("Check if url %s and url %s are equal in terms of %s.", url1, url2, fields) - for field in fields: - if field == "scheme": - if url1.scheme != url2.scheme: - return False - elif field == "host": - if url1.host != url2.host: - return False - elif field == "port": - if url1.port != url2.port: - return False - elif field == "path": - if url1.path != url2.path: - return False - elif field == "query": - if url1.query != url2.query: - return False - elif field == "fragment": - if url1.fragment != url2.fragment: - return False - elif field == "userinfo": - if url1.userinfo != url2.userinfo: - return False - elif field == "user": - if url1.user != url2.user: - return False - else: - logger.warning("Field " + field + " is not supported by the endpoint dedupe algorithm, ignoring it.") - return True - - -def are_endpoints_duplicates(new_finding, to_duplicate_finding): - fields = settings.DEDUPE_ALGO_ENDPOINT_FIELDS - # shortcut if fields list is empty/feature is disabled - if len(fields) == 0: - deduplicationLogger.debug("deduplication by endpoint fields is disabled") - return True - - list1 = get_endpoints_as_url(new_finding) - list2 = get_endpoints_as_url(to_duplicate_finding) - - deduplicationLogger.debug(f"Starting deduplication by endpoint fields for finding {new_finding.id} with urls {list1} and finding {to_duplicate_finding.id} with urls {list2}") - if list1 == [] and list2 == []: - return True - - for l1 in list1: - for l2 in list2: - if are_urls_equal(l1, l2, fields): - return True - return False - - -@dojo_model_to_id -@dojo_async_task -@app.task -@dojo_model_from_id -def do_dedupe_finding_task(new_finding, *args, **kwargs): - return do_dedupe_finding(new_finding, *args, **kwargs) - - -def do_dedupe_finding(new_finding, *args, **kwargs): - if dedupe_method := get_custom_method("FINDING_DEDUPE_METHOD"): - return dedupe_method(new_finding, *args, **kwargs) - - try: - enabled = System_Settings.objects.get(no_cache=True).enable_deduplication - except System_Settings.DoesNotExist: - logger.warning("system settings not found") - enabled = False - if enabled: - deduplicationLogger.debug("dedupe for: " + str(new_finding.id) - + ":" + str(new_finding.title)) - deduplicationAlgorithm = new_finding.test.deduplication_algorithm - deduplicationLogger.debug("deduplication algorithm: " + deduplicationAlgorithm) - if deduplicationAlgorithm == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL: - deduplicate_unique_id_from_tool(new_finding) - elif deduplicationAlgorithm == settings.DEDUPE_ALGO_HASH_CODE: - deduplicate_hash_code(new_finding) - elif deduplicationAlgorithm == settings.DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE: - deduplicate_uid_or_hash_code(new_finding) - else: - deduplicationLogger.debug("no configuration per parser found; using legacy algorithm") - deduplicate_legacy(new_finding) - else: - deduplicationLogger.debug("dedupe: skipping dedupe because it's disabled in system settings get()") - return None - - -def deduplicate_legacy(new_finding): - # --------------------------------------------------------- - # 1) Collects all the findings that have the same: - # (title and static_finding and dynamic_finding) - # or (CWE and static_finding and dynamic_finding) - # as the new one - # (this is "cond1") - # --------------------------------------------------------- - if new_finding.test.engagement.deduplication_on_engagement: - eng_findings_cwe = Finding.objects.filter( - test__engagement=new_finding.test.engagement, - cwe=new_finding.cwe).exclude(id=new_finding.id).exclude(cwe=0).exclude(duplicate=True).values("id") - eng_findings_title = Finding.objects.filter( - test__engagement=new_finding.test.engagement, - title=new_finding.title).exclude(id=new_finding.id).exclude(duplicate=True).values("id") - else: - eng_findings_cwe = Finding.objects.filter( - test__engagement__product=new_finding.test.engagement.product, - cwe=new_finding.cwe).exclude(id=new_finding.id).exclude(cwe=0).exclude(duplicate=True).values("id") - eng_findings_title = Finding.objects.filter( - test__engagement__product=new_finding.test.engagement.product, - title=new_finding.title).exclude(id=new_finding.id).exclude(duplicate=True).values("id") - - total_findings = Finding.objects.filter(Q(id__in=eng_findings_cwe) | Q(id__in=eng_findings_title)).prefetch_related("endpoints", "test", "test__engagement", "found_by", "original_finding", "test__test_type") - deduplicationLogger.debug("Found " - + str(len(eng_findings_cwe)) + " findings with same cwe, " - + str(len(eng_findings_title)) + " findings with same title: " - + str(len(total_findings)) + " findings with either same title or same cwe") - - # total_findings = total_findings.order_by('date') - for find in total_findings.order_by("id"): - flag_endpoints = False - flag_line_path = False - flag_hash = False - if is_deduplication_on_engagement_mismatch(new_finding, find): - deduplicationLogger.debug( - "deduplication_on_engagement_mismatch, skipping dedupe.") - continue - - # --------------------------------------------------------- - # 2) If existing and new findings have endpoints: compare them all - # Else look at line+file_path - # (if new finding is not static, do not deduplicate) - # --------------------------------------------------------- - - if find.endpoints.count() != 0 and new_finding.endpoints.count() != 0: - list1 = [str(e) for e in new_finding.endpoints.all()] - list2 = [str(e) for e in find.endpoints.all()] - - if all(x in list1 for x in list2): - deduplicationLogger.debug("%s: existing endpoints are present in new finding", find.id) - flag_endpoints = True - elif new_finding.static_finding and new_finding.file_path and len(new_finding.file_path) > 0: - if str(find.line) == str(new_finding.line) and find.file_path == new_finding.file_path: - deduplicationLogger.debug("%s: file_path and line match", find.id) - flag_line_path = True - else: - deduplicationLogger.debug("no endpoints on one of the findings and file_path doesn't match; Deduplication will not occur") - else: - deduplicationLogger.debug("find.static/dynamic: %s/%s", find.static_finding, find.dynamic_finding) - deduplicationLogger.debug("new_finding.static/dynamic: %s/%s", new_finding.static_finding, new_finding.dynamic_finding) - deduplicationLogger.debug("find.file_path: %s", find.file_path) - deduplicationLogger.debug("new_finding.file_path: %s", new_finding.file_path) - - deduplicationLogger.debug("no endpoints on one of the findings and the new finding is either dynamic or doesn't have a file_path; Deduplication will not occur") - - if find.hash_code == new_finding.hash_code: - flag_hash = True - - deduplicationLogger.debug( - "deduplication flags for new finding (" + ("dynamic" if new_finding.dynamic_finding else "static") + ") " + str(new_finding.id) + " and existing finding " + str(find.id) - + " flag_endpoints: " + str(flag_endpoints) + " flag_line_path:" + str(flag_line_path) + " flag_hash:" + str(flag_hash)) - - # --------------------------------------------------------- - # 3) Findings are duplicate if (cond1 is true) and they have the same: - # hash - # and (endpoints or (line and file_path) - # --------------------------------------------------------- - if ((flag_endpoints or flag_line_path) and flag_hash): - try: - set_duplicate(new_finding, find) - except Exception as e: - deduplicationLogger.debug(str(e)) - continue - - break - - -def deduplicate_unique_id_from_tool(new_finding): - if new_finding.test.engagement.deduplication_on_engagement: - existing_findings = Finding.objects.filter( - test__engagement=new_finding.test.engagement, - # the unique_id_from_tool is unique for a given tool: do not compare with other tools - test__test_type=new_finding.test.test_type, - unique_id_from_tool=new_finding.unique_id_from_tool).exclude( - id=new_finding.id).exclude( - unique_id_from_tool=None).exclude( - duplicate=True).order_by("id") - else: - existing_findings = Finding.objects.filter( - test__engagement__product=new_finding.test.engagement.product, - # the unique_id_from_tool is unique for a given tool: do not compare with other tools - test__test_type=new_finding.test.test_type, - unique_id_from_tool=new_finding.unique_id_from_tool).exclude( - id=new_finding.id).exclude( - unique_id_from_tool=None).exclude( - duplicate=True).order_by("id") - - deduplicationLogger.debug("Found " - + str(len(existing_findings)) + " findings with same unique_id_from_tool") - for find in existing_findings: - if is_deduplication_on_engagement_mismatch(new_finding, find): - deduplicationLogger.debug( - "deduplication_on_engagement_mismatch, skipping dedupe.") - continue - try: - set_duplicate(new_finding, find) - break - except Exception as e: - deduplicationLogger.debug(str(e)) - continue - - -def deduplicate_hash_code(new_finding): - if new_finding.test.engagement.deduplication_on_engagement: - existing_findings = Finding.objects.filter( - test__engagement=new_finding.test.engagement, - hash_code=new_finding.hash_code).exclude( - id=new_finding.id).exclude( - hash_code=None).exclude( - duplicate=True).order_by("id") - else: - existing_findings = Finding.objects.filter( - test__engagement__product=new_finding.test.engagement.product, - hash_code=new_finding.hash_code).exclude( - id=new_finding.id).exclude( - hash_code=None).exclude( - duplicate=True).order_by("id") - - deduplicationLogger.debug("Found " - + str(len(existing_findings)) + " findings with same hash_code") - for find in existing_findings: - if is_deduplication_on_engagement_mismatch(new_finding, find): - deduplicationLogger.debug( - "deduplication_on_engagement_mismatch, skipping dedupe.") - continue - try: - if are_endpoints_duplicates(new_finding, find): - set_duplicate(new_finding, find) - break - except Exception as e: - deduplicationLogger.debug(str(e)) - continue - - -def deduplicate_uid_or_hash_code(new_finding): - if new_finding.test.engagement.deduplication_on_engagement: - existing_findings = Finding.objects.filter( - (Q(hash_code__isnull=False) & Q(hash_code=new_finding.hash_code)) - # unique_id_from_tool can only apply to the same test_type because it is parser dependent - | (Q(unique_id_from_tool__isnull=False) & Q(unique_id_from_tool=new_finding.unique_id_from_tool) & Q(test__test_type=new_finding.test.test_type)), - test__engagement=new_finding.test.engagement).exclude( - id=new_finding.id).exclude( - duplicate=True).order_by("id") - else: - # same without "test__engagement=new_finding.test.engagement" condition - existing_findings = Finding.objects.filter( - (Q(hash_code__isnull=False) & Q(hash_code=new_finding.hash_code)) - | (Q(unique_id_from_tool__isnull=False) & Q(unique_id_from_tool=new_finding.unique_id_from_tool) & Q(test__test_type=new_finding.test.test_type)), - test__engagement__product=new_finding.test.engagement.product).exclude( - id=new_finding.id).exclude( - duplicate=True).order_by("id") - deduplicationLogger.debug("Found " - + str(len(existing_findings)) + " findings with either the same unique_id_from_tool or hash_code: " + str([find.id for find in existing_findings])) - for find in existing_findings: - if is_deduplication_on_engagement_mismatch(new_finding, find): - deduplicationLogger.debug( - "deduplication_on_engagement_mismatch, skipping dedupe.") - continue - try: - if are_endpoints_duplicates(new_finding, find): - set_duplicate(new_finding, find) - break - except Exception as e: - deduplicationLogger.debug(str(e)) - continue - - -def set_duplicate(new_finding, existing_finding): - deduplicationLogger.debug(f"new_finding.status(): {new_finding.id} {new_finding.status()}") - deduplicationLogger.debug(f"existing_finding.status(): {existing_finding.id} {existing_finding.status()}") - if existing_finding.duplicate: - deduplicationLogger.debug("existing finding: %s:%s:duplicate=%s;duplicate_finding=%s", existing_finding.id, existing_finding.title, existing_finding.duplicate, existing_finding.duplicate_finding.id if existing_finding.duplicate_finding else "None") - msg = "Existing finding is a duplicate" - raise Exception(msg) - if existing_finding.id == new_finding.id: - msg = "Can not add duplicate to itself" - raise Exception(msg) - if is_duplicate_reopen(new_finding, existing_finding): - msg = "Found a regression. Ignore this so that a new duplicate chain can be made" - raise Exception(msg) - if new_finding.duplicate and finding_mitigated(existing_finding): - msg = "Skip this finding as we do not want to attach a new duplicate to a mitigated finding" - raise Exception(msg) - - deduplicationLogger.debug("Setting new finding " + str(new_finding.id) + " as a duplicate of existing finding " + str(existing_finding.id)) - new_finding.duplicate = True - new_finding.active = False - new_finding.verified = False - new_finding.duplicate_finding = existing_finding - - # Make sure transitive duplication is flattened - # if A -> B and B is made a duplicate of C here, aferwards: - # A -> C and B -> C should be true - for find in new_finding.original_finding.all().order_by("-id"): - new_finding.original_finding.remove(find) - set_duplicate(find, existing_finding) - existing_finding.found_by.add(new_finding.test.test_type) - logger.debug("saving new finding: %d", new_finding.id) - super(Finding, new_finding).save() - logger.debug("saving existing finding: %d", existing_finding.id) - super(Finding, existing_finding).save() - - -def is_duplicate_reopen(new_finding, existing_finding) -> bool: - return finding_mitigated(existing_finding) and finding_not_human_set_status(existing_finding) and not finding_mitigated(new_finding) - - -def finding_mitigated(finding: Finding) -> bool: - return finding.active is False and (finding.is_mitigated is True or finding.mitigated is not None) - - -def finding_not_human_set_status(finding: Finding) -> bool: - return finding.out_of_scope is False and finding.false_p is False - - -def set_duplicate_reopen(new_finding, existing_finding): - logger.debug("duplicate reopen existing finding") - existing_finding.mitigated = new_finding.mitigated - existing_finding.is_mitigated = new_finding.is_mitigated - existing_finding.active = new_finding.active - existing_finding.verified = new_finding.verified - existing_finding.notes.create(author=existing_finding.reporter, - entry="This finding has been automatically re-opened as it was found in recent scans.") - existing_finding.save() - - def count_findings(findings: QuerySet) -> tuple[dict["Product", list[int]], dict[str, int]]: agg = ( findings.values(prod_id=F("test__engagement__product_id")) diff --git a/helm/defectdojo/Chart.yaml b/helm/defectdojo/Chart.yaml index 4b57aec7bec..9fbffd20c6b 100644 --- a/helm/defectdojo/Chart.yaml +++ b/helm/defectdojo/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 appVersion: "2.53.0-dev" description: A Helm chart for Kubernetes to install DefectDojo name: defectdojo -version: 1.8.3-dev +version: 1.9.0-dev icon: https://defectdojo.com/hubfs/DefectDojo_favicon.png maintainers: - name: madchap @@ -34,4 +34,6 @@ dependencies: # description: Critical bug annotations: artifacthub.io/prerelease: "true" - artifacthub.io/changes: "" + artifacthub.io/changes: | + - kind: fixed + description: extraAnnotations spec doesn't affect initializer job diff --git a/helm/defectdojo/README.md b/helm/defectdojo/README.md index 44d294b7ae6..919550dbe37 100644 --- a/helm/defectdojo/README.md +++ b/helm/defectdojo/README.md @@ -512,7 +512,7 @@ The HELM schema will be generated for you. # General information about chart values -![Version: 1.8.3-dev](https://img.shields.io/badge/Version-1.8.3--dev-informational?style=flat-square) ![AppVersion: 2.53.0-dev](https://img.shields.io/badge/AppVersion-2.53.0--dev-informational?style=flat-square) +![Version: 1.9.0-dev](https://img.shields.io/badge/Version-1.9.0--dev-informational?style=flat-square) ![AppVersion: 2.53.0-dev](https://img.shields.io/badge/AppVersion-2.53.0--dev-informational?style=flat-square) A Helm chart for Kubernetes to install DefectDojo @@ -700,7 +700,6 @@ A Helm chart for Kubernetes to install DefectDojo | images.nginx.image.repository | string | `"defectdojo/defectdojo-nginx"` | | | images.nginx.image.tag | string | `""` | If empty, use appVersion. Another possible values are: latest, X.X.X, X.X.X-alpine (where X.X.X is version of DD). For dev builds (only for testing purposes): nightly-dev, nightly-dev-alpine. To see all, check https://hub.docker.com/r/defectdojo/defectdojo-nginx/tags. | | initializer.affinity | object | `{}` | | -| initializer.annotations | object | `{}` | | | initializer.automountServiceAccountToken | bool | `false` | | | initializer.containerSecurityContext | object | `{}` | Container security context for the initializer Job container | | initializer.extraEnv | list | `[]` | Additional environment variables injected to the initializer job pods. | @@ -711,6 +710,7 @@ A Helm chart for Kubernetes to install DefectDojo | initializer.keepSeconds | int | `60` | A positive integer will keep this Job and Pod deployed for the specified number of seconds, after which they will be removed. For all other values, the Job and Pod will remain deployed. | | initializer.labels | object | `{}` | | | initializer.nodeSelector | object | `{}` | | +| initializer.podAnnotations | object | `{}` | | | initializer.podSecurityContext | object | `{}` | Pod security context for the initializer Job | | initializer.resources.limits.cpu | string | `"2000m"` | | | initializer.resources.limits.memory | string | `"512Mi"` | | diff --git a/helm/defectdojo/templates/initializer-job.yaml b/helm/defectdojo/templates/initializer-job.yaml index 43dcd269d8f..15d56d4f7fc 100644 --- a/helm/defectdojo/templates/initializer-job.yaml +++ b/helm/defectdojo/templates/initializer-job.yaml @@ -36,9 +36,11 @@ spec: {{- with .Values.initializer.labels }} {{- toYaml . | nindent 8 }} {{- end }} + {{- with mergeOverwrite dict .Values.extraAnnotations .Values.initializer.podAnnotations }} annotations: - {{- with .Values.initializer.annotations }} - {{- toYaml . | nindent 8 }} + {{- range $key, $value := . }} + {{ $key }}: {{ quote $value }} + {{- end }} {{- end }} spec: {{- if .Values.securityContext.enabled }} diff --git a/helm/defectdojo/values.schema.json b/helm/defectdojo/values.schema.json index 29331072e96..57b03199547 100644 --- a/helm/defectdojo/values.schema.json +++ b/helm/defectdojo/values.schema.json @@ -914,9 +914,6 @@ "affinity": { "type": "object" }, - "annotations": { - "type": "object" - }, "automountServiceAccountToken": { "type": "boolean" }, @@ -967,6 +964,9 @@ "nodeSelector": { "type": "object" }, + "podAnnotations": { + "type": "object" + }, "podSecurityContext": { "description": "Pod security context for the initializer Job", "type": "object" diff --git a/helm/defectdojo/values.yaml b/helm/defectdojo/values.yaml index cf04f33bf11..676c10cae8a 100644 --- a/helm/defectdojo/values.yaml +++ b/helm/defectdojo/values.yaml @@ -486,7 +486,7 @@ initializer: run: true automountServiceAccountToken: false jobAnnotations: {} - annotations: {} + podAnnotations: {} labels: {} # -- A positive integer will keep this Job and Pod deployed for the specified number of seconds, after which they will be removed. For all other values, the Job and Pod will remain deployed. keepSeconds: 60 diff --git a/requirements-lint.txt b/requirements-lint.txt index fcefb6c9a0f..b810e7bc123 100644 --- a/requirements-lint.txt +++ b/requirements-lint.txt @@ -1 +1 @@ -ruff==0.14.3 +ruff==0.14.5 \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index 346ac771c70..a01fc70956f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,5 +1,5 @@ # requirements.txt for DefectDojo using Python 3.x -asteval==1.0.6 +asteval==1.0.7 bleach==6.3.0 bleach[css] celery==5.5.3 @@ -7,13 +7,13 @@ defusedxml==0.7.1 django_celery_results==2.6.0 django-auditlog==3.2.1 django-pghistory==3.8.3 -django-dbbackup==5.0.0 +django-dbbackup==5.0.1 django-environ==0.12.0 django-filter==25.1 django-imagekit==6.0.0 django-multiselectfield==1.0.1 django-polymorphic==4.1.0 -django-crispy-forms==2.4 +django-crispy-forms==2.5 django_extensions==4.1 django-slack==5.19.0 django-watson==1.6.3 @@ -26,7 +26,7 @@ humanize==4.14.0 jira==3.10.5 PyGithub==2.8.1 lxml==6.0.2 -Markdown==3.9 +Markdown==3.10 openpyxl==3.1.5 Pillow==12.0.0 # required by django-imagekit psycopg[c]==3.2.12 @@ -56,15 +56,15 @@ cvss==3.6 django-fieldsignals==0.7.0 hyperlink==21.0.0 djangosaml2==1.11.1 -drf-spectacular==0.28.0 +drf-spectacular==0.29.0 drf-spectacular-sidecar==2025.10.1 django-ratelimit==4.1.0 argon2-cffi==25.1.0 blackduck==1.1.3 pycurl==7.45.7 # Required for Celery Broker AWS (SQS) support -boto3==1.40.63 # Required for Celery Broker AWS (SQS) support +boto3==1.40.73 # Required for Celery Broker AWS (SQS) support netaddr==1.3.0 -vulners==3.1.1 +vulners==3.1.2 fontawesomefree==6.6.0 PyYAML==6.0.3 pyopenssl==25.3.0 diff --git a/unittests/scans/anchore_grype/fix_available.json b/unittests/scans/anchore_grype/fix_available.json new file mode 100644 index 00000000000..42aab80d74b --- /dev/null +++ b/unittests/scans/anchore_grype/fix_available.json @@ -0,0 +1,315 @@ +{ + "matches": [ + { + "vulnerability": { + "id": "CVE-2009-3882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2009-3882", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html", + "http://java.sun.com/javase/6/webnotes/6u17.html", + "http://secunia.com/advisories/37386", + "http://security.gentoo.org/glsa/glsa-200911-02.xml", + "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084", + "https://bugzilla.redhat.com/show_bug.cgi?id=530175", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7300", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8841" + ], + "description": "Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to \"information leaks in mutable variables,\" aka Bug Id 6657026.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.4 + }, + "vendorMetadata": {} + } + ], + "fix": { + "versions": [ + "1.2.3" + ], + "state": "fixed" + }, + "advisories": [] + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:oracle:openjdk:17.0.10+7\u0000-J-ms8m:*:*:*:*:*:*:*" + ], + "Package": { + "name": "java", + "version": "17.0.10+7\u0000-J-ms8m" + } + }, + "found": { + "vulnerabilityID": "CVE-2009-3882", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "9263533999d7e833", + "name": "java", + "version": "17.0.10+7\u0000-J-ms8m", + "type": "binary", + "locations": [ + { + "path": "/opt/java/openjdk/bin/java", + "layerID": "sha256:089f13e86d6447b9182a23ca4e357b13f067208db1b04ba14cac3edb51c2e6a8" + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:oracle:openjdk:17.0.10+7\u0000-J-ms8m:*:*:*:*:*:*:*" + ], + "purl": "pkg:generic/java@17.0.10%2B7\u0000-J-ms8m", + "upstreams": [] + } + } + ], + "source": { + "type": "image", + "target": { + "userInput": "REDACTED", + "imageID": "sha256:07a3eb7aaaaaaaaa69f29ff9a2945c9bb0a6592654421b8357c", + "manifestDigest": "sha256:4e1c538085614cbc0c9affbb206abbec3220118425409662e46b3d4bb71d1b6d", + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "tags": [], + "imageSize": 514054352, + "layers": [ + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5faf9c0a9efe4675ecd21a4ec417d51077d5e75da9e673161a94e7d6cd43f92c", + "size": 72802466 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:61bb835859af3b3418d9e5115ee0d0421d771af4b576354cb47e4911898411e6", + "size": 45773705 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:089f13e86d6447b9182a23ca4e357b13f067208db1b04ba14cac3edb51c2e6a8", + "size": 140722808 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:8a6992ae127d603d9816b4ac8d1b3b3f6b0bb29b1e64e38c86247805de797dcd", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:31c91cb1196883a0861aa5f1d363e6e343070418704db46e47df1735eb95e473", + "size": 1182 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:2adb74596640882e72d1cfd59684d1d3053a4eaccc8cbd4ff769a6bc103736d9", + "size": 1780912 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:d3bd5e7d3a771e112ed5b0f61be054654d828c5198f6aee29dc57fb47f5ecede", + "size": 60515187 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:ebe801fcbe62d62d5bee3994743f3d556ecea3c6fcac9e4eb9c4b157cfd5c05d", + "size": 1143874 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:cdf08086dbb4ff8e9de7b5986a4fe720a91b3508932988a9931a44bc595c0451", + "size": 32 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:62cee45bfd8de3003a1745ba5cce836429b96fab015d6c8d347edb5fc2b8f538", + "size": 393832 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:7d93f74f90a566f90f6ce733e1f03e592770f0eb579ebb3339ac43732913dcf5", + "size": 368 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:b626fe3114d1abd6c629c5adeb769fe28112e0268242a1bc66497ec6c6fddfc0", + "size": 1734 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:ecdc721e0f0e4244958fd6ed4aa658f600f66cc49e8e258680bbb8f0781b1eae", + "size": 2102 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:c3f7d9738db6fe33aa41e359b35ccad67c52e9e1fe1d2aa8ae986a52c63abdbc", + "size": 28 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:43054870c5ee79c9c489db42b054d832ed7ad38bb85d7d085ae6d9ed0fa22191", + "size": 31964241 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:629931e16568b7012bc94fa971085301f8239812690ff2422fcbf2a22475eb57", + "size": 158934808 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:9fdd7c20fc0792669cf8e16a770c40d99c0fa3bf74b51500270b762b1420047d", + "size": 17073 + } + ], + "manifest": "ewogICJzY2hlbWFWZXJzaW9uIjogMiwKICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubWFuaWZlc3QudjEranNvbiIsCiAgImNvbmZpZyI6IHsKICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5jb25maWcudjEranNvbiIsCiAgICAiZGlnZXN0IjogInNoYTI1NjowN2EzZWI3YjhlZTM2ZTkxYjZlMmIzZWU2YTFiOTY5ZjI5ZmY5YTI5NDVjOWJiMGE2NTkyNjU0NDIxYjgzNTdjIiwKICAgICJzaXplIjogMTE4ODgKICB9LAogICJsYXllcnMiOiBbCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjYzZTliYmUzMjMyNzRlNzdlNThkNzdjNmFiNjgwMmQyNDc0NThmNzg0MjIyZmJiMDdhMjU1NmQ2ZWM3NGVlMDUiLAogICAgICAic2l6ZSI6IDI4NTg0MzE3CiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1Njo0NDgyYjE5MjIwMjFmYjdhNzE5MzI4MzEzMmM5MTQzYTQ2ZjhjNmUzZjIyNTgyY2NhYWViMzAyM2VmOGYwYWUzIiwKICAgICAgInNpemUiOiAxNjkyMDU2MwogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6MjJhZGMyZTM2ZjljODJkN2JiYTFiODJjZWExNjIxNmE2MWZhNzIzYzQ3MDlkMTAwZDM4OTVhNDRhZDBlYzlkYSIsCiAgICAgICJzaXplIjogNDcxNjQxMjYKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OmE5MzkxN2Y4N2FjM2ExZTljMGM5MDJjYmMyNjcwNTMyZmYyMDhiOGI5NmE0NzAyYTUzMGU2ZmVkMzQyOGQ0MDkiLAogICAgICAic2l6ZSI6IDE1OQogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6ZmMwZDZlYzBmNmE0YWRiN2UwMGUyMDdjYzBmMWRmOTM0M2ViOTM0MDQxOTU1MTg4MjU2YWE5MGNhZTgwMDdjYiIsCiAgICAgICJzaXplIjogNzMzCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjozYjQwMjk2N2UxYjJhYWRlMDBjOTkwZWFlZmQ3NjEyMjYzZTFkNTZlMzMyNTE0Yzg5OTljZGM2NjYyNzVhYmRkIiwKICAgICAgInNpemUiOiA0Njk2NDIKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjI3NTA5NjI4OTY4MjQ3ZDNmNTg5Yjk5NGUzNWU1NWI5YjJjNTI3NzQ0NGFjNGUyMzg5OTcwM2UzNjRhZjY1ZjUiLAogICAgICAic2l6ZSI6IDM4Njk3NzM5CiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1Njo5ZWQwNmM0ZWRkMTllYzRjMDBhM2YxODlhMDNkOGM1Yzg0ODM4ZTc3MzQ3MTkwZDlmMTM1MDhkZDk5ZWZmMjk4IiwKICAgICAgInNpemUiOiAzNTA3MjcKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjRmNGZiNzAwZWY1NDQ2MWNmYTAyNTcxYWUwZGI5YTBkYzFlMGNkYjU1Nzc0ODRhNmQ3NWU2OGRjMzhlOGFjYzEiLAogICAgICAic2l6ZSI6IDMyCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1Njo3YTFhMTQxMTQ3ZjYyMTY2MmJlYWUyZDc5MzcwODMyODU4YjFiY2EzZDIyMmRkNzY0YTYwYjY4NGViN2E0NzNlIiwKICAgICAgInNpemUiOiAyMDYKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjJhM2YxNDM3NDVjNTBjMTRhMTJmZDBmYTdkOTAzYmY4MzBjZGQ2NTc2NDNhZWQ0MTVhNjMzMmEwMDdlMmEzMzMiLAogICAgICAic2l6ZSI6IDE5OTgKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OmZjNTkxNmUxMWEzOTc5ZmM0NzFiOWFkMWU0NDIwMDBiZmI1YmQyNjJlZjg0YWFiOWYyMGJmODRiNzFmYmJkYzAiLAogICAgICAic2l6ZSI6IDM3NQogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6ZjE2MTJmYWNkMjhiNDIzOWEwNmE5OGZiNWUxMWMzMjViYmZkYmNkOGJjZWVkMDdlZDE2NjcxZWFkODdkOTQ2YiIsCiAgICAgICJzaXplIjogOTE1CiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjoxMTFlYTU5YmNiNjZjZjYxOTFiYzU5YTI4ZTU4ZTI0MzIyNjkwYmFlODU2MTc4MThjZDY5YTYxNzM0MjAwYWIyIiwKICAgICAgInNpemUiOiAxMTAzCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjoxYWIxNjY5OWQ2ZDlkNzVkYzg0MmE4ZjUzMTUxM2NiYzk4OWFiYTY0Y2UxZWEzNjA2YTIzMmRlMWU0ZWVkNGIzIiwKICAgICAgInNpemUiOiAyNTYKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjRmNGZiNzAwZWY1NDQ2MWNmYTAyNTcxYWUwZGI5YTBkYzFlMGNkYjU1Nzc0ODRhNmQ3NWU2OGRjMzhlOGFjYzEiLAogICAgICAic2l6ZSI6IDMyCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjpiMTMyMmJhYWE5Zjc3MmMwNzJlOWY0NDhkZjJkMDZiNjZkYmEyNzhkNTY3MGIyYWYwZDM5Njg0OTBkOTJlMzUwIiwKICAgICAgInNpemUiOiAxODg4MzQ2NgogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6NGY0ZmI3MDBlZjU0NDYxY2ZhMDI1NzFhZTBkYjlhMGRjMWUwY2RiNTU3NzQ4NGE2ZDc1ZTY4ZGMzOGU4YWNjMSIsCiAgICAgICJzaXplIjogMzIKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OmExYzc5YjJlZjkwYmExZDlhZTMwZjNhOGNlNzEyYjQ0MGU0YWEyOGIxODc1NzA4ZmRjMTYwNzJkMTgyNTBhNmIiLAogICAgICAic2l6ZSI6IDE0OTQyMjY4OAogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6MzBhNmQ2NTMzN2JiOGE0Njg2MTUyMDVmMzFjOTJkYjZmMmRmYTFmMzJkNzI1Y2IxZjcwZjQwYjE4ODA1OGMyOSIsCiAgICAgICJzaXplIjogMzI1NgogICAgfQogIF0KfQ==", + "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJVc2VyIjoiY2FtcyIsIkV4cG9zZWRQb3J0cyI6eyI4MDgwL3RjcCI6e319LCJFbnYiOlsiUEFUSD0vb3B0L2phdmEvb3Blbmpkay9iaW46L3Vzci9sb2NhbC9zYmluOi91c3IvbG9jYWwvYmluOi91c3Ivc2JpbjovdXNyL2Jpbjovc2JpbjovYmluIiwiSkFWQV9IT01FPS9vcHQvamF2YS9vcGVuamRrIiwiTEFORz1lbl9VUy5VVEYtOCIsIkxBTkdVQUdFPWVuX1VTOmVuIiwiTENfQUxMPWVuX1VTLlVURi04IiwiSkFWQV9WRVJTSU9OPWpkay0xNy4wLjEwKzciLCJKQVZBX09QVFM9LVhYOk1pblJBTVBlcmNlbnRhZ2U9NTAgLVhYOk1heFJBTVBlcmNlbnRhZ2U9ODAgLVhYOitVc2VDb250YWluZXJTdXBwb3J0IiwiU1BSSU5HX0NPTkZJR19MT0NBVElPTj1maWxlOi9ldGMvY2Ftcy8iLCJTUFJJTkdfUFJPRklMRVNfQUNUSVZFPSIsIkNBTVNfQVBQTElDQVRJT049YXBwbGljYXRpb24uamFyIiwiQ0FNU19BUFBfUE9SVD04MDgwIiwiVkVSU0lPTj0wLjE1MC4wIiwiTkFNRT1qb3VybmFsLXJlcG9ydC1zZXJ2aWNlcy1hcHAiXSwiRW50cnlwb2ludCI6WyIvdXNyL2xvY2FsL2Jpbi9kb2NrZXItZW50cnlwb2ludC5zaCJdLCJXb3JraW5nRGlyIjoiL29wdC9jYW1zIiwiTGFiZWxzIjp7ImFyY2hpdGVjdHVyZSI6IiIsImJ6Y29tcG9uZW50Ijoiam91cm5hbC1yZXBvcnQtc2VydmljZXMtYXBwIiwibWFpbnRhaW5lciI6IlRlY2huZXN0IElUIFx1MDAzY2l0QHRlY2huZXN0LmVzXHUwMDNlIiwibmFtZSI6ImpvdXJuYWwtcmVwb3J0LXNlcnZpY2VzLWFwcCIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5yZWYubmFtZSI6InVidW50dSIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS52ZXJzaW9uIjoiMjAuMDQiLCJyZWxlYXNlIjoiMC4xNTAuMCIsInZlcnNpb24iOiIwLjE1MC4wIn19LCJjcmVhdGVkIjoiMjAyNC0wNC0xMFQwNjoyMzoxMC42NTIyMDEwNVoiLCJoaXN0b3J5IjpbeyJjcmVhdGVkIjoiMjAyNC0wMi0xNlQyMTozMjo0OS42NjE2NzY5NVoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIEFSRyBSRUxFQVNFIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDItMTZUMjE6MzI6NDkuNjk0NjczMjkzWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSAgQVJHIExBVU5DSFBBRF9CVUlMRF9BUkNIIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDItMTZUMjE6MzI6NDkuNzE5ODk2NTMxWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSAgTEFCRUwgb3JnLm9wZW5jb250YWluZXJzLmltYWdlLnJlZi5uYW1lPXVidW50dSIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTAyLTE2VDIxOjMyOjQ5Ljc1ODkxMzc1N1oiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIExBQkVMIG9yZy5vcGVuY29udGFpbmVycy5pbWFnZS52ZXJzaW9uPTIwLjA0IiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDItMTZUMjE6MzI6NTIuMTc2NDA4NDFaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIEFERCBmaWxlOmEyNTc5OGYzMTIxOTAwMGQ2YTgyZDJjOTI1ODc0MzkyNmIxYTQwMDUzMGQxMmRiYjFlYWRmMmMyNTE5Zjk4ODggaW4gLyAifSx7ImNyZWF0ZWQiOiIyMDI0LTAyLTE2VDIxOjMyOjUyLjM5MTMzMzc1NFoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIENNRCBbXCIvYmluL2Jhc2hcIl0iLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wMy0yN1QxNTo0NDoxMloiLCJjcmVhdGVkX2J5IjoiRU5WIEpBVkFfSE9NRT0vb3B0L2phdmEvb3BlbmpkayIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDMtMjdUMTU6NDQ6MTJaIiwiY3JlYXRlZF9ieSI6IkVOViBQQVRIPS9vcHQvamF2YS9vcGVuamRrL2JpbjovdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTAzLTI3VDE1OjQ0OjEyWiIsImNyZWF0ZWRfYnkiOiJFTlYgTEFORz1lbl9VUy5VVEYtOCBMQU5HVUFHRT1lbl9VUzplbiBMQ19BTEw9ZW5fVVMuVVRGLTgiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTAzLTI3VDE1OjQ0OjEyWiIsImNyZWF0ZWRfYnkiOiJSVU4gL2Jpbi9zaCAtYyBzZXQgLWV1eDsgICAgIGFwdC1nZXQgdXBkYXRlOyAgICAgREVCSUFOX0ZST05URU5EPW5vbmludGVyYWN0aXZlIGFwdC1nZXQgaW5zdGFsbCAteSAtLW5vLWluc3RhbGwtcmVjb21tZW5kcyAgICAgICAgIGN1cmwgICAgICAgICB3Z2V0ICAgICAgICAgZm9udGNvbmZpZyAgICAgICAgIGNhLWNlcnRpZmljYXRlcyBwMTEta2l0ICAgICAgICAgdHpkYXRhICAgICAgICAgbG9jYWxlcyAgICAgOyAgICAgZWNobyBcImVuX1VTLlVURi04IFVURi04XCIgXHUwMDNlXHUwMDNlIC9ldGMvbG9jYWxlLmdlbjsgICAgIGxvY2FsZS1nZW4gZW5fVVMuVVRGLTg7ICAgICBybSAtcmYgL3Zhci9saWIvYXB0L2xpc3RzLyogIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wMy0yN1QxNTo0NDoxMloiLCJjcmVhdGVkX2J5IjoiRU5WIEpBVkFfVkVSU0lPTj1qZGstMTcuMC4xMCs3IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wMy0yN1QxNTo0NDoxMloiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgc2V0IC1ldXg7ICAgICBBUkNIPVwiJChkcGtnIC0tcHJpbnQtYXJjaGl0ZWN0dXJlKVwiOyAgICAgY2FzZSBcIiR7QVJDSH1cIiBpbiAgICAgICAgYWFyY2g2NHxhcm02NCkgICAgICAgICAgRVNVTT0nMTYwODBkMDU1ZGEwOTYyZmJkNmI0MGY2NTlhOThhNDU3Y2JhM2VmYTdlYTcxNmQ1NDAwY2ZlYmU4YjkzNWJmMCc7ICAgICAgICAgIEJJTkFSWV9VUkw9J2h0dHBzOi8vZ2l0aHViLmNvbS9hZG9wdGl1bS90ZW11cmluMTctYmluYXJpZXMvcmVsZWFzZXMvZG93bmxvYWQvamRrLTE3LjAuMTAlMkI3L09wZW5KREsxN1UtanJlX2FhcmNoNjRfbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgIGFtZDY0fGkzODY6eDg2LTY0KSAgICAgICAgICBFU1VNPSc2MjBjYzBlNzMzOGYyNzIyZjNlZDA3NmFjNjVjMGZhZmI1NzU5ODE0MjZiYWM0ZTE5NzA4NjBlNWUyZDA0OGYwJzsgICAgICAgICAgQklOQVJZX1VSTD0naHR0cHM6Ly9naXRodWIuY29tL2Fkb3B0aXVtL3RlbXVyaW4xNy1iaW5hcmllcy9yZWxlYXNlcy9kb3dubG9hZC9qZGstMTcuMC4xMCUyQjcvT3BlbkpESzE3VS1qcmVfeDY0X2xpbnV4X2hvdHNwb3RfMTcuMC4xMF83LnRhci5neic7ICAgICAgICAgIDs7ICAgICAgICBhcm1oZnxhcm0pICAgICAgICAgIEVTVU09JzAzNzhiZGY2NzY5NjMyYjE4MmIyN2JhNGU1M2IxN2VhZWZlZmRiYWZhMzg0NWMxNWUxYmQ4OGE1YWVlYzg0NDInOyAgICAgICAgICBCSU5BUllfVVJMPSdodHRwczovL2dpdGh1Yi5jb20vYWRvcHRpdW0vdGVtdXJpbjE3LWJpbmFyaWVzL3JlbGVhc2VzL2Rvd25sb2FkL2pkay0xNy4wLjEwJTJCNy9PcGVuSkRLMTdVLWpyZV9hcm1fbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgIHBwYzY0ZWx8cG93ZXJwYzpjb21tb242NCkgICAgICAgICAgRVNVTT0nNGUxOGI2MGRiYTU0MGI1YzQzMWZmMDNmNzRhMWM3M2IyMmQ4MzE1MWY5M2I4NzY4MjQxZDI2NGQxYTUzNTgyZCc7ICAgICAgICAgIEJJTkFSWV9VUkw9J2h0dHBzOi8vZ2l0aHViLmNvbS9hZG9wdGl1bS90ZW11cmluMTctYmluYXJpZXMvcmVsZWFzZXMvZG93bmxvYWQvamRrLTE3LjAuMTAlMkI3L09wZW5KREsxN1UtanJlX3BwYzY0bGVfbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgIHMzOTB4fHMzOTA6NjQtYml0KSAgICAgICAgICBFU1VNPSdjMWIyZmQyMzJmYzU1ZTgxNDQ3OWQ3NTg1ZDdlYzQ1YmFlOTUyYTJmNDEzNzA4NGYxZDk5Zjk1OGM2ODgwYTQ5JzsgICAgICAgICAgQklOQVJZX1VSTD0naHR0cHM6Ly9naXRodWIuY29tL2Fkb3B0aXVtL3RlbXVyaW4xNy1iaW5hcmllcy9yZWxlYXNlcy9kb3dubG9hZC9qZGstMTcuMC4xMCUyQjcvT3BlbkpESzE3VS1qcmVfczM5MHhfbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgICopICAgICAgICAgIGVjaG8gXCJVbnN1cHBvcnRlZCBhcmNoOiAke0FSQ0h9XCI7ICAgICAgICAgIGV4aXQgMTsgICAgICAgICAgOzsgICAgIGVzYWM7ICAgICB3Z2V0IC0tcHJvZ3Jlc3M9ZG90OmdpZ2EgLU8gL3RtcC9vcGVuamRrLnRhci5neiAke0JJTkFSWV9VUkx9OyAgICAgZWNobyBcIiR7RVNVTX0gKi90bXAvb3Blbmpkay50YXIuZ3pcIiB8IHNoYTI1NnN1bSAtYyAtOyAgICAgbWtkaXIgLXAgXCIkSkFWQV9IT01FXCI7ICAgICB0YXIgLS1leHRyYWN0ICAgICAgICAgLS1maWxlIC90bXAvb3Blbmpkay50YXIuZ3ogICAgICAgICAtLWRpcmVjdG9yeSBcIiRKQVZBX0hPTUVcIiAgICAgICAgIC0tc3RyaXAtY29tcG9uZW50cyAxICAgICAgICAgLS1uby1zYW1lLW93bmVyICAgICA7ICAgICBybSAtZiAvdG1wL29wZW5qZGsudGFyLmd6ICR7SkFWQV9IT01FfS9saWIvc3JjLnppcDsgICAgIGZpbmQgXCIkSkFWQV9IT01FL2xpYlwiIC1uYW1lICcqLnNvJyAtZXhlYyBkaXJuYW1lICd7fScgJzsnIHwgc29ydCAtdSBcdTAwM2UgL2V0Yy9sZC5zby5jb25mLmQvZG9ja2VyLW9wZW5qZGsuY29uZjsgICAgIGxkY29uZmlnOyAgICAgamF2YSAtWHNoYXJlOmR1bXA7ICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDMtMjdUMTU6NDQ6MTJaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIHNldCAtZXV4OyAgICAgZWNobyBcIlZlcmlmeWluZyBpbnN0YWxsIC4uLlwiOyAgICAgZWNobyBcImphdmEgLS12ZXJzaW9uXCI7IGphdmEgLS12ZXJzaW9uOyAgICAgZWNobyBcIkNvbXBsZXRlLlwiICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDMtMjdUMTU6NDQ6MTJaIiwiY3JlYXRlZF9ieSI6IkNPUFkgZW50cnlwb2ludC5zaCAvX19jYWNlcnRfZW50cnlwb2ludC5zaCAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTAzLTI3VDE1OjQ0OjEyWiIsImNyZWF0ZWRfYnkiOiJFTlRSWVBPSU5UIFtcIi9fX2NhY2VydF9lbnRyeXBvaW50LnNoXCJdIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNjo0NS45NDE2OTAzNzdaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIGVjaG8gJ2RlYmNvbmYgZGViY29uZi9mcm9udGVuZCBzZWxlY3QgTm9uaW50ZXJhY3RpdmUnIHwgZGViY29uZi1zZXQtc2VsZWN0aW9ucyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjAzLjA0OTQ2MjM4NVoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgYXB0IHVwZGF0ZSBcdTAwMjZcdTAwMjYgICAgIGFwdCB1cGdyYWRlIC15IFx1MDAyNlx1MDAyNiAgICAgYXB0IGluc3RhbGwgLXkgc3VkbyBwcm9jcHMgbmV0LXRvb2xzICAgICAgYXB0LXV0aWxzIHdnZXQgY3VybCBjYS1jZXJ0aWZpY2F0ZXMganEgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzowOC42OTA0MDkxODFaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIGFwdCBpbnN0YWxsIC15IGxpYmFwcjEgbGliYXBydXRpbDEgXHUwMDI2XHUwMDI2ICAgICBlY2hvICdMRF9MSUJSQVJZX1BBVEg9JExEX0xJQlJBUllfUEFUSDovdXNyL2xvY2FsL2Fwci9saWInIFx1MDAzZVx1MDAzZSAvZXRjL3Byb2ZpbGUuZC9hcGFjaGVfdG9tY2F0X25hdGl2ZV9saWJyYXJ5LnNoIFx1MDAyNlx1MDAyNiAgICAgZWNobyAnZXhwb3J0IExEX0xJQlJBUllfUEFUSCcgXHUwMDNlXHUwMDNlIC9ldGMvcHJvZmlsZS5kL2FwYWNoZV90b21jYXRfbmF0aXZlX2xpYnJhcnkuc2ggIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS4wODYxMjU1NloiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgYXB0IGNsZWFuIGF1dG9jbGVhbiBcdTAwMjZcdTAwMjYgICAgIGFwdCBhdXRvcmVtb3ZlIC15IFx1MDAyNlx1MDAyNiAgICAgcm0gLXJmIC92YXIvbGliL3thcHQsZHBrZyxjYWNoZSxsb2d9LyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjE3Njk2NjQ1MVoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgZWNobyAndW5zZXQgSElTVE9SWScgXHUwMDNlXHUwMDNlIC9ldGMvcHJvZmlsZS5kL2Rpc2FibGVfYmFzaF9oaXN0b3J5LnNoIFx1MDAyNlx1MDAyNiAgICAgZWNobyAnZXhwb3J0IEhJU1RTSVpFPTAnICBcdTAwM2VcdTAwM2UgL2V0Yy9wcm9maWxlLmQvZGlzYWJsZV9iYXNoX2hpc3Rvcnkuc2ggIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS40MTE3OTU4NjVaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIG1rZGlyIC9vcHQvY2FtcyAvZXRjL3NzbC9jYW1zIFx1MDAyNlx1MDAyNiAgICAgZ3JvdXBhZGQgLWcgMTIwMCBjYW1zIFx1MDAyNlx1MDAyNiAgICAgYWRkdXNlciAtLXN5c3RlbSAtLXNoZWxsIC9zYmluL25vbG9naW4gLS1ob21lIC9vcHQvY2FtcyAtLWdpZCAxMjAwIC0tdWlkIDEyMDAgY2FtcyBcdTAwMjZcdTAwMjYgICAgIGNob3duIGNhbXM6Y2FtcyAvb3B0L2NhbXMgL2V0Yy9zc2wvY2FtcyBcdTAwMjZcdTAwMjYgICAgIGVjaG8gJ3NvdXJjZSAvZXRjL3Byb2ZpbGUnIFx1MDAzZVx1MDAzZSAvb3B0L2NhbXMvLmJhc2hyYyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjQ0MjUyMTI3WiIsImNyZWF0ZWRfYnkiOiJBREQgY2Ftcy5zdWRvZXJzIC9ldGMvc3Vkb2Vycy5kL2NhbXMgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS40ODQxOTIwMTVaIiwiY3JlYXRlZF9ieSI6IkNPUFkgLS1jaG93bj1jYW1zOmNhbXMgZG9ja2VyLWVudHJ5cG9pbnQuc2ggL3Vzci9sb2NhbC9iaW4gIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS41OTUxODAyNTJaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIGNobW9kIDc1NSAvdXNyL2xvY2FsL2Jpbi9kb2NrZXItZW50cnlwb2ludC5zaCBcdTAwMjZcdTAwMjYgICAgIGNobW9kIDY1MCAvZXRjL3N1ZG9lcnMuZC9jYW1zICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMDlUMTM6MDc6MTEuNzM3NDg5OTQ4WiIsImNyZWF0ZWRfYnkiOiJSVU4gL2Jpbi9zaCAtYyBta2RpciAtcCAkSkFWQV9IT01FL2pyZS9saWIvc2VjdXJpdHkvIFx1MDAyNlx1MDAyNiAgICAgZWNobyBcIm5ldHdvcmthZGRyZXNzLmNhY2hlLnR0bD02MFwiIFx1MDAzZVx1MDAzZSAkSkFWQV9IT01FL2pyZS9saWIvc2VjdXJpdHkvamF2YS5zZWN1cml0eSAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjc3MzAyMjM4WiIsImNyZWF0ZWRfYnkiOiJVU0VSIGNhbXMiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjc3MzAyMjM4WiIsImNyZWF0ZWRfYnkiOiJXT1JLRElSIC9vcHQvY2FtcyIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS43NzMwMjIzOFoiLCJjcmVhdGVkX2J5IjoiRU5WIEpBVkFfT1BUUz0tWFg6TWluUkFNUGVyY2VudGFnZT01MCAtWFg6TWF4UkFNUGVyY2VudGFnZT04MCAtWFg6K1VzZUNvbnRhaW5lclN1cHBvcnQgU1BSSU5HX0NPTkZJR19MT0NBVElPTj1maWxlOi9ldGMvY2Ftcy8gU1BSSU5HX1BST0ZJTEVTX0FDVElWRT0gQ0FNU19BUFBMSUNBVElPTj1hcHBsaWNhdGlvbi5qYXIgQ0FNU19BUFBfUE9SVD04MDgwIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS43NzMwMjIzOFoiLCJjcmVhdGVkX2J5IjoiRU5UUllQT0lOVCBbXCIvdXNyL2xvY2FsL2Jpbi9kb2NrZXItZW50cnlwb2ludC5zaFwiXSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMTBUMDY6MjM6MDkuMzg0NjUzNjE4WiIsImNyZWF0ZWRfYnkiOiJFTlYgVkVSU0lPTj0wLjE1MC4wIE5BTUU9am91cm5hbC1yZXBvcnQtc2VydmljZXMtYXBwIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0xMFQwNjoyMzowOS4zODQ2NTM2MThaIiwiY3JlYXRlZF9ieSI6IkxBQkVMIGJ6Y29tcG9uZW50PWpvdXJuYWwtcmVwb3J0LXNlcnZpY2VzLWFwcCBuYW1lPWpvdXJuYWwtcmVwb3J0LXNlcnZpY2VzLWFwcCB2ZXJzaW9uPTAuMTUwLjAgcmVsZWFzZT0wLjE1MC4wIGFyY2hpdGVjdHVyZT0gbWFpbnRhaW5lcj1UZWNobmVzdCBJVCBcdTAwM2NpdEB0ZWNobmVzdC5lc1x1MDAzZSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMTBUMDY6MjM6MDkuMzg0NjUzNjE4WiIsImNyZWF0ZWRfYnkiOiJVU0VSIHJvb3QiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjA5LjM4NDY1MzYxOFoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgYXB0IHVwZGF0ZSBcdTAwMjZcdTAwMjYgYXB0IGluc3RhbGwgLXkgZm9udGNvbmZpZyBmb250cy1mcmVlZm9udC10dGYgZm9udHMtZnJlZWZvbnQtdHRmIGZvbnRzLWRlamF2dS1jb3JlIGZvbnRzLWRlamF2dS1leHRyYSAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjA5LjM4NDY1MzYxOFoiLCJjcmVhdGVkX2J5IjoiVVNFUiBjYW1zIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0xMFQwNjoyMzowOS40MTk5ODE3MDhaIiwiY3JlYXRlZF9ieSI6IldPUktESVIgL29wdC9jYW1zIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjEwLjYwMzE2NzAwOVoiLCJjcmVhdGVkX2J5IjoiQ09QWSAtLWNob3duPWNhbXM6Y2FtcyAqLmphciAvb3B0L2NhbXMvYXBwbGljYXRpb24uamFyICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMTBUMDY6MjM6MTAuNjUyMjAxMDVaIiwiY3JlYXRlZF9ieSI6IkNPUFkgLS1jaG93bj1jYW1zOmNhbXMgY29uZmlnIC9ldGMvY2FtcyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjEwLjY1MjIwMTA1WiIsImNyZWF0ZWRfYnkiOiJFWFBPU0UgbWFwWzgwODAvdGNwOnt9XSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9XSwib3MiOiJsaW51eCIsInJvb3RmcyI6eyJ0eXBlIjoibGF5ZXJzIiwiZGlmZl9pZHMiOlsic2hhMjU2OjVmYWY5YzBhOWVmZTQ2NzVlY2QyMWE0ZWM0MTdkNTEwNzdkNWU3NWRhOWU2NzMxNjFhOTRlN2Q2Y2Q0M2Y5MmMiLCJzaGEyNTY6NjFiYjgzNTg1OWFmM2IzNDE4ZDllNTExNWVlMGQwNDIxZDc3MWFmNGI1NzYzNTRjYjQ3ZTQ5MTE4OTg0MTFlNiIsInNoYTI1NjowODlmMTNlODZkNjQ0N2I5MTgyYTIzY2E0ZTM1N2IxM2YwNjcyMDhkYjFiMDRiYTE0Y2FjM2VkYjUxYzJlNmE4Iiwic2hhMjU2OjhhNjk5MmFlMTI3ZDYwM2Q5ODE2YjRhYzhkMWIzYjNmNmIwYmIyOWIxZTY0ZTM4Yzg2MjQ3ODA1ZGU3OTdkY2QiLCJzaGEyNTY6MzFjOTFjYjExOTY4ODNhMDg2MWFhNWYxZDM2M2U2ZTM0MzA3MDQxODcwNGRiNDZlNDdkZjE3MzVlYjk1ZTQ3MyIsInNoYTI1NjoyYWRiNzQ1OTY2NDA4ODJlNzJkMWNmZDU5Njg0ZDFkMzA1M2E0ZWFjY2M4Y2JkNGZmNzY5YTZiYzEwMzczNmQ5Iiwic2hhMjU2OmQzYmQ1ZTdkM2E3NzFlMTEyZWQ1YjBmNjFiZTA1NDY1NGQ4MjhjNTE5OGY2YWVlMjlkYzU3ZmI0N2Y1ZWNlZGUiLCJzaGEyNTY6ZWJlODAxZmNiZTYyZDYyZDViZWUzOTk0NzQzZjNkNTU2ZWNlYTNjNmZjYWM5ZTRlYjljNGIxNTdjZmQ1YzA1ZCIsInNoYTI1Njo1ZjcwYmYxOGEwODYwMDcwMTZlOTQ4YjA0YWVkM2I4MjEwM2EzNmJlYTQxNzU1YjZjZGRmYWYxMGFjZTNjNmVmIiwic2hhMjU2OmNkZjA4MDg2ZGJiNGZmOGU5ZGU3YjU5ODZhNGZlNzIwYTkxYjM1MDg5MzI5ODhhOTkzMWE0NGJjNTk1YzA0NTEiLCJzaGEyNTY6NjJjZWU0NWJmZDhkZTMwMDNhMTc0NWJhNWNjZTgzNjQyOWI5NmZhYjAxNWQ2YzhkMzQ3ZWRiNWZjMmI4ZjUzOCIsInNoYTI1Njo3ZDkzZjc0ZjkwYTU2NmY5MGY2Y2U3MzNlMWYwM2U1OTI3NzBmMGViNTc5ZWJiMzMzOWFjNDM3MzI5MTNkY2Y1Iiwic2hhMjU2OmI2MjZmZTMxMTRkMWFiZDZjNjI5YzVhZGViNzY5ZmUyODExMmUwMjY4MjQyYTFiYzY2NDk3ZWM2YzZmZGRmYzAiLCJzaGEyNTY6ZWNkYzcyMWUwZjBlNDI0NDk1OGZkNmVkNGFhNjU4ZjYwMGY2NmNjNDllOGUyNTg2ODBiYmI4ZjA3ODFiMWVhZSIsInNoYTI1NjpjM2Y3ZDk3MzhkYjZmZTMzYWE0MWUzNTliMzVjY2FkNjdjNTJlOWUxZmUxZDJhYThhZTk4NmE1MmM2M2FiZGJjIiwic2hhMjU2OjVmNzBiZjE4YTA4NjAwNzAxNmU5NDhiMDRhZWQzYjgyMTAzYTM2YmVhNDE3NTViNmNkZGZhZjEwYWNlM2M2ZWYiLCJzaGEyNTY6NDMwNTQ4NzBjNWVlNzljOWM0ODlkYjQyYjA1NGQ4MzJlZDdhZDM4YmI4NWQ3ZDA4NWFlNmQ5ZWQwZmEyMjE5MSIsInNoYTI1Njo1ZjcwYmYxOGEwODYwMDcwMTZlOTQ4YjA0YWVkM2I4MjEwM2EzNmJlYTQxNzU1YjZjZGRmYWYxMGFjZTNjNmVmIiwic2hhMjU2OjYyOTkzMWUxNjU2OGI3MDEyYmM5NGZhOTcxMDg1MzAxZjgyMzk4MTI2OTBmZjI0MjJmY2JmMmEyMjQ3NWViNTciLCJzaGEyNTY6OWZkZDdjMjBmYzA3OTI2NjljZjhlMTZhNzcwYzQwZDk5YzBmYTNiZjc0YjUxNTAwMjcwYjc2MmIxNDIwMDQ3ZCJdfX0=", + "repoDigests": [ + "REDACTED" + ], + "architecture": "amd64", + "os": "linux", + "labels": { + "architecture": "", + "bzcomponent": "REDACTED", + "maintainer": "REDACTED", + "name": "REDACTED", + "org.opencontainers.image.ref.name": "ubuntu", + "org.opencontainers.image.version": "20.04", + "release": "0.150.0", + "version": "0.150.0" + } + } + }, + "distro": { + "name": "ubuntu", + "version": "20.04", + "idLike": [ + "debian" + ] + }, + "descriptor": { + "name": "grype", + "version": "0.75.0", + "configuration": { + "output": [ + "json" + ], + "file": "container-report-linux-amd64.json", + "distro": "", + "add-cpes-if-none": false, + "output-template-file": "", + "check-for-app-update": true, + "only-fixed": false, + "only-notfixed": false, + "ignore-wontfix": "", + "platform": "linux/amd64", + "search": { + "scope": "squashed", + "unindexed-archives": false, + "indexed-archives": true + }, + "ignore": null, + "exclude": [], + "db": { + "cache-dir": "/root/.cache/grype/db", + "update-url": "https://toolbox-data.anchore.io/grype/databases/listing.json", + "ca-cert": "", + "auto-update": true, + "validate-by-hash-on-start": false, + "validate-age": true, + "max-allowed-built-age": 432000000000000, + "update-available-timeout": 30000000000, + "update-download-timeout": 120000000000 + }, + "externalSources": { + "enable": false, + "maven": { + "searchUpstreamBySha1": true, + "baseUrl": "https://search.maven.org/solrsearch/select" + } + }, + "match": { + "java": { + "using-cpes": false + }, + "dotnet": { + "using-cpes": false + }, + "golang": { + "using-cpes": false, + "always-use-cpe-for-stdlib": true + }, + "javascript": { + "using-cpes": false + }, + "python": { + "using-cpes": false + }, + "ruby": { + "using-cpes": false + }, + "rust": { + "using-cpes": false + }, + "stock": { + "using-cpes": true + } + }, + "fail-on-severity": "", + "registry": { + "insecure-skip-tls-verify": false, + "insecure-use-http": false, + "auth": null, + "ca-cert": "" + }, + "show-suppressed": false, + "by-cve": false, + "name": "", + "default-image-pull-source": "", + "vex-documents": [], + "vex-add": [] + }, + "db": { + "built": "2024-04-10T01:25:07Z", + "schemaVersion": 5, + "location": "/root/.cache/grype/db/5", + "checksum": "sha256:bb6e98b144551912bc9f1fe7381ad2b83c8e1d07d0b3a4c341bfea182ae1269c", + "error": null + }, + "timestamp": "2024-04-10T11:05:22.636338786Z" + } +} diff --git a/unittests/scans/anchore_grype/fix_not_available.json b/unittests/scans/anchore_grype/fix_not_available.json new file mode 100644 index 00000000000..a32a61b4c55 --- /dev/null +++ b/unittests/scans/anchore_grype/fix_not_available.json @@ -0,0 +1,313 @@ +{ + "matches": [ + { + "vulnerability": { + "id": "CVE-2009-3882", + "dataSource": "https://nvd.nist.gov/vuln/detail/CVE-2009-3882", + "namespace": "nvd:cpe", + "severity": "High", + "urls": [ + "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html", + "http://java.sun.com/javase/6/webnotes/6u17.html", + "http://secunia.com/advisories/37386", + "http://security.gentoo.org/glsa/glsa-200911-02.xml", + "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084", + "https://bugzilla.redhat.com/show_bug.cgi?id=530175", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7300", + "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8841" + ], + "description": "Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to \"information leaks in mutable variables,\" aka Bug Id 6657026.", + "cvss": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "version": "2.0", + "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "metrics": { + "baseScore": 7.5, + "exploitabilityScore": 10, + "impactScore": 6.4 + }, + "vendorMetadata": {} + } + ], + "fix": { + "versions": [], + "state": "unknown" + }, + "advisories": [] + }, + "relatedVulnerabilities": [], + "matchDetails": [ + { + "type": "cpe-match", + "matcher": "stock-matcher", + "searchedBy": { + "namespace": "nvd:cpe", + "cpes": [ + "cpe:2.3:a:oracle:openjdk:17.0.10+7\u0000-J-ms8m:*:*:*:*:*:*:*" + ], + "Package": { + "name": "java", + "version": "17.0.10+7\u0000-J-ms8m" + } + }, + "found": { + "vulnerabilityID": "CVE-2009-3882", + "versionConstraint": "none (unknown)", + "cpes": [ + "cpe:2.3:a:sun:openjdk:*:*:*:*:*:*:*:*" + ] + } + } + ], + "artifact": { + "id": "9263533999d7e833", + "name": "java", + "version": "17.0.10+7\u0000-J-ms8m", + "type": "binary", + "locations": [ + { + "path": "/opt/java/openjdk/bin/java", + "layerID": "sha256:089f13e86d6447b9182a23ca4e357b13f067208db1b04ba14cac3edb51c2e6a8" + } + ], + "language": "", + "licenses": [], + "cpes": [ + "cpe:2.3:a:oracle:openjdk:17.0.10+7\u0000-J-ms8m:*:*:*:*:*:*:*" + ], + "purl": "pkg:generic/java@17.0.10%2B7\u0000-J-ms8m", + "upstreams": [] + } + } + ], + "source": { + "type": "image", + "target": { + "userInput": "REDACTED", + "imageID": "sha256:07a3eb7aaaaaaaaa69f29ff9a2945c9bb0a6592654421b8357c", + "manifestDigest": "sha256:4e1c538085614cbc0c9affbb206abbec3220118425409662e46b3d4bb71d1b6d", + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "tags": [], + "imageSize": 514054352, + "layers": [ + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5faf9c0a9efe4675ecd21a4ec417d51077d5e75da9e673161a94e7d6cd43f92c", + "size": 72802466 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:61bb835859af3b3418d9e5115ee0d0421d771af4b576354cb47e4911898411e6", + "size": 45773705 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:089f13e86d6447b9182a23ca4e357b13f067208db1b04ba14cac3edb51c2e6a8", + "size": 140722808 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:8a6992ae127d603d9816b4ac8d1b3b3f6b0bb29b1e64e38c86247805de797dcd", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:31c91cb1196883a0861aa5f1d363e6e343070418704db46e47df1735eb95e473", + "size": 1182 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:2adb74596640882e72d1cfd59684d1d3053a4eaccc8cbd4ff769a6bc103736d9", + "size": 1780912 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:d3bd5e7d3a771e112ed5b0f61be054654d828c5198f6aee29dc57fb47f5ecede", + "size": 60515187 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:ebe801fcbe62d62d5bee3994743f3d556ecea3c6fcac9e4eb9c4b157cfd5c05d", + "size": 1143874 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:cdf08086dbb4ff8e9de7b5986a4fe720a91b3508932988a9931a44bc595c0451", + "size": 32 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:62cee45bfd8de3003a1745ba5cce836429b96fab015d6c8d347edb5fc2b8f538", + "size": 393832 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:7d93f74f90a566f90f6ce733e1f03e592770f0eb579ebb3339ac43732913dcf5", + "size": 368 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:b626fe3114d1abd6c629c5adeb769fe28112e0268242a1bc66497ec6c6fddfc0", + "size": 1734 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:ecdc721e0f0e4244958fd6ed4aa658f600f66cc49e8e258680bbb8f0781b1eae", + "size": 2102 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:c3f7d9738db6fe33aa41e359b35ccad67c52e9e1fe1d2aa8ae986a52c63abdbc", + "size": 28 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:43054870c5ee79c9c489db42b054d832ed7ad38bb85d7d085ae6d9ed0fa22191", + "size": 31964241 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", + "size": 0 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:629931e16568b7012bc94fa971085301f8239812690ff2422fcbf2a22475eb57", + "size": 158934808 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:9fdd7c20fc0792669cf8e16a770c40d99c0fa3bf74b51500270b762b1420047d", + "size": 17073 + } + ], + "manifest": "ewogICJzY2hlbWFWZXJzaW9uIjogMiwKICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubWFuaWZlc3QudjEranNvbiIsCiAgImNvbmZpZyI6IHsKICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5jb25maWcudjEranNvbiIsCiAgICAiZGlnZXN0IjogInNoYTI1NjowN2EzZWI3YjhlZTM2ZTkxYjZlMmIzZWU2YTFiOTY5ZjI5ZmY5YTI5NDVjOWJiMGE2NTkyNjU0NDIxYjgzNTdjIiwKICAgICJzaXplIjogMTE4ODgKICB9LAogICJsYXllcnMiOiBbCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjYzZTliYmUzMjMyNzRlNzdlNThkNzdjNmFiNjgwMmQyNDc0NThmNzg0MjIyZmJiMDdhMjU1NmQ2ZWM3NGVlMDUiLAogICAgICAic2l6ZSI6IDI4NTg0MzE3CiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1Njo0NDgyYjE5MjIwMjFmYjdhNzE5MzI4MzEzMmM5MTQzYTQ2ZjhjNmUzZjIyNTgyY2NhYWViMzAyM2VmOGYwYWUzIiwKICAgICAgInNpemUiOiAxNjkyMDU2MwogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6MjJhZGMyZTM2ZjljODJkN2JiYTFiODJjZWExNjIxNmE2MWZhNzIzYzQ3MDlkMTAwZDM4OTVhNDRhZDBlYzlkYSIsCiAgICAgICJzaXplIjogNDcxNjQxMjYKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OmE5MzkxN2Y4N2FjM2ExZTljMGM5MDJjYmMyNjcwNTMyZmYyMDhiOGI5NmE0NzAyYTUzMGU2ZmVkMzQyOGQ0MDkiLAogICAgICAic2l6ZSI6IDE1OQogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6ZmMwZDZlYzBmNmE0YWRiN2UwMGUyMDdjYzBmMWRmOTM0M2ViOTM0MDQxOTU1MTg4MjU2YWE5MGNhZTgwMDdjYiIsCiAgICAgICJzaXplIjogNzMzCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjozYjQwMjk2N2UxYjJhYWRlMDBjOTkwZWFlZmQ3NjEyMjYzZTFkNTZlMzMyNTE0Yzg5OTljZGM2NjYyNzVhYmRkIiwKICAgICAgInNpemUiOiA0Njk2NDIKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjI3NTA5NjI4OTY4MjQ3ZDNmNTg5Yjk5NGUzNWU1NWI5YjJjNTI3NzQ0NGFjNGUyMzg5OTcwM2UzNjRhZjY1ZjUiLAogICAgICAic2l6ZSI6IDM4Njk3NzM5CiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1Njo5ZWQwNmM0ZWRkMTllYzRjMDBhM2YxODlhMDNkOGM1Yzg0ODM4ZTc3MzQ3MTkwZDlmMTM1MDhkZDk5ZWZmMjk4IiwKICAgICAgInNpemUiOiAzNTA3MjcKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjRmNGZiNzAwZWY1NDQ2MWNmYTAyNTcxYWUwZGI5YTBkYzFlMGNkYjU1Nzc0ODRhNmQ3NWU2OGRjMzhlOGFjYzEiLAogICAgICAic2l6ZSI6IDMyCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1Njo3YTFhMTQxMTQ3ZjYyMTY2MmJlYWUyZDc5MzcwODMyODU4YjFiY2EzZDIyMmRkNzY0YTYwYjY4NGViN2E0NzNlIiwKICAgICAgInNpemUiOiAyMDYKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjJhM2YxNDM3NDVjNTBjMTRhMTJmZDBmYTdkOTAzYmY4MzBjZGQ2NTc2NDNhZWQ0MTVhNjMzMmEwMDdlMmEzMzMiLAogICAgICAic2l6ZSI6IDE5OTgKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OmZjNTkxNmUxMWEzOTc5ZmM0NzFiOWFkMWU0NDIwMDBiZmI1YmQyNjJlZjg0YWFiOWYyMGJmODRiNzFmYmJkYzAiLAogICAgICAic2l6ZSI6IDM3NQogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6ZjE2MTJmYWNkMjhiNDIzOWEwNmE5OGZiNWUxMWMzMjViYmZkYmNkOGJjZWVkMDdlZDE2NjcxZWFkODdkOTQ2YiIsCiAgICAgICJzaXplIjogOTE1CiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjoxMTFlYTU5YmNiNjZjZjYxOTFiYzU5YTI4ZTU4ZTI0MzIyNjkwYmFlODU2MTc4MThjZDY5YTYxNzM0MjAwYWIyIiwKICAgICAgInNpemUiOiAxMTAzCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjoxYWIxNjY5OWQ2ZDlkNzVkYzg0MmE4ZjUzMTUxM2NiYzk4OWFiYTY0Y2UxZWEzNjA2YTIzMmRlMWU0ZWVkNGIzIiwKICAgICAgInNpemUiOiAyNTYKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OjRmNGZiNzAwZWY1NDQ2MWNmYTAyNTcxYWUwZGI5YTBkYzFlMGNkYjU1Nzc0ODRhNmQ3NWU2OGRjMzhlOGFjYzEiLAogICAgICAic2l6ZSI6IDMyCiAgICB9LAogICAgewogICAgICAibWVkaWFUeXBlIjogImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubGF5ZXIudjEudGFyK2d6aXAiLAogICAgICAiZGlnZXN0IjogInNoYTI1NjpiMTMyMmJhYWE5Zjc3MmMwNzJlOWY0NDhkZjJkMDZiNjZkYmEyNzhkNTY3MGIyYWYwZDM5Njg0OTBkOTJlMzUwIiwKICAgICAgInNpemUiOiAxODg4MzQ2NgogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6NGY0ZmI3MDBlZjU0NDYxY2ZhMDI1NzFhZTBkYjlhMGRjMWUwY2RiNTU3NzQ4NGE2ZDc1ZTY4ZGMzOGU4YWNjMSIsCiAgICAgICJzaXplIjogMzIKICAgIH0sCiAgICB7CiAgICAgICJtZWRpYVR5cGUiOiAiYXBwbGljYXRpb24vdm5kLm9jaS5pbWFnZS5sYXllci52MS50YXIrZ3ppcCIsCiAgICAgICJkaWdlc3QiOiAic2hhMjU2OmExYzc5YjJlZjkwYmExZDlhZTMwZjNhOGNlNzEyYjQ0MGU0YWEyOGIxODc1NzA4ZmRjMTYwNzJkMTgyNTBhNmIiLAogICAgICAic2l6ZSI6IDE0OTQyMjY4OAogICAgfSwKICAgIHsKICAgICAgIm1lZGlhVHlwZSI6ICJhcHBsaWNhdGlvbi92bmQub2NpLmltYWdlLmxheWVyLnYxLnRhcitnemlwIiwKICAgICAgImRpZ2VzdCI6ICJzaGEyNTY6MzBhNmQ2NTMzN2JiOGE0Njg2MTUyMDVmMzFjOTJkYjZmMmRmYTFmMzJkNzI1Y2IxZjcwZjQwYjE4ODA1OGMyOSIsCiAgICAgICJzaXplIjogMzI1NgogICAgfQogIF0KfQ==", + "config": "eyJhcmNoaXRlY3R1cmUiOiJhbWQ2NCIsImNvbmZpZyI6eyJVc2VyIjoiY2FtcyIsIkV4cG9zZWRQb3J0cyI6eyI4MDgwL3RjcCI6e319LCJFbnYiOlsiUEFUSD0vb3B0L2phdmEvb3Blbmpkay9iaW46L3Vzci9sb2NhbC9zYmluOi91c3IvbG9jYWwvYmluOi91c3Ivc2JpbjovdXNyL2Jpbjovc2JpbjovYmluIiwiSkFWQV9IT01FPS9vcHQvamF2YS9vcGVuamRrIiwiTEFORz1lbl9VUy5VVEYtOCIsIkxBTkdVQUdFPWVuX1VTOmVuIiwiTENfQUxMPWVuX1VTLlVURi04IiwiSkFWQV9WRVJTSU9OPWpkay0xNy4wLjEwKzciLCJKQVZBX09QVFM9LVhYOk1pblJBTVBlcmNlbnRhZ2U9NTAgLVhYOk1heFJBTVBlcmNlbnRhZ2U9ODAgLVhYOitVc2VDb250YWluZXJTdXBwb3J0IiwiU1BSSU5HX0NPTkZJR19MT0NBVElPTj1maWxlOi9ldGMvY2Ftcy8iLCJTUFJJTkdfUFJPRklMRVNfQUNUSVZFPSIsIkNBTVNfQVBQTElDQVRJT049YXBwbGljYXRpb24uamFyIiwiQ0FNU19BUFBfUE9SVD04MDgwIiwiVkVSU0lPTj0wLjE1MC4wIiwiTkFNRT1qb3VybmFsLXJlcG9ydC1zZXJ2aWNlcy1hcHAiXSwiRW50cnlwb2ludCI6WyIvdXNyL2xvY2FsL2Jpbi9kb2NrZXItZW50cnlwb2ludC5zaCJdLCJXb3JraW5nRGlyIjoiL29wdC9jYW1zIiwiTGFiZWxzIjp7ImFyY2hpdGVjdHVyZSI6IiIsImJ6Y29tcG9uZW50Ijoiam91cm5hbC1yZXBvcnQtc2VydmljZXMtYXBwIiwibWFpbnRhaW5lciI6IlRlY2huZXN0IElUIFx1MDAzY2l0QHRlY2huZXN0LmVzXHUwMDNlIiwibmFtZSI6ImpvdXJuYWwtcmVwb3J0LXNlcnZpY2VzLWFwcCIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS5yZWYubmFtZSI6InVidW50dSIsIm9yZy5vcGVuY29udGFpbmVycy5pbWFnZS52ZXJzaW9uIjoiMjAuMDQiLCJyZWxlYXNlIjoiMC4xNTAuMCIsInZlcnNpb24iOiIwLjE1MC4wIn19LCJjcmVhdGVkIjoiMjAyNC0wNC0xMFQwNjoyMzoxMC42NTIyMDEwNVoiLCJoaXN0b3J5IjpbeyJjcmVhdGVkIjoiMjAyNC0wMi0xNlQyMTozMjo0OS42NjE2NzY5NVoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIEFSRyBSRUxFQVNFIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDItMTZUMjE6MzI6NDkuNjk0NjczMjkzWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSAgQVJHIExBVU5DSFBBRF9CVUlMRF9BUkNIIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDItMTZUMjE6MzI6NDkuNzE5ODk2NTMxWiIsImNyZWF0ZWRfYnkiOiIvYmluL3NoIC1jICMobm9wKSAgTEFCRUwgb3JnLm9wZW5jb250YWluZXJzLmltYWdlLnJlZi5uYW1lPXVidW50dSIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTAyLTE2VDIxOjMyOjQ5Ljc1ODkxMzc1N1oiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIExBQkVMIG9yZy5vcGVuY29udGFpbmVycy5pbWFnZS52ZXJzaW9uPTIwLjA0IiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDItMTZUMjE6MzI6NTIuMTc2NDA4NDFaIiwiY3JlYXRlZF9ieSI6Ii9iaW4vc2ggLWMgIyhub3ApIEFERCBmaWxlOmEyNTc5OGYzMTIxOTAwMGQ2YTgyZDJjOTI1ODc0MzkyNmIxYTQwMDUzMGQxMmRiYjFlYWRmMmMyNTE5Zjk4ODggaW4gLyAifSx7ImNyZWF0ZWQiOiIyMDI0LTAyLTE2VDIxOjMyOjUyLjM5MTMzMzc1NFoiLCJjcmVhdGVkX2J5IjoiL2Jpbi9zaCAtYyAjKG5vcCkgIENNRCBbXCIvYmluL2Jhc2hcIl0iLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wMy0yN1QxNTo0NDoxMloiLCJjcmVhdGVkX2J5IjoiRU5WIEpBVkFfSE9NRT0vb3B0L2phdmEvb3BlbmpkayIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDMtMjdUMTU6NDQ6MTJaIiwiY3JlYXRlZF9ieSI6IkVOViBQQVRIPS9vcHQvamF2YS9vcGVuamRrL2JpbjovdXNyL2xvY2FsL3NiaW46L3Vzci9sb2NhbC9iaW46L3Vzci9zYmluOi91c3IvYmluOi9zYmluOi9iaW4iLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTAzLTI3VDE1OjQ0OjEyWiIsImNyZWF0ZWRfYnkiOiJFTlYgTEFORz1lbl9VUy5VVEYtOCBMQU5HVUFHRT1lbl9VUzplbiBMQ19BTEw9ZW5fVVMuVVRGLTgiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTAzLTI3VDE1OjQ0OjEyWiIsImNyZWF0ZWRfYnkiOiJSVU4gL2Jpbi9zaCAtYyBzZXQgLWV1eDsgICAgIGFwdC1nZXQgdXBkYXRlOyAgICAgREVCSUFOX0ZST05URU5EPW5vbmludGVyYWN0aXZlIGFwdC1nZXQgaW5zdGFsbCAteSAtLW5vLWluc3RhbGwtcmVjb21tZW5kcyAgICAgICAgIGN1cmwgICAgICAgICB3Z2V0ICAgICAgICAgZm9udGNvbmZpZyAgICAgICAgIGNhLWNlcnRpZmljYXRlcyBwMTEta2l0ICAgICAgICAgdHpkYXRhICAgICAgICAgbG9jYWxlcyAgICAgOyAgICAgZWNobyBcImVuX1VTLlVURi04IFVURi04XCIgXHUwMDNlXHUwMDNlIC9ldGMvbG9jYWxlLmdlbjsgICAgIGxvY2FsZS1nZW4gZW5fVVMuVVRGLTg7ICAgICBybSAtcmYgL3Zhci9saWIvYXB0L2xpc3RzLyogIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wMy0yN1QxNTo0NDoxMloiLCJjcmVhdGVkX2J5IjoiRU5WIEpBVkFfVkVSU0lPTj1qZGstMTcuMC4xMCs3IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wMy0yN1QxNTo0NDoxMloiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgc2V0IC1ldXg7ICAgICBBUkNIPVwiJChkcGtnIC0tcHJpbnQtYXJjaGl0ZWN0dXJlKVwiOyAgICAgY2FzZSBcIiR7QVJDSH1cIiBpbiAgICAgICAgYWFyY2g2NHxhcm02NCkgICAgICAgICAgRVNVTT0nMTYwODBkMDU1ZGEwOTYyZmJkNmI0MGY2NTlhOThhNDU3Y2JhM2VmYTdlYTcxNmQ1NDAwY2ZlYmU4YjkzNWJmMCc7ICAgICAgICAgIEJJTkFSWV9VUkw9J2h0dHBzOi8vZ2l0aHViLmNvbS9hZG9wdGl1bS90ZW11cmluMTctYmluYXJpZXMvcmVsZWFzZXMvZG93bmxvYWQvamRrLTE3LjAuMTAlMkI3L09wZW5KREsxN1UtanJlX2FhcmNoNjRfbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgIGFtZDY0fGkzODY6eDg2LTY0KSAgICAgICAgICBFU1VNPSc2MjBjYzBlNzMzOGYyNzIyZjNlZDA3NmFjNjVjMGZhZmI1NzU5ODE0MjZiYWM0ZTE5NzA4NjBlNWUyZDA0OGYwJzsgICAgICAgICAgQklOQVJZX1VSTD0naHR0cHM6Ly9naXRodWIuY29tL2Fkb3B0aXVtL3RlbXVyaW4xNy1iaW5hcmllcy9yZWxlYXNlcy9kb3dubG9hZC9qZGstMTcuMC4xMCUyQjcvT3BlbkpESzE3VS1qcmVfeDY0X2xpbnV4X2hvdHNwb3RfMTcuMC4xMF83LnRhci5neic7ICAgICAgICAgIDs7ICAgICAgICBhcm1oZnxhcm0pICAgICAgICAgIEVTVU09JzAzNzhiZGY2NzY5NjMyYjE4MmIyN2JhNGU1M2IxN2VhZWZlZmRiYWZhMzg0NWMxNWUxYmQ4OGE1YWVlYzg0NDInOyAgICAgICAgICBCSU5BUllfVVJMPSdodHRwczovL2dpdGh1Yi5jb20vYWRvcHRpdW0vdGVtdXJpbjE3LWJpbmFyaWVzL3JlbGVhc2VzL2Rvd25sb2FkL2pkay0xNy4wLjEwJTJCNy9PcGVuSkRLMTdVLWpyZV9hcm1fbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgIHBwYzY0ZWx8cG93ZXJwYzpjb21tb242NCkgICAgICAgICAgRVNVTT0nNGUxOGI2MGRiYTU0MGI1YzQzMWZmMDNmNzRhMWM3M2IyMmQ4MzE1MWY5M2I4NzY4MjQxZDI2NGQxYTUzNTgyZCc7ICAgICAgICAgIEJJTkFSWV9VUkw9J2h0dHBzOi8vZ2l0aHViLmNvbS9hZG9wdGl1bS90ZW11cmluMTctYmluYXJpZXMvcmVsZWFzZXMvZG93bmxvYWQvamRrLTE3LjAuMTAlMkI3L09wZW5KREsxN1UtanJlX3BwYzY0bGVfbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgIHMzOTB4fHMzOTA6NjQtYml0KSAgICAgICAgICBFU1VNPSdjMWIyZmQyMzJmYzU1ZTgxNDQ3OWQ3NTg1ZDdlYzQ1YmFlOTUyYTJmNDEzNzA4NGYxZDk5Zjk1OGM2ODgwYTQ5JzsgICAgICAgICAgQklOQVJZX1VSTD0naHR0cHM6Ly9naXRodWIuY29tL2Fkb3B0aXVtL3RlbXVyaW4xNy1iaW5hcmllcy9yZWxlYXNlcy9kb3dubG9hZC9qZGstMTcuMC4xMCUyQjcvT3BlbkpESzE3VS1qcmVfczM5MHhfbGludXhfaG90c3BvdF8xNy4wLjEwXzcudGFyLmd6JzsgICAgICAgICAgOzsgICAgICAgICopICAgICAgICAgIGVjaG8gXCJVbnN1cHBvcnRlZCBhcmNoOiAke0FSQ0h9XCI7ICAgICAgICAgIGV4aXQgMTsgICAgICAgICAgOzsgICAgIGVzYWM7ICAgICB3Z2V0IC0tcHJvZ3Jlc3M9ZG90OmdpZ2EgLU8gL3RtcC9vcGVuamRrLnRhci5neiAke0JJTkFSWV9VUkx9OyAgICAgZWNobyBcIiR7RVNVTX0gKi90bXAvb3Blbmpkay50YXIuZ3pcIiB8IHNoYTI1NnN1bSAtYyAtOyAgICAgbWtkaXIgLXAgXCIkSkFWQV9IT01FXCI7ICAgICB0YXIgLS1leHRyYWN0ICAgICAgICAgLS1maWxlIC90bXAvb3Blbmpkay50YXIuZ3ogICAgICAgICAtLWRpcmVjdG9yeSBcIiRKQVZBX0hPTUVcIiAgICAgICAgIC0tc3RyaXAtY29tcG9uZW50cyAxICAgICAgICAgLS1uby1zYW1lLW93bmVyICAgICA7ICAgICBybSAtZiAvdG1wL29wZW5qZGsudGFyLmd6ICR7SkFWQV9IT01FfS9saWIvc3JjLnppcDsgICAgIGZpbmQgXCIkSkFWQV9IT01FL2xpYlwiIC1uYW1lICcqLnNvJyAtZXhlYyBkaXJuYW1lICd7fScgJzsnIHwgc29ydCAtdSBcdTAwM2UgL2V0Yy9sZC5zby5jb25mLmQvZG9ja2VyLW9wZW5qZGsuY29uZjsgICAgIGxkY29uZmlnOyAgICAgamF2YSAtWHNoYXJlOmR1bXA7ICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDMtMjdUMTU6NDQ6MTJaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIHNldCAtZXV4OyAgICAgZWNobyBcIlZlcmlmeWluZyBpbnN0YWxsIC4uLlwiOyAgICAgZWNobyBcImphdmEgLS12ZXJzaW9uXCI7IGphdmEgLS12ZXJzaW9uOyAgICAgZWNobyBcIkNvbXBsZXRlLlwiICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDMtMjdUMTU6NDQ6MTJaIiwiY3JlYXRlZF9ieSI6IkNPUFkgZW50cnlwb2ludC5zaCAvX19jYWNlcnRfZW50cnlwb2ludC5zaCAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTAzLTI3VDE1OjQ0OjEyWiIsImNyZWF0ZWRfYnkiOiJFTlRSWVBPSU5UIFtcIi9fX2NhY2VydF9lbnRyeXBvaW50LnNoXCJdIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNjo0NS45NDE2OTAzNzdaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIGVjaG8gJ2RlYmNvbmYgZGViY29uZi9mcm9udGVuZCBzZWxlY3QgTm9uaW50ZXJhY3RpdmUnIHwgZGViY29uZi1zZXQtc2VsZWN0aW9ucyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjAzLjA0OTQ2MjM4NVoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgYXB0IHVwZGF0ZSBcdTAwMjZcdTAwMjYgICAgIGFwdCB1cGdyYWRlIC15IFx1MDAyNlx1MDAyNiAgICAgYXB0IGluc3RhbGwgLXkgc3VkbyBwcm9jcHMgbmV0LXRvb2xzICAgICAgYXB0LXV0aWxzIHdnZXQgY3VybCBjYS1jZXJ0aWZpY2F0ZXMganEgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzowOC42OTA0MDkxODFaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIGFwdCBpbnN0YWxsIC15IGxpYmFwcjEgbGliYXBydXRpbDEgXHUwMDI2XHUwMDI2ICAgICBlY2hvICdMRF9MSUJSQVJZX1BBVEg9JExEX0xJQlJBUllfUEFUSDovdXNyL2xvY2FsL2Fwci9saWInIFx1MDAzZVx1MDAzZSAvZXRjL3Byb2ZpbGUuZC9hcGFjaGVfdG9tY2F0X25hdGl2ZV9saWJyYXJ5LnNoIFx1MDAyNlx1MDAyNiAgICAgZWNobyAnZXhwb3J0IExEX0xJQlJBUllfUEFUSCcgXHUwMDNlXHUwMDNlIC9ldGMvcHJvZmlsZS5kL2FwYWNoZV90b21jYXRfbmF0aXZlX2xpYnJhcnkuc2ggIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS4wODYxMjU1NloiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgYXB0IGNsZWFuIGF1dG9jbGVhbiBcdTAwMjZcdTAwMjYgICAgIGFwdCBhdXRvcmVtb3ZlIC15IFx1MDAyNlx1MDAyNiAgICAgcm0gLXJmIC92YXIvbGliL3thcHQsZHBrZyxjYWNoZSxsb2d9LyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjE3Njk2NjQ1MVoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgZWNobyAndW5zZXQgSElTVE9SWScgXHUwMDNlXHUwMDNlIC9ldGMvcHJvZmlsZS5kL2Rpc2FibGVfYmFzaF9oaXN0b3J5LnNoIFx1MDAyNlx1MDAyNiAgICAgZWNobyAnZXhwb3J0IEhJU1RTSVpFPTAnICBcdTAwM2VcdTAwM2UgL2V0Yy9wcm9maWxlLmQvZGlzYWJsZV9iYXNoX2hpc3Rvcnkuc2ggIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS40MTE3OTU4NjVaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIG1rZGlyIC9vcHQvY2FtcyAvZXRjL3NzbC9jYW1zIFx1MDAyNlx1MDAyNiAgICAgZ3JvdXBhZGQgLWcgMTIwMCBjYW1zIFx1MDAyNlx1MDAyNiAgICAgYWRkdXNlciAtLXN5c3RlbSAtLXNoZWxsIC9zYmluL25vbG9naW4gLS1ob21lIC9vcHQvY2FtcyAtLWdpZCAxMjAwIC0tdWlkIDEyMDAgY2FtcyBcdTAwMjZcdTAwMjYgICAgIGNob3duIGNhbXM6Y2FtcyAvb3B0L2NhbXMgL2V0Yy9zc2wvY2FtcyBcdTAwMjZcdTAwMjYgICAgIGVjaG8gJ3NvdXJjZSAvZXRjL3Byb2ZpbGUnIFx1MDAzZVx1MDAzZSAvb3B0L2NhbXMvLmJhc2hyYyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjQ0MjUyMTI3WiIsImNyZWF0ZWRfYnkiOiJBREQgY2Ftcy5zdWRvZXJzIC9ldGMvc3Vkb2Vycy5kL2NhbXMgIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS40ODQxOTIwMTVaIiwiY3JlYXRlZF9ieSI6IkNPUFkgLS1jaG93bj1jYW1zOmNhbXMgZG9ja2VyLWVudHJ5cG9pbnQuc2ggL3Vzci9sb2NhbC9iaW4gIyBidWlsZGtpdCIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS41OTUxODAyNTJaIiwiY3JlYXRlZF9ieSI6IlJVTiAvYmluL3NoIC1jIGNobW9kIDc1NSAvdXNyL2xvY2FsL2Jpbi9kb2NrZXItZW50cnlwb2ludC5zaCBcdTAwMjZcdTAwMjYgICAgIGNobW9kIDY1MCAvZXRjL3N1ZG9lcnMuZC9jYW1zICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMDlUMTM6MDc6MTEuNzM3NDg5OTQ4WiIsImNyZWF0ZWRfYnkiOiJSVU4gL2Jpbi9zaCAtYyBta2RpciAtcCAkSkFWQV9IT01FL2pyZS9saWIvc2VjdXJpdHkvIFx1MDAyNlx1MDAyNiAgICAgZWNobyBcIm5ldHdvcmthZGRyZXNzLmNhY2hlLnR0bD02MFwiIFx1MDAzZVx1MDAzZSAkSkFWQV9IT01FL2pyZS9saWIvc2VjdXJpdHkvamF2YS5zZWN1cml0eSAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjc3MzAyMjM4WiIsImNyZWF0ZWRfYnkiOiJVU0VSIGNhbXMiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTA5VDEzOjA3OjExLjc3MzAyMjM4WiIsImNyZWF0ZWRfYnkiOiJXT1JLRElSIC9vcHQvY2FtcyIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIn0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS43NzMwMjIzOFoiLCJjcmVhdGVkX2J5IjoiRU5WIEpBVkFfT1BUUz0tWFg6TWluUkFNUGVyY2VudGFnZT01MCAtWFg6TWF4UkFNUGVyY2VudGFnZT04MCAtWFg6K1VzZUNvbnRhaW5lclN1cHBvcnQgU1BSSU5HX0NPTkZJR19MT0NBVElPTj1maWxlOi9ldGMvY2Ftcy8gU1BSSU5HX1BST0ZJTEVTX0FDVElWRT0gQ0FNU19BUFBMSUNBVElPTj1hcHBsaWNhdGlvbi5qYXIgQ0FNU19BUFBfUE9SVD04MDgwIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0wOVQxMzowNzoxMS43NzMwMjIzOFoiLCJjcmVhdGVkX2J5IjoiRU5UUllQT0lOVCBbXCIvdXNyL2xvY2FsL2Jpbi9kb2NrZXItZW50cnlwb2ludC5zaFwiXSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMTBUMDY6MjM6MDkuMzg0NjUzNjE4WiIsImNyZWF0ZWRfYnkiOiJFTlYgVkVSU0lPTj0wLjE1MC4wIE5BTUU9am91cm5hbC1yZXBvcnQtc2VydmljZXMtYXBwIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0xMFQwNjoyMzowOS4zODQ2NTM2MThaIiwiY3JlYXRlZF9ieSI6IkxBQkVMIGJ6Y29tcG9uZW50PWpvdXJuYWwtcmVwb3J0LXNlcnZpY2VzLWFwcCBuYW1lPWpvdXJuYWwtcmVwb3J0LXNlcnZpY2VzLWFwcCB2ZXJzaW9uPTAuMTUwLjAgcmVsZWFzZT0wLjE1MC4wIGFyY2hpdGVjdHVyZT0gbWFpbnRhaW5lcj1UZWNobmVzdCBJVCBcdTAwM2NpdEB0ZWNobmVzdC5lc1x1MDAzZSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMTBUMDY6MjM6MDkuMzg0NjUzNjE4WiIsImNyZWF0ZWRfYnkiOiJVU0VSIHJvb3QiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCIsImVtcHR5X2xheWVyIjp0cnVlfSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjA5LjM4NDY1MzYxOFoiLCJjcmVhdGVkX2J5IjoiUlVOIC9iaW4vc2ggLWMgYXB0IHVwZGF0ZSBcdTAwMjZcdTAwMjYgYXB0IGluc3RhbGwgLXkgZm9udGNvbmZpZyBmb250cy1mcmVlZm9udC10dGYgZm9udHMtZnJlZWZvbnQtdHRmIGZvbnRzLWRlamF2dS1jb3JlIGZvbnRzLWRlamF2dS1leHRyYSAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjA5LjM4NDY1MzYxOFoiLCJjcmVhdGVkX2J5IjoiVVNFUiBjYW1zIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAiLCJlbXB0eV9sYXllciI6dHJ1ZX0seyJjcmVhdGVkIjoiMjAyNC0wNC0xMFQwNjoyMzowOS40MTk5ODE3MDhaIiwiY3JlYXRlZF9ieSI6IldPUktESVIgL29wdC9jYW1zIiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjEwLjYwMzE2NzAwOVoiLCJjcmVhdGVkX2J5IjoiQ09QWSAtLWNob3duPWNhbXM6Y2FtcyAqLmphciAvb3B0L2NhbXMvYXBwbGljYXRpb24uamFyICMgYnVpbGRraXQiLCJjb21tZW50IjoiYnVpbGRraXQuZG9ja2VyZmlsZS52MCJ9LHsiY3JlYXRlZCI6IjIwMjQtMDQtMTBUMDY6MjM6MTAuNjUyMjAxMDVaIiwiY3JlYXRlZF9ieSI6IkNPUFkgLS1jaG93bj1jYW1zOmNhbXMgY29uZmlnIC9ldGMvY2FtcyAjIGJ1aWxka2l0IiwiY29tbWVudCI6ImJ1aWxka2l0LmRvY2tlcmZpbGUudjAifSx7ImNyZWF0ZWQiOiIyMDI0LTA0LTEwVDA2OjIzOjEwLjY1MjIwMTA1WiIsImNyZWF0ZWRfYnkiOiJFWFBPU0UgbWFwWzgwODAvdGNwOnt9XSIsImNvbW1lbnQiOiJidWlsZGtpdC5kb2NrZXJmaWxlLnYwIiwiZW1wdHlfbGF5ZXIiOnRydWV9XSwib3MiOiJsaW51eCIsInJvb3RmcyI6eyJ0eXBlIjoibGF5ZXJzIiwiZGlmZl9pZHMiOlsic2hhMjU2OjVmYWY5YzBhOWVmZTQ2NzVlY2QyMWE0ZWM0MTdkNTEwNzdkNWU3NWRhOWU2NzMxNjFhOTRlN2Q2Y2Q0M2Y5MmMiLCJzaGEyNTY6NjFiYjgzNTg1OWFmM2IzNDE4ZDllNTExNWVlMGQwNDIxZDc3MWFmNGI1NzYzNTRjYjQ3ZTQ5MTE4OTg0MTFlNiIsInNoYTI1NjowODlmMTNlODZkNjQ0N2I5MTgyYTIzY2E0ZTM1N2IxM2YwNjcyMDhkYjFiMDRiYTE0Y2FjM2VkYjUxYzJlNmE4Iiwic2hhMjU2OjhhNjk5MmFlMTI3ZDYwM2Q5ODE2YjRhYzhkMWIzYjNmNmIwYmIyOWIxZTY0ZTM4Yzg2MjQ3ODA1ZGU3OTdkY2QiLCJzaGEyNTY6MzFjOTFjYjExOTY4ODNhMDg2MWFhNWYxZDM2M2U2ZTM0MzA3MDQxODcwNGRiNDZlNDdkZjE3MzVlYjk1ZTQ3MyIsInNoYTI1NjoyYWRiNzQ1OTY2NDA4ODJlNzJkMWNmZDU5Njg0ZDFkMzA1M2E0ZWFjY2M4Y2JkNGZmNzY5YTZiYzEwMzczNmQ5Iiwic2hhMjU2OmQzYmQ1ZTdkM2E3NzFlMTEyZWQ1YjBmNjFiZTA1NDY1NGQ4MjhjNTE5OGY2YWVlMjlkYzU3ZmI0N2Y1ZWNlZGUiLCJzaGEyNTY6ZWJlODAxZmNiZTYyZDYyZDViZWUzOTk0NzQzZjNkNTU2ZWNlYTNjNmZjYWM5ZTRlYjljNGIxNTdjZmQ1YzA1ZCIsInNoYTI1Njo1ZjcwYmYxOGEwODYwMDcwMTZlOTQ4YjA0YWVkM2I4MjEwM2EzNmJlYTQxNzU1YjZjZGRmYWYxMGFjZTNjNmVmIiwic2hhMjU2OmNkZjA4MDg2ZGJiNGZmOGU5ZGU3YjU5ODZhNGZlNzIwYTkxYjM1MDg5MzI5ODhhOTkzMWE0NGJjNTk1YzA0NTEiLCJzaGEyNTY6NjJjZWU0NWJmZDhkZTMwMDNhMTc0NWJhNWNjZTgzNjQyOWI5NmZhYjAxNWQ2YzhkMzQ3ZWRiNWZjMmI4ZjUzOCIsInNoYTI1Njo3ZDkzZjc0ZjkwYTU2NmY5MGY2Y2U3MzNlMWYwM2U1OTI3NzBmMGViNTc5ZWJiMzMzOWFjNDM3MzI5MTNkY2Y1Iiwic2hhMjU2OmI2MjZmZTMxMTRkMWFiZDZjNjI5YzVhZGViNzY5ZmUyODExMmUwMjY4MjQyYTFiYzY2NDk3ZWM2YzZmZGRmYzAiLCJzaGEyNTY6ZWNkYzcyMWUwZjBlNDI0NDk1OGZkNmVkNGFhNjU4ZjYwMGY2NmNjNDllOGUyNTg2ODBiYmI4ZjA3ODFiMWVhZSIsInNoYTI1NjpjM2Y3ZDk3MzhkYjZmZTMzYWE0MWUzNTliMzVjY2FkNjdjNTJlOWUxZmUxZDJhYThhZTk4NmE1MmM2M2FiZGJjIiwic2hhMjU2OjVmNzBiZjE4YTA4NjAwNzAxNmU5NDhiMDRhZWQzYjgyMTAzYTM2YmVhNDE3NTViNmNkZGZhZjEwYWNlM2M2ZWYiLCJzaGEyNTY6NDMwNTQ4NzBjNWVlNzljOWM0ODlkYjQyYjA1NGQ4MzJlZDdhZDM4YmI4NWQ3ZDA4NWFlNmQ5ZWQwZmEyMjE5MSIsInNoYTI1Njo1ZjcwYmYxOGEwODYwMDcwMTZlOTQ4YjA0YWVkM2I4MjEwM2EzNmJlYTQxNzU1YjZjZGRmYWYxMGFjZTNjNmVmIiwic2hhMjU2OjYyOTkzMWUxNjU2OGI3MDEyYmM5NGZhOTcxMDg1MzAxZjgyMzk4MTI2OTBmZjI0MjJmY2JmMmEyMjQ3NWViNTciLCJzaGEyNTY6OWZkZDdjMjBmYzA3OTI2NjljZjhlMTZhNzcwYzQwZDk5YzBmYTNiZjc0YjUxNTAwMjcwYjc2MmIxNDIwMDQ3ZCJdfX0=", + "repoDigests": [ + "REDACTED" + ], + "architecture": "amd64", + "os": "linux", + "labels": { + "architecture": "", + "bzcomponent": "REDACTED", + "maintainer": "REDACTED", + "name": "REDACTED", + "org.opencontainers.image.ref.name": "ubuntu", + "org.opencontainers.image.version": "20.04", + "release": "0.150.0", + "version": "0.150.0" + } + } + }, + "distro": { + "name": "ubuntu", + "version": "20.04", + "idLike": [ + "debian" + ] + }, + "descriptor": { + "name": "grype", + "version": "0.75.0", + "configuration": { + "output": [ + "json" + ], + "file": "container-report-linux-amd64.json", + "distro": "", + "add-cpes-if-none": false, + "output-template-file": "", + "check-for-app-update": true, + "only-fixed": false, + "only-notfixed": false, + "ignore-wontfix": "", + "platform": "linux/amd64", + "search": { + "scope": "squashed", + "unindexed-archives": false, + "indexed-archives": true + }, + "ignore": null, + "exclude": [], + "db": { + "cache-dir": "/root/.cache/grype/db", + "update-url": "https://toolbox-data.anchore.io/grype/databases/listing.json", + "ca-cert": "", + "auto-update": true, + "validate-by-hash-on-start": false, + "validate-age": true, + "max-allowed-built-age": 432000000000000, + "update-available-timeout": 30000000000, + "update-download-timeout": 120000000000 + }, + "externalSources": { + "enable": false, + "maven": { + "searchUpstreamBySha1": true, + "baseUrl": "https://search.maven.org/solrsearch/select" + } + }, + "match": { + "java": { + "using-cpes": false + }, + "dotnet": { + "using-cpes": false + }, + "golang": { + "using-cpes": false, + "always-use-cpe-for-stdlib": true + }, + "javascript": { + "using-cpes": false + }, + "python": { + "using-cpes": false + }, + "ruby": { + "using-cpes": false + }, + "rust": { + "using-cpes": false + }, + "stock": { + "using-cpes": true + } + }, + "fail-on-severity": "", + "registry": { + "insecure-skip-tls-verify": false, + "insecure-use-http": false, + "auth": null, + "ca-cert": "" + }, + "show-suppressed": false, + "by-cve": false, + "name": "", + "default-image-pull-source": "", + "vex-documents": [], + "vex-add": [] + }, + "db": { + "built": "2024-04-10T01:25:07Z", + "schemaVersion": 5, + "location": "/root/.cache/grype/db/5", + "checksum": "sha256:bb6e98b144551912bc9f1fe7381ad2b83c8e1d07d0b3a4c341bfea182ae1269c", + "error": null + }, + "timestamp": "2024-04-10T11:05:22.636338786Z" + } +} diff --git a/unittests/scans/n0s1/many_findings.json b/unittests/scans/n0s1/many_findings.json new file mode 100644 index 00000000000..839975ac3a3 --- /dev/null +++ b/unittests/scans/n0s1/many_findings.json @@ -0,0 +1,1375 @@ +{ + "tool": { + "name": "n0s1", + "version": "1.0.30", + "author": "Spark 1 Security", + "scan_arguments": { + "scan_comment": true, + "post_comment": false, + "secret_manager": "a secret manager tool", + "contact_help": "contact@spark1.us", + "label": "n0s1bot_auto_comment_e869dd5fa15ca0749a350aac758c7f56f56ad9be1", + "report_format": "json", + "debug": false, + "show_matched_secret_on_logs": false, + "scan_target": "confluence_scan", + "timeout": null, + "limit": null, + "scan_scope": "" + } + }, + "scan_date": { + "timestamp": 1761751223.023414, + "date_utc": "2025-10-29T15:20:23" + }, + "regex_config": { + "title": "n0s1 config 20231115 v002", + "rules": [ + { + "id": "gitlab_personal_access_token", + "description": "GitLab Personal Access Token", + "regex": "\\bglpat-[0-9a-zA-Z_\\-]{20}\\b", + "tags": [ + "gitlab", + "revocation_type" + ], + "keywords": [ + "glpat" + ] + }, + { + "id": "gitlab_pipeline_trigger_token", + "description": "GitLab Pipeline Trigger Token", + "regex": "\\bglptt-[0-9a-zA-Z_\\-]{20}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "glptt" + ] + }, + { + "id": "gitlab_runner_registration_token", + "description": "GitLab Runner Registration Token", + "regex": "\\bGR1348941[0-9a-zA-Z_\\-]{20}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "GR1348941" + ] + }, + { + "id": "gitlab_runner_auth_token", + "description": "GitLab Runner Authentication Token", + "regex": "\\bglrt-[0-9a-zA-Z_\\-]{20}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "glrt" + ] + }, + { + "id": "gitlab_feed_token", + "description": "GitLab Feed Token", + "regex": "\\bfeed_token=[0-9a-zA-Z_\\-]{20}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "feed_token" + ] + }, + { + "id": "gitlab_oauth_app_secret", + "description": "GitLab OAuth Application Secrets", + "regex": "\\bgloas-[0-9a-zA-Z_\\-]{64}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "gloas" + ] + }, + { + "id": "gitlab_feed_token_v2", + "description": "GitLab Feed token", + "regex": "\\bglft-[0-9a-zA-Z_\\-]{20}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "glft" + ] + }, + { + "id": "gitlab_kubernetes_agent_token", + "description": "GitLab Agent for Kubernetes token", + "regex": "\\bglagent-[0-9a-zA-Z_\\-]{50}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "glagent" + ] + }, + { + "id": "gitlab_incoming_email_token", + "description": "GitLab Incoming email token", + "regex": "\\bglimt-[0-9a-zA-Z_\\-]{25}\\b", + "tags": [ + "gitlab" + ], + "keywords": [ + "glimt" + ] + }, + { + "id": "AWS", + "description": "AWS Access Token", + "regex": "\\bAKIA[0-9A-Z]{16}\\b", + "tags": [ + "aws", + "revocation_type" + ], + "keywords": [ + "AKIA" + ] + }, + { + "id": "PKCS8 private key", + "description": "PKCS8 private key", + "regex": "-----BEGIN PRIVATE KEY-----", + "keywords": [ + "-----BEGIN PRIVATE KEY-----" + ] + }, + { + "id": "RSA private key", + "description": "RSA private key", + "regex": "-----BEGIN RSA PRIVATE KEY-----", + "keywords": [ + "-----BEGIN RSA PRIVATE KEY-----" + ] + }, + { + "id": "SSH private key", + "description": "SSH private key", + "regex": "-----BEGIN OPENSSH PRIVATE KEY-----", + "keywords": [ + "-----BEGIN OPENSSH PRIVATE KEY-----" + ] + }, + { + "id": "PGP private key", + "description": "PGP private key", + "regex": "-----BEGIN PGP PRIVATE KEY BLOCK-----", + "keywords": [ + "-----BEGIN PGP PRIVATE KEY BLOCK-----" + ] + }, + { + "description": "systemd machine-id", + "id": "systemd-machine-id", + "path": "^machine-id$", + "regex": "^[0-9a-f]{32}\\n$", + "entropy": 3.5 + }, + { + "id": "Github Personal Access Token", + "description": "Github Personal Access Token", + "regex": "ghp_[0-9a-zA-Z]{36}", + "keywords": [ + "ghp_" + ] + }, + { + "id": "Github OAuth Access Token", + "description": "Github OAuth Access Token", + "regex": "gho_[0-9a-zA-Z]{36}", + "keywords": [ + "gho_" + ] + }, + { + "id": "SSH (DSA) private key", + "description": "SSH (DSA) private key", + "regex": "-----BEGIN DSA PRIVATE KEY-----", + "keywords": [ + "-----BEGIN DSA PRIVATE KEY-----" + ] + }, + { + "id": "SSH (EC) private key", + "description": "SSH (EC) private key", + "regex": "-----BEGIN EC PRIVATE KEY-----", + "keywords": [ + "-----BEGIN EC PRIVATE KEY-----" + ] + }, + { + "id": "Github App Token", + "description": "Github App Token", + "regex": "(ghu|ghs)_[0-9a-zA-Z]{36}", + "keywords": [ + "ghu_", + "ghs_" + ] + }, + { + "id": "Github Refresh Token", + "description": "Github Refresh Token", + "regex": "ghr_[0-9a-zA-Z]{76}", + "keywords": [ + "ghr_" + ] + }, + { + "id": "Shopify shared secret", + "description": "Shopify shared secret", + "regex": "shpss_[a-fA-F0-9]{32}", + "keywords": [ + "shpss_" + ] + }, + { + "id": "Shopify access token", + "description": "Shopify access token", + "regex": "shpat_[a-fA-F0-9]{32}", + "keywords": [ + "shpat_" + ] + }, + { + "id": "Shopify custom app access token", + "description": "Shopify custom app access token", + "regex": "shpca_[a-fA-F0-9]{32}", + "keywords": [ + "shpca_" + ] + }, + { + "id": "Shopify private app access token", + "description": "Shopify private app access token", + "regex": "shppa_[a-fA-F0-9]{32}", + "keywords": [ + "shppa_" + ] + }, + { + "id": "Slack token", + "description": "Slack token", + "regex": "xox[baprs]-([0-9a-zA-Z]{10,48})?", + "keywords": [ + "xoxb", + "xoxa", + "xoxp", + "xoxr", + "xoxs" + ] + }, + { + "id": "Stripe", + "description": "Stripe", + "regex": "(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}", + "keywords": [ + "sk_test", + "pk_test", + "sk_live", + "pk_live" + ] + }, + { + "id": "PyPI upload token", + "description": "PyPI upload token", + "regex": "pypi-AgEIcHlwaS5vcmc[A-Za-z0-9-_]{50,1000}", + "tags": [ + "pypi", + "revocation_type" + ], + "keywords": [ + "pypi-AgEIcHlwaS5vcmc" + ] + }, + { + "id": "Google (GCP) Service-account", + "description": "Google (GCP) Service-account", + "tags": [ + "gitlab_partner_token", + "revocation_type" + ], + "regex": "\\\"private_key\\\":\\s*\\\"-{5}BEGIN PRIVATE KEY-{5}[\\s\\S]*?\",", + "keywords": [ + "service_account" + ] + }, + { + "id": "GCP API key", + "description": "GCP API keys can be misused to gain API quota from billed projects", + "tags": [ + "gitlab_partner_token", + "revocation_type" + ], + "regex": "(?i)\\b(AIza[0-9A-Za-z-_]{35})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "secretGroup": 1, + "keywords": [ + "AIza" + ] + }, + { + "id": "GCP OAuth client secret", + "description": "GCP OAuth client secrets can be misused to spoof your application", + "tags": [ + "gitlab_partner_token", + "revocation_type" + ], + "regex": "GOCSPX-[a-zA-Z0-9_-]{28}", + "keywords": [ + "GOCSPX-" + ] + }, + { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + { + "id": "Heroku API Key", + "description": "Heroku API Key", + "regex": "(?i)(?:heroku)(?:[0-9a-z\\-_\\t .]{0,20})(?:[\\s|']|[\\s|\"]){0,3}(?:=|>|:=|\\|\\|:|<=|=>|:)(?:'|\\\"|\\s|=|\\x60){0,5}([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})(?:['|\\\"|\\n|\\r|\\s|\\x60]|$)", + "secretGroup": 1, + "keywords": [ + "heroku" + ] + }, + { + "id": "Slack Webhook", + "description": "Slack Webhook", + "regex": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8,12}/[a-zA-Z0-9_]{24}", + "keywords": [ + "https://hooks.slack.com/services" + ] + }, + { + "id": "Twilio API Key", + "description": "Twilio API Key", + "regex": "SK[0-9a-fA-F]{32}", + "keywords": [ + "SK", + "twilio" + ] + }, + { + "id": "Age secret key", + "description": "Age secret key", + "regex": "AGE-SECRET-KEY-1[QPZRY9X8GF2TVDW0S3JN54KHCE6MUA7L]{58}", + "keywords": [ + "AGE-SECRET-KEY-1" + ] + }, + { + "id": "Facebook token", + "description": "Facebook token", + "regex": "(?i)(facebook[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "facebook" + ] + }, + { + "id": "Twitter token", + "description": "Twitter token", + "regex": "(?i)(twitter[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{35,44})['\\\"]", + "secretGroup": 3, + "keywords": [ + "twitter" + ] + }, + { + "id": "Adobe Client ID (Oauth Web)", + "description": "Adobe Client ID (Oauth Web)", + "regex": "(?i)(adobe[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "adobe" + ] + }, + { + "id": "Adobe Client Secret", + "description": "Adobe Client Secret", + "regex": "(p8e-)(?i)[a-z0-9]{32}", + "keywords": [ + "adobe", + "p8e-," + ] + }, + { + "id": "Alibaba AccessKey ID", + "description": "Alibaba AccessKey ID", + "regex": "(LTAI)(?i)[a-z0-9]{20}", + "keywords": [ + "LTAI" + ] + }, + { + "id": "Alibaba Secret Key", + "description": "Alibaba Secret Key", + "regex": "(?i)(alibaba[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{30})['\\\"]", + "secretGroup": 3, + "keywords": [ + "alibaba" + ] + }, + { + "id": "Asana Client ID", + "description": "Asana Client ID", + "regex": "(?i)(asana[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([0-9]{16})['\\\"]", + "secretGroup": 3, + "keywords": [ + "asana" + ] + }, + { + "id": "Asana Client Secret", + "description": "Asana Client Secret", + "regex": "(?i)(asana[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "asana" + ] + }, + { + "id": "Atlassian API token", + "description": "Atlassian API token", + "regex": "(?i)(atlassian[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{24})['\\\"]", + "secretGroup": 3, + "keywords": [ + "atlassian" + ] + }, + { + "id": "Bitbucket client ID", + "description": "Bitbucket client ID", + "regex": "(?i)(bitbucket[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "bitbucket" + ] + }, + { + "id": "Bitbucket client secret", + "description": "Bitbucket client secret", + "regex": "(?i)(bitbucket[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9_\\-]{64})['\\\"]", + "secretGroup": 3, + "keywords": [ + "bitbucket" + ] + }, + { + "id": "Beamer API token", + "description": "Beamer API token", + "regex": "(?i)(beamer[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](b_[a-z0-9=_\\-]{44})['\\\"]", + "secretGroup": 3, + "keywords": [ + "beamer" + ] + }, + { + "id": "Clojars API token", + "description": "Clojars API token", + "regex": "(CLOJARS_)(?i)[a-z0-9]{60}", + "keywords": [ + "CLOJARS_" + ] + }, + { + "id": "Contentful delivery API token", + "description": "Contentful delivery API token", + "regex": "(?i)(contentful[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9\\-=_]{43})['\\\"]", + "secretGroup": 3, + "keywords": [ + "contentful" + ] + }, + { + "id": "Contentful preview API token", + "description": "Contentful preview API token", + "regex": "(?i)(contentful[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9\\-=_]{43})['\\\"]", + "secretGroup": 3, + "keywords": [ + "contentful" + ] + }, + { + "id": "Databricks API token", + "description": "Databricks API token", + "regex": "dapi[a-h0-9]{32}", + "keywords": [ + "dapi", + "databricks" + ] + }, + { + "description": "DigitalOcean OAuth Access Token", + "id": "digitalocean-access-token", + "regex": "(?i)\\b(doo_v1_[a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "secretGroup": 1, + "keywords": [ + "doo_v1_" + ] + }, + { + "description": "DigitalOcean Personal Access Token", + "id": "digitalocean-pat", + "regex": "(?i)\\b(dop_v1_[a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "secretGroup": 1, + "keywords": [ + "dop_v1_" + ] + }, + { + "description": "DigitalOcean OAuth Refresh Token", + "id": "digitalocean-refresh-token", + "regex": "(?i)\\b(dor_v1_[a-f0-9]{64})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "secretGroup": 1, + "keywords": [ + "dor_v1_" + ] + }, + { + "id": "Discord API key", + "description": "Discord API key", + "regex": "(?i)(discord[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{64})['\\\"]", + "secretGroup": 3, + "keywords": [ + "discord" + ] + }, + { + "id": "Discord client ID", + "description": "Discord client ID", + "regex": "(?i)(discord[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([0-9]{18})['\\\"]", + "secretGroup": 3, + "keywords": [ + "discord" + ] + }, + { + "id": "Discord client secret", + "description": "Discord client secret", + "regex": "(?i)(discord[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9=_\\-]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "discord" + ] + }, + { + "id": "Doppler API token", + "description": "Doppler API token", + "regex": "['\\\"](dp\\.pt\\.)(?i)[a-z0-9]{43}['\\\"]", + "keywords": [ + "doppler" + ] + }, + { + "id": "Dropbox API secret/key", + "description": "Dropbox API secret/key", + "regex": "(?i)(dropbox[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{15})['\\\"]", + "keywords": [ + "dropbox" + ] + }, + { + "id": "Dropbox short lived API token", + "description": "Dropbox short lived API token", + "regex": "(?i)(dropbox[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](sl\\.[a-z0-9\\-=_]{135})['\\\"]", + "keywords": [ + "dropbox" + ] + }, + { + "id": "Dropbox long lived API token", + "description": "Dropbox long lived API token", + "regex": "(?i)(dropbox[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"][a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\\-_=]{43}['\\\"]", + "keywords": [ + "dropbox" + ] + }, + { + "id": "Duffel API token", + "description": "Duffel API token", + "regex": "['\\\"]duffel_(test|live)_(?i)[a-z0-9_-]{43}['\\\"]", + "keywords": [ + "duffel" + ] + }, + { + "id": "Dynatrace API token", + "description": "Dynatrace API token", + "regex": "['\\\"]dt0c01\\.(?i)[a-z0-9]{24}\\.[a-z0-9]{64}['\\\"]", + "keywords": [ + "dt0c01" + ] + }, + { + "id": "EasyPost API token", + "description": "EasyPost API token", + "regex": "['\\\"]EZAK(?i)[a-z0-9]{54}['\\\"]", + "keywords": [ + "EZAK" + ] + }, + { + "id": "EasyPost test API token", + "description": "EasyPost test API token", + "regex": "['\\\"]EZTK(?i)[a-z0-9]{54}['\\\"]", + "keywords": [ + "EZTK" + ] + }, + { + "id": "Fastly API token", + "description": "Fastly API token", + "regex": "(?i)(fastly[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9\\-=_]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "fastly" + ] + }, + { + "id": "Finicity client secret", + "description": "Finicity client secret", + "regex": "(?i)(finicity[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{20})['\\\"]", + "secretGroup": 3, + "keywords": [ + "finicity" + ] + }, + { + "id": "Finicity API token", + "description": "Finicity API token", + "regex": "(?i)(finicity[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "finicity" + ] + }, + { + "id": "Flutterwave public key", + "description": "Flutterwave public key", + "regex": "FLWPUBK_TEST-(?i)[a-h0-9]{32}-X", + "keywords": [ + "FLWPUBK_TEST" + ] + }, + { + "id": "Flutterwave secret key", + "description": "Flutterwave secret key", + "regex": "FLWSECK_TEST-(?i)[a-h0-9]{32}-X", + "keywords": [ + "FLWSECK_TEST" + ] + }, + { + "id": "Flutterwave encrypted key", + "description": "Flutterwave encrypted key", + "regex": "FLWSECK_TEST[a-h0-9]{12}", + "keywords": [ + "FLWSECK_TEST" + ] + }, + { + "id": "Frame.io API token", + "description": "Frame.io API token", + "regex": "fio-u-(?i)[a-z0-9-_=]{64}", + "keywords": [ + "fio-u-" + ] + }, + { + "id": "GoCardless API token", + "description": "GoCardless API token", + "regex": "['\\\"]live_(?i)[a-z0-9-_=]{40}['\\\"]", + "keywords": [ + "gocardless" + ] + }, + { + "id": "Grafana API token", + "description": "Grafana API token", + "regex": "['\\\"]eyJrIjoi(?i)[a-z0-9-_=]{72,92}['\\\"]", + "keywords": [ + "grafana" + ] + }, + { + "id": "Hashicorp Terraform user/org API token", + "description": "Hashicorp Terraform user/org API token", + "regex": "['\\\"](?i)[a-z0-9]{14}\\.atlasv1\\.[a-z0-9-_=]{60,70}['\\\"]", + "keywords": [ + "atlasv1", + "hashicorp", + "terraform" + ] + }, + { + "id": "Hashicorp Vault batch token", + "description": "Hashicorp Vault batch token", + "regex": "b\\.AAAAAQ[0-9a-zA-Z_-]{156}", + "keywords": [ + "hashicorp", + "AAAAAQ", + "vault" + ] + }, + { + "id": "Hubspot API token", + "description": "Hubspot API token", + "regex": "(?i)(hubspot[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\\\"]", + "secretGroup": 3, + "keywords": [ + "hubspot" + ] + }, + { + "id": "Intercom API token", + "description": "Intercom API token", + "regex": "(?i)(intercom[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9=_]{60})['\\\"]", + "secretGroup": 3, + "keywords": [ + "intercom" + ] + }, + { + "id": "Intercom client secret/ID", + "description": "Intercom client secret/ID", + "regex": "(?i)(intercom[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\\\"]", + "secretGroup": 3, + "keywords": [ + "intercom" + ] + }, + { + "id": "Ionic API token", + "description": "Ionic API token", + "regex": "ion_(?i)[a-z0-9]{42}", + "keywords": [ + "ion_" + ] + }, + { + "id": "Linear API token", + "description": "Linear API token", + "regex": "lin_api_(?i)[a-z0-9]{40}", + "keywords": [ + "lin_api_" + ] + }, + { + "id": "Linear client secret/ID", + "description": "Linear client secret/ID", + "regex": "(?i)(linear[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "linear" + ] + }, + { + "id": "Lob API Key", + "description": "Lob API Key", + "regex": "(?i)(lob[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]((live|test)_[a-f0-9]{35})['\\\"]", + "secretGroup": 3, + "keywords": [ + "lob" + ] + }, + { + "id": "Lob Publishable API Key", + "description": "Lob Publishable API Key", + "regex": "(?i)(lob[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]((test|live)_pub_[a-f0-9]{31})['\\\"]", + "secretGroup": 3, + "keywords": [ + "lob" + ] + }, + { + "id": "Mailchimp API key", + "description": "Mailchimp API key", + "regex": "(?i)(mailchimp[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-f0-9]{32}-us20)['\\\"]", + "secretGroup": 3, + "keywords": [ + "mailchimp" + ] + }, + { + "id": "Mailgun private API token", + "description": "Mailgun private API token", + "regex": "(?i)(mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](key-[a-f0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "mailgun" + ] + }, + { + "id": "Mailgun public validation key", + "description": "Mailgun public validation key", + "regex": "(?i)(mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"](pubkey-[a-f0-9]{32})['\\\"]", + "secretGroup": 3, + "keywords": [ + "mailgun" + ] + }, + { + "id": "Mailgun webhook signing key", + "description": "Mailgun webhook signing key", + "regex": "(?i)(mailgun[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{32}-[a-h0-9]{8}-[a-h0-9]{8})['\\\"]", + "secretGroup": 3, + "keywords": [ + "mailgun" + ] + }, + { + "id": "Mapbox API token", + "description": "Mapbox API token", + "regex": "(?i)(pk\\.[a-z0-9]{60}\\.[a-z0-9]{22})", + "keywords": [ + "mapbox" + ] + }, + { + "id": "messagebird-api-token", + "description": "MessageBird API token", + "regex": "(?i)(messagebird[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{25})['\\\"]", + "secretGroup": 3, + "keywords": [ + "messagebird" + ] + }, + { + "id": "MessageBird API client ID", + "description": "MessageBird API client ID", + "regex": "(?i)(messagebird[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-h0-9]{8}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{4}-[a-h0-9]{12})['\\\"]", + "secretGroup": 3, + "keywords": [ + "messagebird" + ] + }, + { + "id": "New Relic user API Key", + "description": "New Relic user API Key", + "regex": "['\\\"](NRAK-[A-Z0-9]{27})['\\\"]", + "keywords": [ + "NRAK" + ] + }, + { + "id": "New Relic user API ID", + "description": "New Relic user API ID", + "regex": "(?i)(newrelic[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([A-Z0-9]{64})['\\\"]", + "secretGroup": 3, + "keywords": [ + "newrelic" + ] + }, + { + "id": "New Relic ingest browser API token", + "description": "New Relic ingest browser API token", + "regex": "['\\\"](NRJS-[a-f0-9]{19})['\\\"]", + "keywords": [ + "NRJS" + ] + }, + { + "id": "npm access token", + "description": "npm access token", + "regex": "['\\\"](npm_(?i)[a-z0-9]{36})['\\\"]", + "keywords": [ + "npm_" + ] + }, + { + "id": "Planetscale password", + "description": "Planetscale password", + "regex": "pscale_pw_(?i)[a-z0-9\\-_\\.]{43}", + "keywords": [ + "pscale_pw_" + ] + }, + { + "id": "Planetscale API token", + "description": "Planetscale API token", + "regex": "pscale_tkn_(?i)[a-z0-9\\-_\\.]{43}", + "keywords": [ + "pscale_tkn_" + ] + }, + { + "id": "Postman API token", + "description": "Postman API token", + "regex": "PMAK-(?i)[a-f0-9]{24}\\-[a-f0-9]{34}", + "keywords": [ + "PMAK-" + ] + }, + { + "id": "Pulumi API token", + "description": "Pulumi API token", + "regex": "pul-[a-f0-9]{40}", + "keywords": [ + "pul-" + ] + }, + { + "id": "Rubygem API token", + "description": "Rubygem API token", + "regex": "rubygems_[a-f0-9]{48}", + "keywords": [ + "rubygems_" + ] + }, + { + "id": "Segment Public API token", + "description": "Segment Public API token", + "regex": "sgp_[a-zA-Z0-9]{64}", + "keywords": [ + "sgp_" + ] + }, + { + "id": "Sendgrid API token", + "description": "Sendgrid API token", + "regex": "SG\\.(?i)[a-z0-9_\\-\\.]{66}", + "keywords": [ + "sendgrid" + ] + }, + { + "id": "Sendinblue API token", + "description": "Sendinblue API token", + "regex": "xkeysib-[a-f0-9]{64}\\-(?i)[a-z0-9]{16}", + "keywords": [ + "xkeysib-" + ] + }, + { + "id": "Sendinblue SMTP token", + "description": "Sendinblue SMTP token", + "regex": "xsmtpsib-[a-f0-9]{64}\\-(?i)[a-z0-9]{16}", + "keywords": [ + "xsmtpsib-" + ] + }, + { + "id": "Shippo API token", + "description": "Shippo API token", + "regex": "shippo_(live|test)_[a-f0-9]{40}", + "keywords": [ + "shippo_" + ] + }, + { + "id": "Linkedin Client secret", + "description": "Linkedin Client secret", + "regex": "(?i)(linkedin[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z]{16})['\\\"]", + "secretGroup": 3, + "keywords": [ + "linkedin" + ] + }, + { + "id": "Linkedin Client ID", + "description": "Linkedin Client ID", + "regex": "(?i)(linkedin[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{14})['\\\"]", + "secretGroup": 3, + "keywords": [ + "linkedin" + ] + }, + { + "id": "Twitch API token", + "description": "Twitch API token", + "regex": "(?i)(twitch[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}['\\\"]([a-z0-9]{30})['\\\"]", + "secretGroup": 3, + "keywords": [ + "twitch" + ] + }, + { + "id": "Typeform API token", + "description": "Typeform API token", + "regex": "(?i)(typeform[a-z0-9_ .\\-,]{0,25})(=|>|:=|\\|\\|:|<=|=>|:).{0,5}(tfp_[a-z0-9\\-_\\.=]{59})", + "secretGroup": 3, + "keywords": [ + "typeform" + ] + }, + { + "id": "Yandex.Cloud IAM Cookie v1 - 1", + "description": "Yandex.Cloud IAM Cookie v1", + "regex": "\\bc1\\.[A-Z0-9a-z_-]+[=]{0,2}\\.[A-Z0-9a-z_-]{86}[=]{0,2}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "yandex" + ] + }, + { + "id": "Yandex.Cloud IAM Cookie v1 - 2", + "description": "Yandex.Cloud IAM Token v1", + "regex": "\\bt1\\.[A-Z0-9a-z_-]+[=]{0,2}\\.[A-Z0-9a-z_-]{86}[=]{0,2}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "yandex" + ] + }, + { + "id": "Yandex.Cloud IAM Cookie v1 - 3", + "description": "Yandex.Cloud IAM API key v1", + "regex": "\\bAQVN[A-Za-z0-9_\\-]{35,38}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "yandex" + ] + }, + { + "id": "Yandex.Cloud AWS API compatible Access Secret", + "description": "Yandex.Cloud AWS API compatible Access Secret", + "regex": "\\bYC[a-zA-Z0-9_\\-]{38}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "yandex" + ] + }, + { + "id": "Meta access token", + "description": "Meta access token", + "regex": "\\bEA[a-zA-Z0-9]{90,400}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "EA" + ] + }, + { + "id": "Oculus access token", + "description": "Oculus access token", + "regex": "\\bOC[a-zA-Z0-9]{90,400}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "OC" + ] + }, + { + "id": "Instagram access token", + "description": "Instagram access token", + "regex": "\\bIG[a-zA-Z0-9]{90,400}['|\\\"|\\n|\\r|\\s|\\x60]", + "keywords": [ + "IG" + ] + }, + { + "id": "CircleCI access tokens", + "description": "CircleCI access tokens", + "regex": "\\bCCI(?:PAT|PRJ)_[a-zA-Z0-9]{22}_[a-f0-9]{40}", + "keywords": [ + "CircleCI" + ] + }, + { + "description": "Open AI API key", + "id": "open ai token", + "regex": "\\bsk-[a-zA-Z0-9]{48}\\b", + "keywords": [ + "sk-" + ] + }, + { + "id": "Tailscale key", + "description": "Tailscale keys", + "regex": "\\btskey-\\w+-\\w+-\\w+\\b", + "keywords": [ + "tskey-" + ] + } + ] + }, + "findings": { + "49757d656e182f9732f85b94d8131b351dc7cddcf4038b338064af51450986f1": { + "id": "49757d656e182f9732f85b94d8131b351dc7cddcf4038b338064af51450986f1", + "url": "https://testing.atlassian.net/wiki/spaces/CS/pages/19968862/007-3.3+Configuration", + "secret": "##\naws.access.keyId=\naws.access.secretKe", + "details": { + "matched_regex_config": { + "id": "AWS", + "description": "AWS Access Token", + "regex": "\\bAKIA[0-9A-Z]{16}\\b", + "tags": [ + "aws", + "revocation_type" + ], + "keywords": [ + "AKIA" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "05610c1c48395ed79b7b4b4dbce7407a4bfb8bdbb8d3edce785d172ac2a68e18": { + "id": "05610c1c48395ed79b7b4b4dbce7407a4bfb8bdbb8d3edce785d172ac2a68e18", + "url": "https://testing.atlassian.net/wiki/spaces/DAT/pages/25002228/Atlas+DB+Connector", + "secret": "ostgres url\n\nurl = \"\nengine = sqlalchemy", + "details": { + "matched_regex_config": { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "d2e4247f2926ba8fec40a059cca536748af3c2011fce265f0f15e5cfd9bb552b": { + "id": "d2e4247f2926ba8fec40a059cca536748af3c2011fce265f0f15e5cfd9bb552b", + "url": "https://testing.atlassian.net/wiki/spaces/DS/pages/21540885/Safeguard+-+other+DB+engines+for+the+audio+hashes", + "secret": "ONNECTION_STRING = '\nclient = MongoClien", + "details": { + "matched_regex_config": { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "bf2e6402fd0d051f87682f0fd2c83fc30737c17657f436ba6c8ce2508af6f623": { + "id": "bf2e6402fd0d051f87682f0fd2c83fc30737c17657f436ba6c8ce2508af6f623", + "url": "https://testing.atlassian.net/wiki/spaces/DMP/pages/1288474/SSH+Tunnel+to+Cloud+SQL", + "secret": "hemy.create_engine('\n\tSession = sessionm", + "details": { + "matched_regex_config": { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "e1343d4d60f2a5eb87ec4472c331c7c2ef7da737b0376bd199067fc4377b5e0c": { + "id": "e1343d4d60f2a5eb87ec4472c331c7c2ef7da737b0376bd199067fc4377b5e0c", + "url": "https://testing.atlassian.net/wiki/spaces/PROBILLER/pages/29948310/Adding+a+new+support+site+BE", + "secret": "olspan=\"1\">>\"\n\t}\n}]]>"
      &", + "details": { + "matched_regex_config": { + "id": "Stripe", + "description": "Stripe", + "regex": "(?i)(sk|pk)_(test|live)_[0-9a-z]{10,32}", + "keywords": [ + "sk_test", + "pk_test", + "sk_live", + "pk_live" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "8e01b92cb297f9b6041964559ddeed1bcfe61599310dab067f2f09fb7531281b": { + "id": "8e01b92cb297f9b6041964559ddeed1bcfe61599310dab067f2f09fb7531281b", + "url": "https://testing.atlassian.net/wiki/spaces/PROBILLER/pages/30154330/TODO+NOTE+FOR+Request", + "secret": "olspan=\"1\">    o\\nMIIEvgIBADANBgkqhk", + "details": { + "matched_regex_config": { + "id": "PKCS8 private key", + "description": "PKCS8 private key", + "regex": "-----BEGIN PRIVATE KEY-----", + "keywords": [ + "-----BEGIN PRIVATE KEY-----" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "8c6469ccd4deab89a9f6c6317f84c7deec651210136c3d0462cae45808224e88": { + "id": "8c6469ccd4deab89a9f6c6317f84c7deec651210136c3d0462cae45808224e88", + "url": "https://testing.atlassian.net/wiki/spaces/PROBILLER/pages/30154387/List+of+Google+Experiments", + "secret": "te_key": "\\nMIIEvgIBADANBgkqhk", + "details": { + "matched_regex_config": { + "id": "PKCS8 private key", + "description": "PKCS8 private key", + "regex": "-----BEGIN PRIVATE KEY-----", + "keywords": [ + "-----BEGIN PRIVATE KEY-----" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "db44576aaaf05a1dd3337c4c55739d1c981346b4745615814f2543575a7e0a4f": { + "id": "db44576aaaf05a1dd3337c4c55739d1c981346b4745615814f2543575a7e0a4f", + "url": "https://testing.atlassian.net/wiki/spaces/INFSEC/pages/43549424/Legal+Workflows", + "secret": "xy_auth = 'otating.proxyrack.ne", + "details": { + "matched_regex_config": { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "95313351d245a509fdceca3c8c0b7549d078f915c75bfc423cab13c706ba0006": { + "id": "95313351d245a509fdceca3c8c0b7549d078f915c75bfc423cab13c706ba0006", + "url": "https://testing.atlassian.net/wiki/spaces/MGNUT/pages/23112821/Postman", + "secret": "-header 'X-Api-Key: '

    2. Base", + "details": { + "matched_regex_config": { + "id": "Postman API token", + "description": "Postman API token", + "regex": "PMAK-(?i)[a-f0-9]{24}\\-[a-f0-9]{34}", + "keywords": [ + "PMAK-" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "f98f3c10baeb90fed6e138c82b697c99d7c89dbf30958b4ad971da89b8fd13df": { + "id": "f98f3c10baeb90fed6e138c82b697c99d7c89dbf30958b4ad971da89b8fd13df", + "url": "https://testing.atlassian.net/wiki/spaces/mobi/pages/15569913/Useful+commands", + "secret": "[CDATA[curl -IL -x \"\n\nOR\n\ncurl -IL -x vi", + "details": { + "matched_regex_config": { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "3a07f81938c833cf5ba2af471965a5204343cb2013371a5a897fd9298e37ad65": { + "id": "3a07f81938c833cf5ba2af471965a5204343cb2013371a5a897fd9298e37ad65", + "url": "https://testing.atlassian.net/wiki/spaces/NIC/pages/7604505/Distributions+Environments", + "secret": " \"current_key\": \"\n }\n ],\n", + "details": { + "matched_regex_config": { + "id": "GCP API key", + "description": "GCP API keys can be misused to gain API quota from billed projects", + "tags": [ + "gitlab_partner_token", + "revocation_type" + ], + "regex": "(?i)\\b(AIza[0-9A-Za-z-_]{35})(?:['|\\\"|\\n|\\r|\\s|\\x60|;]|$)", + "secretGroup": 1, + "keywords": [ + "AIza" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "b9dcabfcbfada43276938c2a20cfc6850f66b03c8dba12ed23e1bb04a57f9e2c": { + "id": "b9dcabfcbfada43276938c2a20cfc6850f66b03c8dba12ed23e1bb04a57f9e2c", + "url": "https://testing.atlassian.net/wiki/spaces/NIC/pages/7663554/Compliance+Operations", + "secret": "56&X-Amz-Credential=%2F20210713%2Fus-eas", + "details": { + "matched_regex_config": { + "id": "AWS", + "description": "AWS Access Token", + "regex": "\\bAKIA[0-9A-Z]{16}\\b", + "tags": [ + "aws", + "revocation_type" + ], + "keywords": [ + "AKIA" + ] + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "f052f9155e7489bf779a45ec416e5d23a4c63e26ea5527486290b1ea29cffa65": { + "id": "f052f9155e7489bf779a45ec416e5d23a4c63e26ea5527486290b1ea29cffa65", + "url": "https://testing.atlassian.net/wiki/spaces/paysites/pages/30531725/Cron+Job+List", + "secret": "et -m -r -np -t inf \ncd /home/dbimport/2", + "details": { + "matched_regex_config": { + "id": "Password in URL", + "description": "Password in URL", + "regex": "[a-zA-Z]{3,10}:\\/\\/[^$][^:@\\/\\n]{3,20}:[^$][^:@\\n\\/]{3,40}@.{1,100}" + }, + "platform": "Confluence", + "ticket_field": "description" + } + }, + "f7d257a57274f1aaa0418ea694fd2b3784b34f8b5d0fb797a9c2f1a1297388ce": { + "id": "f7d257a57274f1aaa0418ea694fd2b3784b34f8b5d0fb797a9c2f1a1297388ce", + "url": "https://testing.atlassian.net/wiki/spaces/PE/pages/41207424/Troubleshooting", + "secret": "e contained within '' and '-----END PRIV", + "details": { + "matched_regex_config": { + "id": "PKCS8 private key", + "description": "PKCS8 private key", + "regex": "-----BEGIN PRIVATE KEY-----", + "keywords": [ + "-----BEGIN PRIVATE KEY-----" + ] + }, + "platform": "Confluence", + "ticket_field": "comments" + } + } + } +} \ No newline at end of file diff --git a/unittests/test_duplication_loops.py b/unittests/test_duplication_loops.py index d85e52e1046..9a84024e560 100644 --- a/unittests/test_duplication_loops.py +++ b/unittests/test_duplication_loops.py @@ -3,9 +3,9 @@ from crum import impersonate from django.test.utils import override_settings +from dojo.finding.deduplication import set_duplicate from dojo.management.commands.fix_loop_duplicates import fix_loop_duplicates from dojo.models import Engagement, Finding, Product, User, copy_model_util -from dojo.utils import set_duplicate from .dojo_test_case import DojoTestCase diff --git a/unittests/test_import_reimport.py b/unittests/test_import_reimport.py index e3130cc7efc..2f71c720e02 100644 --- a/unittests/test_import_reimport.py +++ b/unittests/test_import_reimport.py @@ -100,6 +100,8 @@ def __init__(self, *args, **kwargs): self.scan_type_gitlab_dast = "GitLab DAST Report" self.anchore_grype_file_name = get_unit_tests_scans_path("anchore_grype") / "check_all_fields.json" + self.anchore_grype_file_name_fix_not_available = get_unit_tests_scans_path("anchore_grype") / "fix_not_available.json" + self.anchore_grype_file_name_fix_available = get_unit_tests_scans_path("anchore_grype") / "fix_available.json" self.anchore_grype_scan_type = "Anchore Grype" self.checkmarx_one_open_and_false_positive = get_unit_tests_scans_path("checkmarx_one") / "one-open-one-false-positive.json" @@ -1691,6 +1693,30 @@ def test_import_reimport_vulnerability_ids(self): self.assertEqual("GHSA-v6rh-hp5x-86rv", findings[3].vulnerability_ids[0]) self.assertEqual("CVE-2021-44420", findings[3].vulnerability_ids[1]) + def test_import_reimport_fix_available(self): + import0 = self.import_scan_with_params(self.anchore_grype_file_name_fix_not_available, scan_type=self.anchore_grype_scan_type) + test_id = import0["test"] + test = Test.objects.get(id=test_id) + findings = Finding.objects.filter(test=test) + self.assertEqual(1, len(findings)) + self.assertEqual(False, findings[0].fix_available) + self.assertEqual(None, findings[0].fix_version) + + test_type = Test_Type.objects.get(name=self.anchore_grype_scan_type) + reimport_test = Test( + engagement=test.engagement, + test_type=test_type, + scan_type=self.anchore_grype_scan_type, + target_start=datetime.now(timezone.get_current_timezone()), + target_end=datetime.now(timezone.get_current_timezone()), + ) + reimport_test.save() + self.reimport_scan_with_params(reimport_test.id, self.anchore_grype_file_name_fix_available, scan_type=self.anchore_grype_scan_type) + findings = Finding.objects.filter(test=reimport_test) + self.assertEqual(1, len(findings)) + self.assertEqual(True, findings[0].fix_available) + self.assertEqual("1.2.3", findings[0].fix_version) + def test_import_history_reactivated_and_untouched_findings_do_not_mix(self): import0 = self.import_scan_with_params(self.generic_import_1, scan_type=self.scan_type_generic) test_id = import0["test"] diff --git a/unittests/test_importers_performance.py b/unittests/test_importers_performance.py index c6d8652635f..9da777ccecc 100644 --- a/unittests/test_importers_performance.py +++ b/unittests/test_importers_performance.py @@ -176,11 +176,11 @@ def test_import_reimport_reimport_performance_async(self): self._import_reimport_performance( expected_num_queries1=340, - expected_num_async_tasks1=10, + expected_num_async_tasks1=7, expected_num_queries2=288, - expected_num_async_tasks2=22, + expected_num_async_tasks2=18, expected_num_queries3=175, - expected_num_async_tasks3=20, + expected_num_async_tasks3=17, ) @override_settings(ENABLE_AUDITLOG=True, AUDITLOG_TYPE="django-pghistory") @@ -194,11 +194,11 @@ def test_import_reimport_reimport_performance_pghistory_async(self): self._import_reimport_performance( expected_num_queries1=306, - expected_num_async_tasks1=10, + expected_num_async_tasks1=7, expected_num_queries2=281, - expected_num_async_tasks2=22, + expected_num_async_tasks2=18, expected_num_queries3=170, - expected_num_async_tasks3=20, + expected_num_async_tasks3=17, ) @override_settings(ENABLE_AUDITLOG=True, AUDITLOG_TYPE="django-auditlog") @@ -217,12 +217,12 @@ def test_import_reimport_reimport_performance_no_async(self): testuser.usercontactinfo.block_execution = True testuser.usercontactinfo.save() self._import_reimport_performance( - expected_num_queries1=350, - expected_num_async_tasks1=10, - expected_num_queries2=305, - expected_num_async_tasks2=22, - expected_num_queries3=190, - expected_num_async_tasks3=20, + expected_num_queries1=345, + expected_num_async_tasks1=6, + expected_num_queries2=293, + expected_num_async_tasks2=17, + expected_num_queries3=180, + expected_num_async_tasks3=16, ) @override_settings(ENABLE_AUDITLOG=True, AUDITLOG_TYPE="django-pghistory") @@ -239,12 +239,12 @@ def test_import_reimport_reimport_performance_pghistory_no_async(self): testuser.usercontactinfo.save() self._import_reimport_performance( - expected_num_queries1=316, - expected_num_async_tasks1=10, - expected_num_queries2=298, - expected_num_async_tasks2=22, - expected_num_queries3=185, - expected_num_async_tasks3=20, + expected_num_queries1=311, + expected_num_async_tasks1=6, + expected_num_queries2=286, + expected_num_async_tasks2=17, + expected_num_queries3=175, + expected_num_async_tasks3=16, ) @override_settings(ENABLE_AUDITLOG=True, AUDITLOG_TYPE="django-auditlog") @@ -265,12 +265,12 @@ def test_import_reimport_reimport_performance_no_async_with_product_grading(self self.system_settings(enable_product_grade=True) self._import_reimport_performance( - expected_num_queries1=351, - expected_num_async_tasks1=11, - expected_num_queries2=306, - expected_num_async_tasks2=23, - expected_num_queries3=191, - expected_num_async_tasks3=21, + expected_num_queries1=347, + expected_num_async_tasks1=8, + expected_num_queries2=295, + expected_num_async_tasks2=19, + expected_num_queries3=182, + expected_num_async_tasks3=18, ) @override_settings(ENABLE_AUDITLOG=True, AUDITLOG_TYPE="django-pghistory") @@ -288,12 +288,12 @@ def test_import_reimport_reimport_performance_pghistory_no_async_with_product_gr self.system_settings(enable_product_grade=True) self._import_reimport_performance( - expected_num_queries1=317, - expected_num_async_tasks1=11, - expected_num_queries2=299, - expected_num_async_tasks2=23, - expected_num_queries3=186, - expected_num_async_tasks3=21, + expected_num_queries1=313, + expected_num_async_tasks1=8, + expected_num_queries2=288, + expected_num_async_tasks2=19, + expected_num_queries3=177, + expected_num_async_tasks3=18, ) # Deduplication is enabled in the tests above, but to properly test it we must run the same import twice and capture the results. @@ -412,9 +412,9 @@ def test_deduplication_performance_async(self): self._deduplication_performance( expected_num_queries1=311, - expected_num_async_tasks1=12, + expected_num_async_tasks1=8, expected_num_queries2=204, - expected_num_async_tasks2=12, + expected_num_async_tasks2=8, check_duplicates=False, # Async mode - deduplication happens later ) @@ -429,9 +429,9 @@ def test_deduplication_performance_pghistory_async(self): self._deduplication_performance( expected_num_queries1=275, - expected_num_async_tasks1=12, + expected_num_async_tasks1=8, expected_num_queries2=185, - expected_num_async_tasks2=12, + expected_num_async_tasks2=8, check_duplicates=False, # Async mode - deduplication happens later ) @@ -449,10 +449,10 @@ def test_deduplication_performance_no_async(self): testuser.usercontactinfo.save() self._deduplication_performance( - expected_num_queries1=323, - expected_num_async_tasks1=12, - expected_num_queries2=318, - expected_num_async_tasks2=12, + expected_num_queries1=316, + expected_num_async_tasks1=7, + expected_num_queries2=287, + expected_num_async_tasks2=7, ) @override_settings(ENABLE_AUDITLOG=True, AUDITLOG_TYPE="django-pghistory") @@ -469,8 +469,8 @@ def test_deduplication_performance_pghistory_no_async(self): testuser.usercontactinfo.save() self._deduplication_performance( - expected_num_queries1=287, - expected_num_async_tasks1=12, - expected_num_queries2=281, - expected_num_async_tasks2=12, + expected_num_queries1=280, + expected_num_async_tasks1=7, + expected_num_queries2=250, + expected_num_async_tasks2=7, ) diff --git a/unittests/test_utils_deduplication_reopen.py b/unittests/test_utils_deduplication_reopen.py index a7e72ede118..2981222d591 100644 --- a/unittests/test_utils_deduplication_reopen.py +++ b/unittests/test_utils_deduplication_reopen.py @@ -1,9 +1,9 @@ import datetime import logging +from dojo.finding.deduplication import set_duplicate from dojo.management.commands.fix_loop_duplicates import fix_loop_duplicates from dojo.models import Finding, copy_model_util -from dojo.utils import set_duplicate from .dojo_test_case import DojoTestCase diff --git a/unittests/tools/test_anchore_grype_parser.py b/unittests/tools/test_anchore_grype_parser.py index 362fb63a5f7..44239da61f0 100644 --- a/unittests/tools/test_anchore_grype_parser.py +++ b/unittests/tools/test_anchore_grype_parser.py @@ -266,6 +266,22 @@ def test_grype_issue_9618(self): findings = parser.get_findings(testfile, Test()) self.assertEqual(35, len(findings)) + def test_grype_fix_not_available(self): + with (get_unit_tests_scans_path("anchore_grype") / "fix_not_available.json").open(encoding="utf-8") as testfile: + parser = AnchoreGrypeParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + self.assertEqual(findings[0].fix_available, False) + self.assertEqual(findings[0].fix_version, None) + + def test_grype_fix_available(self): + with (get_unit_tests_scans_path("anchore_grype") / "fix_available.json").open(encoding="utf-8") as testfile: + parser = AnchoreGrypeParser() + findings = parser.get_findings(testfile, Test()) + self.assertEqual(1, len(findings)) + self.assertEqual(findings[0].fix_available, True) + self.assertEqual(findings[0].fix_version, "1.2.3") + def test_grype_issue_9942(self): with (get_unit_tests_scans_path("anchore_grype") / "issue_9942.json").open(encoding="utf-8") as testfile: parser = AnchoreGrypeParser() diff --git a/unittests/tools/test_n0s1_parser.py b/unittests/tools/test_n0s1_parser.py new file mode 100644 index 00000000000..5229e61e515 --- /dev/null +++ b/unittests/tools/test_n0s1_parser.py @@ -0,0 +1,31 @@ + + +from dojo.models import Test, Test_Type +from dojo.tools.n0s1.parser import N0s1Parser +from unittests.dojo_test_case import DojoTestCase, get_unit_tests_scans_path + + +class TestN0s1Parser(DojoTestCase): + + def test_n0s1_parser_with_multiple_findings(self): + with (get_unit_tests_scans_path("n0s1") / "many_findings.json").open(encoding="utf-8") as testfile: + parser = N0s1Parser() + test_type = Test_Type(name="n0s1 Scanner") + test = Test(test_type=test_type) + findings = parser.get_findings(testfile, test) + self.assertEqual(17, len(findings)) + finding = findings[0] + self.assertEqual(finding.title, "AWS") + self.assertIsNotNone(finding.description) + self.assertTrue(finding.dynamic_finding) + self.assertEqual(test.test_type.name, "n0s1 Scanner") + + def test_detect_subscanner_returns_correct_type(self): + with (get_unit_tests_scans_path("n0s1") / "many_findings.json").open(encoding="utf-8") as testfile: + parser = N0s1Parser() + tests = parser.get_tests("n0s1 Scanner", testfile) + self.assertEqual(1, len(tests)) + test = tests[0] + self.assertEqual("n0s1 Confluence", test.name) + self.assertEqual("Scan from n0s1 Confluence", test.description) + self.assertEqual(17, len(test.findings)) diff --git a/unittests/tools/test_rusty_hog_parser.py b/unittests/tools/test_rusty_hog_parser.py index a9fc057f50e..96c5e48a80b 100644 --- a/unittests/tools/test_rusty_hog_parser.py +++ b/unittests/tools/test_rusty_hog_parser.py @@ -1,3 +1,4 @@ +from dojo.models import Test, Test_Type from dojo.tools.rusty_hog.parser import RustyhogParser from unittests.dojo_test_case import DojoTestCase, get_unit_tests_scans_path @@ -21,6 +22,15 @@ def test_parse_file_with_multiple_vuln_has_multiple_finding_choctawhog(self): findings = parser.get_findings(testfile, "Choctaw Hog") self.assertEqual(13, len(findings)) + def test_parse_file_with_multiple_vuln_test_type(self): + with (get_unit_tests_scans_path("rusty_hog") / "choctawhog_many_vulns.json").open(encoding="utf-8") as testfile: + test_type = Test_Type(name="Rusty Hog") + test = Test(test_type=test_type) + self.assertEqual("Rusty Hog", test.test_type.name) + parser = RustyhogParser() + tests = parser.get_tests("Rusty Hog", testfile) + self.assertEqual("Rusty Hog", tests[0].name) + def test_parse_file_with_multiple_vuln_has_multiple_finding_choctawhog_content(self): with (get_unit_tests_scans_path("rusty_hog") / "choctawhog_many_vulns.json").open(encoding="utf-8") as testfile: parser = RustyhogParser() diff --git a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml index 37a72f9bd80..27cb4916548 100644 --- a/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml +++ b/unittests/vcr/jira/JIRAImportAndPushTestApi.test_groups_create_edit_update_finding.yaml @@ -2,14 +2,14 @@ interactions: - request: body: '{"description": "Event test_added has occurred.", "title": "Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": null, - "url_ui": "http://localhost:8080/test/95", "url_api": "http://localhost:8080/api/v2/tests/95/", + "url_ui": "http://localhost:8080/test/92", "url_api": "http://localhost:8080/api/v2/tests/92/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 95, "url_ui": "http://localhost:8080/test/95", "url_api": "http://localhost:8080/api/v2/tests/95/"}}' + 92, "url_ui": "http://localhost:8080/test/92", "url_api": "http://localhost:8080/api/v2/tests/92/"}}' headers: Accept: - application/json @@ -24,7 +24,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.48.4 + - DefectDojo-2.52.0-dev X-DefectDojo-Event: - test_added X-DefectDojo-Instance: @@ -38,22 +38,22 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"844\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.48.4\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.52.0-dev\"\n ],\n \"X-Defectdojo-Event\": [\n \"test_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.7\",\n \"url\": + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.7\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event test_added has occurred.\\\", \\\"title\\\": \\\"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", \\\"user\\\": - null, \\\"url_ui\\\": \\\"http://localhost:8080/test/95\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/tests/95/\\\", \\\"product_type\\\": {\\\"name\\\": + null, \\\"url_ui\\\": \\\"http://localhost:8080/test/92\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/tests/92/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 95, \\\"url_ui\\\": \\\"http://localhost:8080/test/95\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/95/\\\"}}\",\n \"files\": + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 92, \\\"url_ui\\\": \\\"http://localhost:8080/test/92\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/92/\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"json\": {\n \"description\": \"Event test_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n @@ -63,11 +63,11 @@ interactions: \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 95,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/95/\",\n - \ \"url_ui\": \"http://localhost:8080/test/95\"\n },\n \"title\": + 92,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/92/\",\n + \ \"url_ui\": \"http://localhost:8080/test/92\"\n },\n \"title\": \"Test created for Security How-to: 1st Quarter Engagement: NPM Audit Scan\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/tests/95/\",\n \"url_ui\": - \"http://localhost:8080/test/95\",\n \"user\": null\n }\n}\n" + \ \"url_api\": \"http://localhost:8080/api/v2/tests/92/\",\n \"url_ui\": + \"http://localhost:8080/test/92\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -76,7 +76,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Fri, 25 Jul 2025 19:02:56 GMT + - Tue, 04 Nov 2025 18:02:04 GMT Transfer-Encoding: - chunked status: @@ -85,32 +85,32 @@ interactions: - request: body: '{"description": "Event scan_added has occurred.", "title": "Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan", "user": - null, "url_ui": "http://localhost:8080/test/95", "url_api": "http://localhost:8080/api/v2/tests/95/", + null, "url_ui": "http://localhost:8080/test/92", "url_api": "http://localhost:8080/api/v2/tests/92/", "product_type": {"name": "ebooks", "id": 2, "url_ui": "http://localhost:8080/product/type/2", "url_api": "http://localhost:8080/api/v2/product_types/2/"}, "product": {"name": "Security How-to", "id": 2, "url_ui": "http://localhost:8080/product/2", "url_api": "http://localhost:8080/api/v2/products/2/"}, "engagement": {"name": "1st Quarter Engagement", "id": 1, "url_ui": "http://localhost:8080/engagement/1", "url_api": "http://localhost:8080/api/v2/engagements/1/"}, "test": {"title": null, "id": - 95, "url_ui": "http://localhost:8080/test/95", "url_api": "http://localhost:8080/api/v2/tests/95/"}, - "finding_count": 5, "findings": {"new": [{"id": 247, "title": "2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/247", - "url_api": "http://localhost:8080/api/v2/findings/247/"}, {"id": 248, "title": + 92, "url_ui": "http://localhost:8080/test/92", "url_api": "http://localhost:8080/api/v2/tests/92/"}, + "finding_count": 5, "findings": {"new": [{"id": 235, "title": "2222Regular Expression + Denial of Service - (Negotiator, <= 0.6.0)", "severity": "High", "url_ui": "http://localhost:8080/finding/235", + "url_api": "http://localhost:8080/api/v2/findings/235/"}, {"id": 236, "title": "Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", - "severity": "High", "url_ui": "http://localhost:8080/finding/248", "url_api": - "http://localhost:8080/api/v2/findings/248/"}, {"id": 246, "title": "Regular + "severity": "High", "url_ui": "http://localhost:8080/finding/236", "url_api": + "http://localhost:8080/api/v2/findings/236/"}, {"id": 234, "title": "Regular Expression Denial of Service - (Negotiator, <= 0.6.0)", "severity": "Medium", - "url_ui": "http://localhost:8080/finding/246", "url_api": "http://localhost:8080/api/v2/findings/246/"}, - {"id": 249, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", - "severity": "Medium", "url_ui": "http://localhost:8080/finding/249", "url_api": - "http://localhost:8080/api/v2/findings/249/"}, {"id": 250, "title": "2222Remote + "url_ui": "http://localhost:8080/finding/234", "url_api": "http://localhost:8080/api/v2/findings/234/"}, + {"id": 237, "title": "Regular Expression Denial of Service - (Fresh, < 0.5.2)", + "severity": "Medium", "url_ui": "http://localhost:8080/finding/237", "url_api": + "http://localhost:8080/api/v2/findings/237/"}, {"id": 238, "title": "2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)", - "severity": "Medium", "url_ui": "http://localhost:8080/finding/250", "url_api": - "http://localhost:8080/api/v2/findings/250/"}], "reactivated": [], "mitigated": + "severity": "Medium", "url_ui": "http://localhost:8080/finding/238", "url_api": + "http://localhost:8080/api/v2/findings/238/"}], "reactivated": [], "mitigated": [], "untouched": []}}' headers: Accept: @@ -126,7 +126,7 @@ interactions: Content-Type: - application/json User-Agent: - - DefectDojo-2.48.4 + - DefectDojo-2.52.0-dev X-DefectDojo-Event: - scan_added X-DefectDojo-Instance: @@ -140,82 +140,82 @@ interactions: [\n \"Token xxx\"\n ],\n \"Connection\": [\n \"keep-alive\"\n \ ],\n \"Content-Length\": [\n \"2373\"\n ],\n \"Content-Type\": [\n \"application/json\"\n ],\n \"Host\": [\n \"webhook.endpoint:8080\"\n - \ ],\n \"User-Agent\": [\n \"DefectDojo-2.48.4\"\n ],\n \"X-Defectdojo-Event\": + \ ],\n \"User-Agent\": [\n \"DefectDojo-2.52.0-dev\"\n ],\n \"X-Defectdojo-Event\": [\n \"scan_added\"\n ],\n \"X-Defectdojo-Instance\": [\n \"http://localhost:8080\"\n - \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"10.250.1.7\",\n \"url\": + \ ]\n },\n \"method\": \"POST\",\n \"origin\": \"172.18.0.7\",\n \"url\": \"http://webhook.endpoint:8080/post\",\n \"data\": \"{\\\"description\\\": \\\"Event scan_added has occurred.\\\", \\\"title\\\": \\\"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: NPM Audit Scan\\\", - \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/95\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/95/\\\", \\\"product_type\\\": + \\\"user\\\": null, \\\"url_ui\\\": \\\"http://localhost:8080/test/92\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/92/\\\", \\\"product_type\\\": {\\\"name\\\": \\\"ebooks\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/type/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/product_types/2/\\\"}, \\\"product\\\": {\\\"name\\\": \\\"Security How-to\\\", \\\"id\\\": 2, \\\"url_ui\\\": \\\"http://localhost:8080/product/2\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/products/2/\\\"}, \\\"engagement\\\": {\\\"name\\\": \\\"1st Quarter Engagement\\\", \\\"id\\\": 1, \\\"url_ui\\\": \\\"http://localhost:8080/engagement/1\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/engagements/1/\\\"}, - \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 95, \\\"url_ui\\\": \\\"http://localhost:8080/test/95\\\", - \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/95/\\\"}, \\\"finding_count\\\": - 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 247, \\\"title\\\": \\\"2222Regular + \\\"test\\\": {\\\"title\\\": null, \\\"id\\\": 92, \\\"url_ui\\\": \\\"http://localhost:8080/test/92\\\", + \\\"url_api\\\": \\\"http://localhost:8080/api/v2/tests/92/\\\"}, \\\"finding_count\\\": + 5, \\\"findings\\\": {\\\"new\\\": [{\\\"id\\\": 235, \\\"title\\\": \\\"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": - \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/247\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/247/\\\"}, {\\\"id\\\": 248, \\\"title\\\": + \\\"High\\\", \\\"url_ui\\\": \\\"http://localhost:8080/finding/235\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/235/\\\"}, {\\\"id\\\": 236, \\\"title\\\": \\\"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"High\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/248\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/248/\\\"}, - {\\\"id\\\": 246, \\\"title\\\": \\\"Regular Expression Denial of Service + \\\"http://localhost:8080/finding/236\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/236/\\\"}, + {\\\"id\\\": 234, \\\"title\\\": \\\"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/246\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/246/\\\"}, - {\\\"id\\\": 249, \\\"title\\\": \\\"Regular Expression Denial of Service + \\\"http://localhost:8080/finding/234\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/234/\\\"}, + {\\\"id\\\": 237, \\\"title\\\": \\\"Regular Expression Denial of Service - (Fresh, < 0.5.2)\\\", \\\"severity\\\": \\\"Medium\\\", \\\"url_ui\\\": - \\\"http://localhost:8080/finding/249\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/249/\\\"}, - {\\\"id\\\": 250, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 + \\\"http://localhost:8080/finding/237\\\", \\\"url_api\\\": \\\"http://localhost:8080/api/v2/findings/237/\\\"}, + {\\\"id\\\": 238, \\\"title\\\": \\\"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\\\", \\\"severity\\\": \\\"Medium\\\", - \\\"url_ui\\\": \\\"http://localhost:8080/finding/250\\\", \\\"url_api\\\": - \\\"http://localhost:8080/api/v2/findings/250/\\\"}], \\\"reactivated\\\": + \\\"url_ui\\\": \\\"http://localhost:8080/finding/238\\\", \\\"url_api\\\": + \\\"http://localhost:8080/api/v2/findings/238/\\\"}], \\\"reactivated\\\": [], \\\"mitigated\\\": [], \\\"untouched\\\": []}}\",\n \"files\": {},\n \ \"form\": {},\n \"json\": {\n \"description\": \"Event scan_added has occurred.\",\n \"engagement\": {\n \"id\": 1,\n \"name\": \"1st Quarter Engagement\",\n \"url_api\": \"http://localhost:8080/api/v2/engagements/1/\",\n \ \"url_ui\": \"http://localhost:8080/engagement/1\"\n },\n \"finding_count\": 5,\n \"findings\": {\n \"mitigated\": [],\n \"new\": [\n {\n - \ \"id\": 247,\n \"severity\": \"High\",\n \"title\": + \ \"id\": 235,\n \"severity\": \"High\",\n \"title\": \"2222Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/247/\",\n \"url_ui\": \"http://localhost:8080/finding/247\"\n - \ },\n {\n \"id\": 248,\n \"severity\": \"High\",\n + \"http://localhost:8080/api/v2/findings/235/\",\n \"url_ui\": \"http://localhost:8080/finding/235\"\n + \ },\n {\n \"id\": 236,\n \"severity\": \"High\",\n \ \"title\": \"Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= - 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/248/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/248\"\n },\n - \ {\n \"id\": 246,\n \"severity\": \"Medium\",\n \"title\": + 7.0.0 < 7.0.2 || >= 7.1.0 < 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/236/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/236\"\n },\n + \ {\n \"id\": 234,\n \"severity\": \"Medium\",\n \"title\": \"Regular Expression Denial of Service - (Negotiator, <= 0.6.0)\",\n \"url_api\": - \"http://localhost:8080/api/v2/findings/246/\",\n \"url_ui\": \"http://localhost:8080/finding/246\"\n - \ },\n {\n \"id\": 249,\n \"severity\": \"Medium\",\n + \"http://localhost:8080/api/v2/findings/234/\",\n \"url_ui\": \"http://localhost:8080/finding/234\"\n + \ },\n {\n \"id\": 237,\n \"severity\": \"Medium\",\n \ \"title\": \"Regular Expression Denial of Service - (Fresh, < 0.5.2)\",\n - \ \"url_api\": \"http://localhost:8080/api/v2/findings/249/\",\n \"url_ui\": - \"http://localhost:8080/finding/249\"\n },\n {\n \"id\": - 250,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote + \ \"url_api\": \"http://localhost:8080/api/v2/findings/237/\",\n \"url_ui\": + \"http://localhost:8080/finding/237\"\n },\n {\n \"id\": + 238,\n \"severity\": \"Medium\",\n \"title\": \"2222Remote Code Execution - (Pg, < 2.11.2 || >= 3.0.0 < 3.6.4 || >= 4.0.0 < 4.5.7 || >= 5.0.0 < 5.2.1 || >= 6.0.0 < 6.0.5 || >= 6.1.0 < 6.1.6 || >= 6.2.0 < 6.2.5 || >= 6.3.0 < 6.3.3 || >= 6.4.0 < 6.4.2 || >= 7.0.0 < 7.0.2 || >= 7.1.0 < - 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/250/\",\n - \ \"url_ui\": \"http://localhost:8080/finding/250\"\n }\n ],\n + 7.1.2)\",\n \"url_api\": \"http://localhost:8080/api/v2/findings/238/\",\n + \ \"url_ui\": \"http://localhost:8080/finding/238\"\n }\n ],\n \ \"reactivated\": [],\n \"untouched\": []\n },\n \"product\": {\n \"id\": 2,\n \"name\": \"Security How-to\",\n \"url_api\": \"http://localhost:8080/api/v2/products/2/\",\n \"url_ui\": \"http://localhost:8080/product/2\"\n \ },\n \"product_type\": {\n \"id\": 2,\n \"name\": \"ebooks\",\n \ \"url_api\": \"http://localhost:8080/api/v2/product_types/2/\",\n \"url_ui\": \"http://localhost:8080/product/type/2\"\n },\n \"test\": {\n \"id\": - 95,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/95/\",\n - \ \"url_ui\": \"http://localhost:8080/test/95\"\n },\n \"title\": + 92,\n \"title\": null,\n \"url_api\": \"http://localhost:8080/api/v2/tests/92/\",\n + \ \"url_ui\": \"http://localhost:8080/test/92\"\n },\n \"title\": \"Created/Updated 5 findings for Security How-to: 1st Quarter Engagement: - NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/95/\",\n - \ \"url_ui\": \"http://localhost:8080/test/95\",\n \"user\": null\n }\n}\n" + NPM Audit Scan\",\n \"url_api\": \"http://localhost:8080/api/v2/tests/92/\",\n + \ \"url_ui\": \"http://localhost:8080/test/92\",\n \"user\": null\n }\n}\n" headers: Access-Control-Allow-Credentials: - 'true' @@ -224,7 +224,7 @@ interactions: Content-Type: - application/json; charset=utf-8 Date: - - Fri, 25 Jul 2025 19:02:56 GMT + - Tue, 04 Nov 2025 18:02:04 GMT Transfer-Encoding: - chunked status: @@ -244,17 +244,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:02:57.595+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:04.511+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 87e09610-cc06-4a8a-a197-0e9ce1263593 + - 84eb414d-a348-4388-8632-08caec20d928 Atl-Traceid: - - 87e09610cc064a8aa1970e9ce1263593 + - 84eb414da3484388863208caec20d928 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -264,7 +264,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:02:57 GMT + - Tue, 04 Nov 2025 18:02:04 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -274,7 +274,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=328,atl-edge;dur=323,atl-edge-internal;dur=14,atl-edge-upstream;dur=309,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="FQD4czgzlQ9F5YGvQGP7yj0lV5y5pAwBZB7XaNOg0qMzKGBIq2Xa3A==",cdn-downstream-fbl;dur=331 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=250,atl-edge;dur=227,atl-edge-internal;dur=13,atl-edge-upstream;dur=214,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="Gfcwv0to1yWDtbW7j2ULUXR1haCo_GCu4Cct8PTcUas_LkF20tC8eg==",cdn-downstream-fbl;dur=253 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -284,15 +284,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 902b6168cd46b8e2de576dabe4e7f0f8.cloudfront.net (CloudFront) + - 1.1 c11dc3a4786e038ddffb5e925a892302.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - FQD4czgzlQ9F5YGvQGP7yj0lV5y5pAwBZB7XaNOg0qMzKGBIq2Xa3A== + - Gfcwv0to1yWDtbW7j2ULUXR1haCo_GCu4Cct8PTcUas_LkF20tC8eg== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - c23d70909455da51af7da0dbd61404da + - ea35da2fcae8ee7faf589d20046347c8 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -316,7 +320,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -330,9 +334,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - b1a19c85-bff0-4945-b173-283a8bd53ba8 + - 74ad6563-7915-49c1-a310-525d8ad81ddf Atl-Traceid: - - b1a19c85bff04945b173283a8bd53ba8 + - 74ad6563791549c1a310525d8ad81ddf Cache-Control: - no-cache, no-store, no-transform Connection: @@ -342,7 +346,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:02:59 GMT + - Tue, 04 Nov 2025 18:02:05 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -352,7 +356,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=489,atl-edge;dur=486,atl-edge-internal;dur=15,atl-edge-upstream;dur=471,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="5-rw1PtU3FIpq8dtpbsC-bGhD0B43quh_X5uB7YTZ-RRZtD-ywLNvg==",cdn-downstream-fbl;dur=492 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=409,atl-edge;dur=387,atl-edge-internal;dur=17,atl-edge-upstream;dur=370,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="ERcuFkqXvhUWrBbjbx65xkdwuJ9CC7UCRONZbIMrGvFulq80JsAflg==",cdn-downstream-fbl;dur=414 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -362,18 +366,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 da84bd533f95bc21581ad9f33da5b73a.cloudfront.net (CloudFront) + - 1.1 d7b3fa0ef559ab3ac226fc78e47d311a.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 5-rw1PtU3FIpq8dtpbsC-bGhD0B43quh_X5uB7YTZ-RRZtD-ywLNvg== + - ERcuFkqXvhUWrBbjbx65xkdwuJ9CC7UCRONZbIMrGvFulq80JsAflg== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P1 X-Arequestid: - - af9afffbde195f59fc4dbedb0333868c + - 8320bc1f1ee4ae6b83bc30b3914118e0 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -387,20 +395,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified and + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -410,9 +418,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -432,21 +440,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3540' + - '3538' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"21268","key":"NTEST-3089","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268"}' + string: '{"id":"23615","key":"NTEST-3174","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615"}' headers: Atl-Request-Id: - - 78fb4eef-4458-4109-9bb0-df8773d2c147 + - fd86d71b-2e0b-414c-93bf-83227145a1f9 Atl-Traceid: - - 78fb4eef445841099bb0df8773d2c147 + - fd86d71b2e0b414c93bf83227145a1f9 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -454,7 +462,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:00 GMT + - Tue, 04 Nov 2025 18:02:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -464,7 +472,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=901,atl-edge;dur=895,atl-edge-internal;dur=15,atl-edge-upstream;dur=880,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="StrjBrHSWCvNqr8OI1ytGk1aPN-7X4_XoZKbH3j4tp7rA5CiR84NKw==",cdn-downstream-fbl;dur=904 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=854,atl-edge;dur=832,atl-edge-internal;dur=16,atl-edge-upstream;dur=815,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="f2xEZR96D6xpQ9OomNDKv3lfWsjZhVty-qF1wdICuCwfC0l5iO0TuQ==",cdn-downstream-fbl;dur=859 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -474,15 +482,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4ec881b9cff95ab6b1f20a72ee8404c4.cloudfront.net (CloudFront) + - 1.1 96b078df4a5d96ad3cc52cfe9d984774.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - StrjBrHSWCvNqr8OI1ytGk1aPN-7X4_XoZKbH3j4tp7rA5CiR84NKw== + - f2xEZR96D6xpQ9OomNDKv3lfWsjZhVty-qF1wdICuCwfC0l5iO0TuQ== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN52-P1 X-Arequestid: - - 9e58b841e389843ef81eb21c4222b6d5 + - 1ce41d39aece41fe84b44e5ce0cc8d06 + X-Beta-Ratelimit-Limit: + - '200' + X-Beta-Ratelimit-Remaining: + - '199' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -506,32 +518,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -541,9 +553,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -553,12 +565,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 688e55f3-3299-470b-9150-2d0dc672cc34 + - 96839452-3336-4f57-8765-9c56c75eeac2 Atl-Traceid: - - 688e55f33299470b91502d0dc672cc34 + - 9683945233364f5787659c56c75eeac2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -568,7 +580,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:02 GMT + - Tue, 04 Nov 2025 18:02:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -578,7 +590,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=406,atl-edge;dur=404,atl-edge-internal;dur=15,atl-edge-upstream;dur=389,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="brH9xqsPkfS-JMNJkxvM4Eu8lhNhdl202zBRFUvZadcrq-TUP29tHA==",cdn-downstream-fbl;dur=410 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=280,atl-edge;dur=257,atl-edge-internal;dur=18,atl-edge-upstream;dur=240,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="0k39cfEPK8vpFSYLsBoMQwFrZviUH94jg3gHiPyLSBzhW3kDLCTrJg==",cdn-downstream-fbl;dur=284 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -588,15 +600,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f10eedb52fc0d82204e85d20112deafa.cloudfront.net (CloudFront) + - 1.1 f6327093dd59f54131617ea3ab04bd94.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - brH9xqsPkfS-JMNJkxvM4Eu8lhNhdl202zBRFUvZadcrq-TUP29tHA== + - 0k39cfEPK8vpFSYLsBoMQwFrZviUH94jg3gHiPyLSBzhW3kDLCTrJg== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P2 X-Arequestid: - - e7edb0b415127803592cbc45a7e5a4b5 + - ec452c2a04c8d88d082d8c4db2d5cb8d + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -620,32 +636,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -655,9 +671,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -667,12 +683,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 1a96f827-aca4-410c-9d88-cb4b590df03f + - 698ab61c-4988-460f-a848-47aafb0030f7 Atl-Traceid: - - 1a96f827aca4410c9d88cb4b590df03f + - 698ab61c4988460fa84847aafb0030f7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -682,7 +698,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:03 GMT + - Tue, 04 Nov 2025 18:02:06 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -692,7 +708,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=416,atl-edge;dur=414,atl-edge-internal;dur=15,atl-edge-upstream;dur=399,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="QYhhYlfMA88IBYFaanzvO1AzOkF3jK6afwEtjrUFo4rC49Y3yQSNuQ==",cdn-downstream-fbl;dur=420 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=401,atl-edge;dur=313,atl-edge-internal;dur=20,atl-edge-upstream;dur=292,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="vWi3EdHtOzg-Tp1ak4kNRPHt2UOn5LuhJDXy-eZFyqWiJUUWu76_Cw==",cdn-downstream-fbl;dur=406 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -702,15 +718,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0e61cdf08a154ac7d647c2dc742467a6.cloudfront.net (CloudFront) + - 1.1 5a94950aa5895e56460f82b3086d0b0c.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - QYhhYlfMA88IBYFaanzvO1AzOkF3jK6afwEtjrUFo4rC49Y3yQSNuQ== + - vWi3EdHtOzg-Tp1ak4kNRPHt2UOn5LuhJDXy-eZFyqWiJUUWu76_Cw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P1 X-Arequestid: - - 5d9509d79ab893f6881f5000dc38a104 + - 9ff91c9d4335bf63a04a9a6dd144022c + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -734,17 +754,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:04.581+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:07.222+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - ea32309e-c226-4a0d-b73a-d960e218569d + - 70955815-9d28-48cf-90e9-669e3d4bc0a7 Atl-Traceid: - - ea32309ec2264a0db73ad960e218569d + - 709558159d2848cf90e9669e3d4bc0a7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -754,7 +774,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:04 GMT + - Tue, 04 Nov 2025 18:02:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -764,7 +784,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=325,atl-edge;dur=323,atl-edge-internal;dur=15,atl-edge-upstream;dur=308,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="iswaYNMh8YudWTH9CQuiAXVW5BQH16sonjXQLLCn_taBkBMCmwsSKw==",cdn-downstream-fbl;dur=329 + - cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="Qa9URLPaMa6ikMG2OW5Rg29O7Nnbx0ui3Bddg1weVHvUdq2vNauS9A==",cdn-downstream-fbl;dur=270,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=67,cdn-upstream-fbl;dur=267,atl-edge;dur=176,atl-edge-internal;dur=20,atl-edge-upstream;dur=155,atl-edge-pop;desc="aws-us-west-2" Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -774,15 +794,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 74ae22067fef6f6228fb9f864f22f58a.cloudfront.net (CloudFront) + - 1.1 949f831c3bb70b840d7eecaeb220bbfa.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - iswaYNMh8YudWTH9CQuiAXVW5BQH16sonjXQLLCn_taBkBMCmwsSKw== + - Qa9URLPaMa6ikMG2OW5Rg29O7Nnbx0ui3Bddg1weVHvUdq2vNauS9A== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - e270fcc6792d3ffa51e7e8ad9e9c8d84 + - 42d62cd510d79b6ffb0403234017575a + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -806,32 +830,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -841,9 +865,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -853,12 +877,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - ae00100f-4d11-40e9-9932-15d9021e6759 + - fb011005-80a3-4d39-8537-813dddbd6615 Atl-Traceid: - - ae00100f4d1140e9993215d9021e6759 + - fb01100580a34d398537813dddbd6615 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -868,7 +892,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:06 GMT + - Tue, 04 Nov 2025 18:02:07 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -878,7 +902,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=420,atl-edge;dur=418,atl-edge-internal;dur=15,atl-edge-upstream;dur=403,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="bgetvlO4WpCinB-heDQIha0uuofhS5EorQlJE9ou15CELKr1QTCrjg==",cdn-downstream-fbl;dur=423 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=419,atl-edge;dur=331,atl-edge-internal;dur=21,atl-edge-upstream;dur=308,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="8vx7EoxVuI99a62P5Tr9aCsgWdh7eUfOB7jOs-9OtyVtTB-tPqHKsQ==",cdn-downstream-fbl;dur=423 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -888,15 +912,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 aebce22763fb7e32a807cd494884a9b4.cloudfront.net (CloudFront) + - 1.1 05fe6f95b77eb54d0691950915c27264.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - bgetvlO4WpCinB-heDQIha0uuofhS5EorQlJE9ou15CELKr1QTCrjg== + - 8vx7EoxVuI99a62P5Tr9aCsgWdh7eUfOB7jOs-9OtyVtTB-tPqHKsQ== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P2 X-Arequestid: - - b39c817f7c2df536c188eac2e9f8726c + - 0faee4be973ae5ac859f02e5d753201d + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -920,17 +948,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:07.128+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:08.101+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 537537da-de60-458a-ac4b-eeb5dfbdf818 + - 3e93b632-404f-4c97-8b5e-e53e89385eb3 Atl-Traceid: - - 537537dade60458aac4beeb5dfbdf818 + - 3e93b632404f4c978b5ee53e89385eb3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -940,7 +968,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:07 GMT + - Tue, 04 Nov 2025 18:02:08 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -950,7 +978,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=326,atl-edge;dur=323,atl-edge-internal;dur=16,atl-edge-upstream;dur=307,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="SiwlZ_K47ZgS_TQfpdkxeGBcmidrzFLppMLZ1O6VQrZAeiJNt_i62w==",cdn-downstream-fbl;dur=329 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=202,atl-edge;dur=177,atl-edge-internal;dur=16,atl-edge-upstream;dur=162,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="etpLicu7TQewaNacytUJJrOszSnNNDLK7WvjA_YA-cV4iTRd1ndbdw==",cdn-downstream-fbl;dur=206 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -960,15 +988,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 490b2d87256587a734fcd39d5d6c7392.cloudfront.net (CloudFront) + - 1.1 ba437ea2340585e48bd8901315998164.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - SiwlZ_K47ZgS_TQfpdkxeGBcmidrzFLppMLZ1O6VQrZAeiJNt_i62w== + - etpLicu7TQewaNacytUJJrOszSnNNDLK7WvjA_YA-cV4iTRd1ndbdw== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P2 X-Arequestid: - - aabd7033d76f62ed7a5419ff8d04a289 + - c57807bdcb2be629f110daeee436bb9a + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -992,32 +1024,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1027,9 +1059,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1039,12 +1071,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 7702705d-9d33-4baf-9ece-59fc4749fcd1 + - acb193c1-a63a-4ad8-906e-c872eb0eafa9 Atl-Traceid: - - 7702705d9d334baf9ece59fc4749fcd1 + - acb193c1a63a4ad8906ec872eb0eafa9 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1054,7 +1086,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:08 GMT + - Tue, 04 Nov 2025 18:02:08 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1064,7 +1096,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=410,atl-edge;dur=409,atl-edge-internal;dur=15,atl-edge-upstream;dur=394,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="GjkZNDPUB0D2uY39X0UH-2FysELkAuiNFnN8WHIYURAWumMzxTwUbg==",cdn-downstream-fbl;dur=414 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=512,atl-edge;dur=420,atl-edge-internal;dur=17,atl-edge-upstream;dur=400,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="Cc5h3Hl1bFI6KVrRPSVLXFG78TNyB1Mo3IfEMiKwiVqQpwgL1ekbug==",cdn-downstream-fbl;dur=515 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1074,15 +1106,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 903696f43fdfc4019d7102b6711e9fca.cloudfront.net (CloudFront) + - 1.1 38eee5097e81ef860ba8d4b144d6ea36.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - GjkZNDPUB0D2uY39X0UH-2FysELkAuiNFnN8WHIYURAWumMzxTwUbg== + - Cc5h3Hl1bFI6KVrRPSVLXFG78TNyB1Mo3IfEMiKwiVqQpwgL1ekbug== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P2 X-Arequestid: - - 785d746ed3b15ff24479c5dd7c6bec74 + - dd075a25136f284c01fa591892a8c618 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '396' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1106,7 +1142,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -1120,9 +1156,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - e1b066b2-c949-4acc-82ed-0c487d9ec2f4 + - 0b828255-2c3d-4429-b94f-a2a8529253f1 Atl-Traceid: - - e1b066b2c9494acc82ed0c487d9ec2f4 + - 0b8282552c3d4429b94fa2a8529253f1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1132,7 +1168,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:09 GMT + - Tue, 04 Nov 2025 18:02:09 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1142,7 +1178,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=476,atl-edge;dur=473,atl-edge-internal;dur=18,atl-edge-upstream;dur=456,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="igD7knl5DbuQ5ZfHiFTeeiisYeMlDdQOoONo6UI1z_cCPXBGylTEyA==",cdn-downstream-fbl;dur=480 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=456,atl-edge;dur=366,atl-edge-internal;dur=19,atl-edge-upstream;dur=346,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="SYgu4cfSX83fpR2L6ikLwZgVbmPxx8DWaN23u1pJ3jQkBs93fJ4rHQ==",cdn-downstream-fbl;dur=461 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1152,18 +1188,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0462a83c1b4a9fa5a2554db6feb3a19c.cloudfront.net (CloudFront) + - 1.1 89771419757f75b08f6c8fd411f8ef54.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - igD7knl5DbuQ5ZfHiFTeeiisYeMlDdQOoONo6UI1z_cCPXBGylTEyA== + - SYgu4cfSX83fpR2L6ikLwZgVbmPxx8DWaN23u1pJ3jQkBs93fJ4rHQ== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P1 X-Arequestid: - - 12b5a3b051873b10044beee8f7c093ae + - 946843fc13402b91740f85fc0d144693 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1177,20 +1217,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified and + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1200,9 +1240,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1222,21 +1262,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3554' + - '3552' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - 64604dff-de45-4e77-bb48-a55ab83f3408 + - 1b62f2cc-df65-4434-b86c-65327d48692c Atl-Traceid: - - 64604dffde454e77bb48a55ab83f3408 + - 1b62f2ccdf654434b86c65327d48692c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1244,7 +1284,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:11 GMT + - Tue, 04 Nov 2025 18:02:09 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1254,7 +1294,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=489,atl-edge;dur=482,atl-edge-internal;dur=14,atl-edge-upstream;dur=468,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="JdwyDugc3eQLpH6fm9nCuvuWXXpt4CIzYCs20pxu0oTxfN6-JyUubQ==",cdn-downstream-fbl;dur=492 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=435,atl-edge;dur=409,atl-edge-internal;dur=17,atl-edge-upstream;dur=392,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="pkPSgUhZnEDVvSzTho9jSU3DkHyXp5Qk0olAlRnMksJcU_Wv0CL-3Q==",cdn-downstream-fbl;dur=439 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1262,15 +1302,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 de78b5b2f4bbd9bb1abd6bed27a85d78.cloudfront.net (CloudFront) + - 1.1 708370555615eac6a25379c04fbdd8ea.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - JdwyDugc3eQLpH6fm9nCuvuWXXpt4CIzYCs20pxu0oTxfN6-JyUubQ== + - pkPSgUhZnEDVvSzTho9jSU3DkHyXp5Qk0olAlRnMksJcU_Wv0CL-3Q== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P3 X-Arequestid: - - 0e0fd4a41d509e65190567a369b3d2f8 + - be8eb4961a4102d8ade8937be8e4b8f6 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1294,32 +1338,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1329,9 +1373,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1341,12 +1385,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - aeb3ebbc-ad55-4022-ac2e-78ea464a916a + - 4c02c32a-927c-46ac-b551-1ac15ac5f1bc Atl-Traceid: - - aeb3ebbcad554022ac2e78ea464a916a + - 4c02c32a927c46acb5511ac15ac5f1bc Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1356,7 +1400,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:13 GMT + - Tue, 04 Nov 2025 18:02:10 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1366,7 +1410,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=912,atl-edge;dur=910,atl-edge-internal;dur=14,atl-edge-upstream;dur=896,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="7XHZZP5H0xBAkolpWjvQ9kfqQYYIxMGSsdU4QP3U7K7g9fvkTSu2SA==",cdn-downstream-fbl;dur=916 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=307,atl-edge;dur=283,atl-edge-internal;dur=19,atl-edge-upstream;dur=263,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="limXlHkur7WkBoc__dXe5Z7lMUJXTEvbQsB-cjBcViHkB8Pnf9J2XA==",cdn-downstream-fbl;dur=310 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1376,15 +1420,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e3d6764a647541ed814ff5842b8b1476.cloudfront.net (CloudFront) + - 1.1 76f2e1e449c547c66904d58101f10ea6.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 7XHZZP5H0xBAkolpWjvQ9kfqQYYIxMGSsdU4QP3U7K7g9fvkTSu2SA== + - limXlHkur7WkBoc__dXe5Z7lMUJXTEvbQsB-cjBcViHkB8Pnf9J2XA== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P2 X-Arequestid: - - 126a2cfadcb8fce8b755f69b40e68012 + - 531933026dbce014e7494f0296ce64df + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1408,17 +1456,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:14.239+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:10.471+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 44087460-6f19-49f2-99b5-bde754b78559 + - 22ded4a6-f69f-47ef-ab07-3196ad878fb3 Atl-Traceid: - - 440874606f1949f299b5bde754b78559 + - 22ded4a6f69f47efab073196ad878fb3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1428,7 +1476,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:14 GMT + - Tue, 04 Nov 2025 18:02:10 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1438,7 +1486,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=341,atl-edge;dur=339,atl-edge-internal;dur=13,atl-edge-upstream;dur=326,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="26edOcy7Kxo0DyMfI9EUcHRgupdK4HKkmjm2DohsqEoH7900YiC9ug==",cdn-downstream-fbl;dur=345 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=213,atl-edge;dur=190,atl-edge-internal;dur=17,atl-edge-upstream;dur=173,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="hreyU7MUxxAXKkDe_ZyotpsDIUFD2mCeMLKLsiI-g882Ythw-xmQJw==",cdn-downstream-fbl;dur=217 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1448,15 +1496,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 237cbfb8cde372b8f33bda5565e9b52c.cloudfront.net (CloudFront) + - 1.1 b86386058101394cf48b049b58f8d788.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 26edOcy7Kxo0DyMfI9EUcHRgupdK4HKkmjm2DohsqEoH7900YiC9ug== + - hreyU7MUxxAXKkDe_ZyotpsDIUFD2mCeMLKLsiI-g882Ythw-xmQJw== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P1 X-Arequestid: - - 4145c4e9c8c75a255f7163541629a4c0 + - 8402396b323202bf7f468f30dc19b8bc + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1480,32 +1532,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1515,9 +1567,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1527,12 +1579,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 3da11bd3-a8aa-4b1e-961d-5d6a4ef1b8ad + - eb2e2e11-5982-4940-90a2-008f1c3c2118 Atl-Traceid: - - 3da11bd3a8aa4b1e961d5d6a4ef1b8ad + - eb2e2e115982494090a2008f1c3c2118 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1542,7 +1594,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:15 GMT + - Tue, 04 Nov 2025 18:02:10 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1552,7 +1604,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=408,atl-edge;dur=406,atl-edge-internal;dur=15,atl-edge-upstream;dur=391,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="GJ1_LXZe2jcn2sAWqNq6nOhGBiFv7Lwbp49upI5EyXAtmI0IR3hPzw==",cdn-downstream-fbl;dur=413 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=337,atl-edge;dur=314,atl-edge-internal;dur=33,atl-edge-upstream;dur=278,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="UTGgSNcbBEZ9gXBOrJFZpWjFi-FCeAaLxs0caWpPW2OScGY8fzkJrQ==",cdn-downstream-fbl;dur=341 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1562,15 +1614,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 30a845a852b74a2965aabbcb6034301e.cloudfront.net (CloudFront) + - 1.1 77dfdef79344c95f75de8512042d4bac.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - GJ1_LXZe2jcn2sAWqNq6nOhGBiFv7Lwbp49upI5EyXAtmI0IR3hPzw== + - UTGgSNcbBEZ9gXBOrJFZpWjFi-FCeAaLxs0caWpPW2OScGY8fzkJrQ== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN53-P1 X-Arequestid: - - 5d52321a767cb4de97d53a23c73f19ac + - 598e1c541f46b55e14ff1d61b301538f + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1594,17 +1650,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:16.721+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:11.127+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 385a7b5f-a896-46ea-861f-30162f3a67d7 + - 12aafee7-dbee-4176-9d25-3b5f6c24c890 Atl-Traceid: - - 385a7b5fa89646ea861f30162f3a67d7 + - 12aafee7dbee41769d253b5f6c24c890 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1614,7 +1670,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:16 GMT + - Tue, 04 Nov 2025 18:02:11 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1624,7 +1680,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=322,atl-edge;dur=320,atl-edge-internal;dur=13,atl-edge-upstream;dur=306,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="iGMFuHs3UcPPfcXVeuZOSQKlyIpjMb3IbpIngT6jpypm5nloql_PoA==",cdn-downstream-fbl;dur=325 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=208,atl-edge;dur=185,atl-edge-internal;dur=15,atl-edge-upstream;dur=168,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="_svgmad-2g87POgHOFQA_8eWqA5tfzydFB8_JkkOl9ux0Q-34y3OjA==",cdn-downstream-fbl;dur=211 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1634,15 +1690,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront) + - 1.1 b93403e5b15ed21bc6e80b8108e9d988.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - iGMFuHs3UcPPfcXVeuZOSQKlyIpjMb3IbpIngT6jpypm5nloql_PoA== + - _svgmad-2g87POgHOFQA_8eWqA5tfzydFB8_JkkOl9ux0Q-34y3OjA== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P3 X-Arequestid: - - d501984a1f5c179f63b570c8cff6aff9 + - 52936e1b6d5a4a947debcbeef38be0ea + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1666,32 +1726,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1701,9 +1761,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1713,12 +1773,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 4d3525f2-cfba-40aa-8487-414ba066e229 + - bdb80fe7-822d-4055-8cf4-79b2a6a048ed Atl-Traceid: - - 4d3525f2cfba40aa8487414ba066e229 + - bdb80fe7822d40558cf479b2a6a048ed Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1728,7 +1788,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:18 GMT + - Tue, 04 Nov 2025 18:02:11 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1738,7 +1798,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=416,atl-edge;dur=414,atl-edge-internal;dur=15,atl-edge-upstream;dur=399,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="hVJwmez2KjuGpj1j-tmMhS0L_kAl6bMq7WZYKBvwWqG-8Ca55801Pw==",cdn-downstream-fbl;dur=421 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=306,atl-edge;dur=283,atl-edge-internal;dur=20,atl-edge-upstream;dur=263,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="bfc6kJYAadYp7um0y2GJYsSrrBUBQxPUIYhtfO4E9sEaAs36Ts9M_Q==",cdn-downstream-fbl;dur=310 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1748,15 +1808,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 df166554184adf2da43f53000107ac74.cloudfront.net (CloudFront) + - 1.1 66fbb9efab6146079af1497f336edf9e.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - hVJwmez2KjuGpj1j-tmMhS0L_kAl6bMq7WZYKBvwWqG-8Ca55801Pw== + - bfc6kJYAadYp7um0y2GJYsSrrBUBQxPUIYhtfO4E9sEaAs36Ts9M_Q== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - a7598c5300d79123926b88c4dab487ca + - 7d73a15af779a11b3d3b75d217ad163c + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1780,17 +1844,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:19.275+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:12.083+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 1bd2d2c7-b0f5-4c28-a1ef-35147d370824 + - d0276e3b-06fb-4b2c-a97c-7cb59d11d3e1 Atl-Traceid: - - 1bd2d2c7b0f54c28a1ef35147d370824 + - d0276e3b06fb4b2ca97c7cb59d11d3e1 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1800,7 +1864,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:19 GMT + - Tue, 04 Nov 2025 18:02:12 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1810,7 +1874,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=321,atl-edge;dur=319,atl-edge-internal;dur=14,atl-edge-upstream;dur=306,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="-sdZnGVD8REvkTR7KNeUEeB4BSBZlEUUfHbgJ8sojFxoz8ZDK_-zIQ==",cdn-downstream-fbl;dur=326 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=499,atl-edge;dur=410,atl-edge-internal;dur=19,atl-edge-upstream;dur=390,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="tIKRicT5RfAyIWF7PXHG8sRuaA_osVKZZ0KCu7taydD0uT0RLKQ94w==",cdn-downstream-fbl;dur=504 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1820,15 +1884,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1d3e75fe2262e8a6f4a318b2bf3e6570.cloudfront.net (CloudFront) + - 1.1 93a2323067b2c60f3b86c822765cf3d2.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - -sdZnGVD8REvkTR7KNeUEeB4BSBZlEUUfHbgJ8sojFxoz8ZDK_-zIQ== + - tIKRicT5RfAyIWF7PXHG8sRuaA_osVKZZ0KCu7taydD0uT0RLKQ94w== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P3 X-Arequestid: - - 8eb4360214015ef34f88a0734f4ab22b + - f805233f74018ed4e5cc5b5b7ad65133 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '347' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1852,32 +1920,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1887,9 +1955,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -1899,12 +1967,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - a11e7b22-1506-4f68-b366-60cc50e7625f + - 59d3740d-9752-4be3-9634-0bd5846bc0b8 Atl-Traceid: - - a11e7b2215064f68b36660cc50e7625f + - 59d3740d97524be396340bd5846bc0b8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1914,7 +1982,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:20 GMT + - Tue, 04 Nov 2025 18:02:12 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -1924,7 +1992,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=425,atl-edge;dur=422,atl-edge-internal;dur=16,atl-edge-upstream;dur=406,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="0y1t7sSdxZsdjd27ph58eUlxzNXWdCFkLtCrdFZ_v-nx2S-E-xO-ug==",cdn-downstream-fbl;dur=428 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=371,atl-edge;dur=282,atl-edge-internal;dur=18,atl-edge-upstream;dur=262,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="xFq9uPMG9CRshuqmTO_vuiDuItFsogLXAV-C2PAqci9nA2gcZl1uzw==",cdn-downstream-fbl;dur=375 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -1934,15 +2002,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 fbd92e37686376c632f471bbca198756.cloudfront.net (CloudFront) + - 1.1 3349382fe72101eee491170c132b7e3c.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 0y1t7sSdxZsdjd27ph58eUlxzNXWdCFkLtCrdFZ_v-nx2S-E-xO-ug== + - xFq9uPMG9CRshuqmTO_vuiDuItFsogLXAV-C2PAqci9nA2gcZl1uzw== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P2 X-Arequestid: - - 03cc010086db094fa891f5284c58be24 + - 9e2b1a834627751bcce4a3515ab37072 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -1966,7 +2038,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -1980,9 +2052,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - c09de42c-7ecc-4d01-ac0b-683f990b7128 + - cafbc97b-52fb-4e81-8877-4b260e9a9749 Atl-Traceid: - - c09de42c7ecc4d01ac0b683f990b7128 + - cafbc97b52fb4e8188774b260e9a9749 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -1992,7 +2064,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:22 GMT + - Tue, 04 Nov 2025 18:02:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2002,7 +2074,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=476,atl-edge;dur=475,atl-edge-internal;dur=13,atl-edge-upstream;dur=461,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="mAL0n6QKIMQbz5GD_TXUITcWeJ7LVTa623bo2f3sl6Zz5LpxO_0Gkg==",cdn-downstream-fbl;dur=480 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=527,atl-edge;dur=437,atl-edge-internal;dur=18,atl-edge-upstream;dur=419,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="xkl-rAU1Om3tF4GT58NRciQiHy4DFZJFh_5kJ_JCDOCy8J_cqG6JGw==",cdn-downstream-fbl;dur=532 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2012,18 +2084,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5e473a5e64c6a2f7bc916721cc188252.cloudfront.net (CloudFront) + - 1.1 73ad00d68a5eb9671b517ae19c83ae52.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - mAL0n6QKIMQbz5GD_TXUITcWeJ7LVTa623bo2f3sl6Zz5LpxO_0Gkg== + - xkl-rAU1Om3tF4GT58NRciQiHy4DFZJFh_5kJ_JCDOCy8J_cqG6JGw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P3 X-Arequestid: - - 0f840bcf24ad92eeb2bf4feb169f09c8 + - e5e3222a3cfcd273504ab373d6c94703 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2037,20 +2113,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified and + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2060,9 +2136,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2082,21 +2158,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3554' + - '3552' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - b1780642-f400-40a0-bf64-e32312a96e7f + - 66d8b50b-2e60-4ae5-b631-8142958d28eb Atl-Traceid: - - b1780642f40040a0bf64e32312a96e7f + - 66d8b50b2e604ae5b6318142958d28eb Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2104,7 +2180,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:23 GMT + - Tue, 04 Nov 2025 18:02:13 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2114,7 +2190,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=500,atl-edge;dur=499,atl-edge-internal;dur=14,atl-edge-upstream;dur=484,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="yHVc2YXatcUeiDtzFIRWHyZpAssPQTkkQ30rpbqixd68PfLs3Z-1Vw==",cdn-downstream-fbl;dur=505 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=393,atl-edge;dur=368,atl-edge-internal;dur=18,atl-edge-upstream;dur=350,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="EW4e3c6E25wWQjSlzbFn5GdaTZGWtIddAqyc4QfQFDZjmij7nH0Mkw==",cdn-downstream-fbl;dur=399 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2122,15 +2198,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c7cd0041811f30bfd9c4a00e82b6a3c8.cloudfront.net (CloudFront) + - 1.1 25c0c572fef0588285c0d89bc75071be.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - yHVc2YXatcUeiDtzFIRWHyZpAssPQTkkQ30rpbqixd68PfLs3Z-1Vw== + - EW4e3c6E25wWQjSlzbFn5GdaTZGWtIddAqyc4QfQFDZjmij7nH0Mkw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P2 X-Arequestid: - - 346ddea5a2724d932e384246a0bd8cd1 + - dc66bb1bf21005c8f9d7345f28888df8 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2154,32 +2234,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2189,9 +2269,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2201,12 +2281,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 734a9b45-56be-4d2d-a7f2-6f4c8b0c4373 + - 0aa75647-dc46-4f8c-b999-89f1ed7950e2 Atl-Traceid: - - 734a9b4556be4d2da7f26f4c8b0c4373 + - 0aa75647dc464f8cb99989f1ed7950e2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2216,7 +2296,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:24 GMT + - Tue, 04 Nov 2025 18:02:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2226,7 +2306,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=409,atl-edge;dur=406,atl-edge-internal;dur=14,atl-edge-upstream;dur=392,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="qosadCarX-6YHbcDTlnseU0M5nyf0G-SQdZQ8Nxp8SKhlkSwGoZuwg==",cdn-downstream-fbl;dur=412 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=471,atl-edge;dur=380,atl-edge-internal;dur=21,atl-edge-upstream;dur=359,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="lDDyxIeawTp0JNd1mxgqAQPS9NWCu9LafnFb2EcPN0F-CjiiHxSTuQ==",cdn-downstream-fbl;dur=474 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2236,15 +2316,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 7bda591fa44b42ef6384ae955fdd5d7c.cloudfront.net (CloudFront) + - 1.1 c29cc996206d7483aa0efdd00191d936.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - qosadCarX-6YHbcDTlnseU0M5nyf0G-SQdZQ8Nxp8SKhlkSwGoZuwg== + - lDDyxIeawTp0JNd1mxgqAQPS9NWCu9LafnFb2EcPN0F-CjiiHxSTuQ== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P1 X-Arequestid: - - c13b6667dc3c1cba83a18bb106e14fd8 + - 20be13273370706533068faf479a6a7f + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2268,17 +2352,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:25.880+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:14.438+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - dc93a941-b162-4ad7-8444-a10a6e89dbe0 + - ff86994c-3756-404b-a894-11ee1fcd0b5a Atl-Traceid: - - dc93a941b1624ad78444a10a6e89dbe0 + - ff86994c3756404ba89411ee1fcd0b5a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2288,7 +2372,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:26 GMT + - Tue, 04 Nov 2025 18:02:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2298,7 +2382,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=316,atl-edge;dur=314,atl-edge-internal;dur=14,atl-edge-upstream;dur=300,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="eMnihDSSW0z_Y93Q4hhhyB3jTqdSZNrsEyZC72vswzNqcdEKikTlJA==",cdn-downstream-fbl;dur=319 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=197,atl-edge;dur=174,atl-edge-internal;dur=14,atl-edge-upstream;dur=160,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="AM7_bpFecKj_cGFzk9tVe6NWJqkc2v00rXUInWnZZmXlXFuJxy2uBQ==",cdn-downstream-fbl;dur=200 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2308,15 +2392,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e3b6a2cc8a3456f4a2dc3bfd506c4344.cloudfront.net (CloudFront) + - 1.1 0ecc9d4faf14441bafb84971a4117abc.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - eMnihDSSW0z_Y93Q4hhhyB3jTqdSZNrsEyZC72vswzNqcdEKikTlJA== + - AM7_bpFecKj_cGFzk9tVe6NWJqkc2v00rXUInWnZZmXlXFuJxy2uBQ== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P2 X-Arequestid: - - 5c6280e3c2d23adb4d779cea49403270 + - 33c13ab7c3c77c36ed590668cb5e2b5e + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2340,32 +2428,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2375,9 +2463,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2387,12 +2475,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - fcb574a4-8cf4-4875-a147-dfa682e4546e + - 9f81f68a-63bc-4ec4-ac0c-db8cda2b9aa4 Atl-Traceid: - - fcb574a48cf44875a147dfa682e4546e + - 9f81f68a63bc4ec4ac0cdb8cda2b9aa4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2402,7 +2490,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:27 GMT + - Tue, 04 Nov 2025 18:02:14 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2412,7 +2500,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=413,atl-edge;dur=411,atl-edge-internal;dur=17,atl-edge-upstream;dur=394,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="OD5dm0zurXC1ovFJVWDSjBg4Sb_DgnHJCnuYba2aJ04Op8BPaKjXvw==",cdn-downstream-fbl;dur=417 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=283,atl-edge;dur=260,atl-edge-internal;dur=17,atl-edge-upstream;dur=243,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="mxSqW12DlFC89a7I2k6p5GVBTzi_gzgElTc55OAe_yrDf0bJ7kNoRg==",cdn-downstream-fbl;dur=286 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2422,15 +2510,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2e2023905a055fb3a137d4ecfec97d0e.cloudfront.net (CloudFront) + - 1.1 e559b1049f75d818d7420cfc59459998.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - OD5dm0zurXC1ovFJVWDSjBg4Sb_DgnHJCnuYba2aJ04Op8BPaKjXvw== + - mxSqW12DlFC89a7I2k6p5GVBTzi_gzgElTc55OAe_yrDf0bJ7kNoRg== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P3 X-Arequestid: - - c2d455820b036c618863764a91c098fc + - 5491a4ea21bc0e72852d4e8a1660e400 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2454,17 +2546,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:28.391+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:15.099+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - f6d0f9d2-4590-48bc-8152-5d72931592f5 + - ab5c19f2-16c2-4c4a-8bef-0e4bd5f0719a Atl-Traceid: - - f6d0f9d2459048bc81525d72931592f5 + - ab5c19f216c24c4a8bef0e4bd5f0719a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2474,7 +2566,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:28 GMT + - Tue, 04 Nov 2025 18:02:15 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2484,7 +2576,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=322,atl-edge;dur=320,atl-edge-internal;dur=15,atl-edge-upstream;dur=305,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="6V9qSafzz2JZ_5MC_TSdvZachXKXEleWpWPk-Kdyu4uHzuaj3_uwFg==",cdn-downstream-fbl;dur=325 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=205,atl-edge;dur=182,atl-edge-internal;dur=15,atl-edge-upstream;dur=167,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="_C-cobHnZPjJdN97SBe43TbJtulZGq1NoCA6tyYlc8P0Xx5m04PPog==",cdn-downstream-fbl;dur=211 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2494,15 +2586,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8e52b0323db9e9f5baf300137747fffe.cloudfront.net (CloudFront) + - 1.1 c4c8de00fdd2495cb82daf882e1daacc.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 6V9qSafzz2JZ_5MC_TSdvZachXKXEleWpWPk-Kdyu4uHzuaj3_uwFg== + - _C-cobHnZPjJdN97SBe43TbJtulZGq1NoCA6tyYlc8P0Xx5m04PPog== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN52-P1 X-Arequestid: - - d0c31fec74eb6012ad421e1fd7220d86 + - ae16cde63bccd1666904484014632824 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2526,32 +2622,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:00.522+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:05.644+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2561,9 +2657,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2573,12 +2669,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 281b6a44-f73b-4cd6-a2ab-14d397818fb5 + - 950d72e6-9fba-4ce9-a7c7-ebad308373e5 Atl-Traceid: - - 281b6a44f73b4cd6a2ab14d397818fb5 + - 950d72e69fba4ce9a7c7ebad308373e5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2588,7 +2684,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:29 GMT + - Tue, 04 Nov 2025 18:02:15 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2598,7 +2694,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=409,atl-edge;dur=407,atl-edge-internal;dur=16,atl-edge-upstream;dur=391,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="ndnWYuJlAkvSOtk796Qd4dgBoMMJCu-wWtTD8WRZKYp4Q82aUNNhDw==",cdn-downstream-fbl;dur=413 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=326,atl-edge;dur=301,atl-edge-internal;dur=19,atl-edge-upstream;dur=284,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="y419r0ZO3D26d1K3DbwKJsCpb5C912VYELwPgA699f-dvjXrAb96Zg==",cdn-downstream-fbl;dur=330 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2608,15 +2704,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 fda8cdb1c5d1bc3e2d4cabe818dc8c5e.cloudfront.net (CloudFront) + - 1.1 befcfd7ee847a3c890471f27612dbcde.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ndnWYuJlAkvSOtk796Qd4dgBoMMJCu-wWtTD8WRZKYp4Q82aUNNhDw== + - y419r0ZO3D26d1K3DbwKJsCpb5C912VYELwPgA699f-dvjXrAb96Zg== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P2 X-Arequestid: - - d5c02579ee062455e12c375dc79414ac + - f4a8afa1f9023254d97fb72e5de75313 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2640,7 +2740,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -2654,9 +2754,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - d5b1587d-7ace-418f-b294-0f1fe7f3df2d + - 4215d28c-ff83-4677-97e2-84339612aa0f Atl-Traceid: - - d5b1587d7ace418fb2940f1fe7f3df2d + - 4215d28cff83467797e284339612aa0f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2666,7 +2766,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:31 GMT + - Tue, 04 Nov 2025 18:02:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2676,7 +2776,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=488,atl-edge;dur=487,atl-edge-internal;dur=15,atl-edge-upstream;dur=471,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="Qsl1LryFgTTEhbX0fkWg4mVTCE-WFajBRreMA73pR1ry4AmrBdzRRA==",cdn-downstream-fbl;dur=493 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=419,atl-edge;dur=396,atl-edge-internal;dur=17,atl-edge-upstream;dur=380,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="KwMEjf_fhEUoSol06_7ER4Jy2ef0-xbJPj2H1m4kUSJwOGKrNei1wQ==",cdn-downstream-fbl;dur=423 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2686,18 +2786,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 701510d744831cda18c48da0cb099172.cloudfront.net (CloudFront) + - 1.1 e1dbbcedf936fc7d0284466c9c65e78c.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - Qsl1LryFgTTEhbX0fkWg4mVTCE-WFajBRreMA73pR1ry4AmrBdzRRA== + - KwMEjf_fhEUoSol06_7ER4Jy2ef0-xbJPj2H1m4kUSJwOGKrNei1wQ== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P3 X-Arequestid: - - 79b57d98774ca76e8aed5132794cc751 + - 6daa4f5587e93f1590f81650f6519cb7 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2711,20 +2815,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* Medium\n *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* Medium\n *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2734,9 +2838,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2756,21 +2860,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3562' + - '3560' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - b9bc77b1-9d5a-4b61-bf23-5df81cfd6ad3 + - 07301fee-2f2c-4b77-a529-6cc8f69e956b Atl-Traceid: - - b9bc77b19d5a4b61bf235df81cfd6ad3 + - 07301fee2f2c4b77a5296cc8f69e956b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2778,7 +2882,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:32 GMT + - Tue, 04 Nov 2025 18:02:16 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2788,7 +2892,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=680,atl-edge;dur=677,atl-edge-internal;dur=14,atl-edge-upstream;dur=663,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="IAkFhJMfHqlEN9qXXNnM2cL6dJMnoRCVfLSdUTXO1DX952mRXR2upA==",cdn-downstream-fbl;dur=691 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=603,atl-edge;dur=579,atl-edge-internal;dur=20,atl-edge-upstream;dur=558,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="cMir0zB98cXT5Kw12uXTy0IGSFjprWY-1wH64dAXYQ43ndOTkAA_1A==",cdn-downstream-fbl;dur=608 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2796,15 +2900,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0cd8fe15d9bdb168de9cd5f22954d220.cloudfront.net (CloudFront) + - 1.1 6d3c3e0af3263a7b3c6878f2fa9bbff6.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - IAkFhJMfHqlEN9qXXNnM2cL6dJMnoRCVfLSdUTXO1DX952mRXR2upA== + - cMir0zB98cXT5Kw12uXTy0IGSFjprWY-1wH64dAXYQ43ndOTkAA_1A== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P1 X-Arequestid: - - 119612430dcd24c162b92685a4ec4318 + - 068a2f7c30152724a73a3fddd724dc51 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2828,32 +2936,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:32.402+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:16.604+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* Medium\n *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* Medium\n *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2863,9 +2971,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -2875,12 +2983,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 4cf28357-92f9-4b5b-ab05-8d67338a38c5 + - 1c5583e2-783a-4932-84d0-937b91403c25 Atl-Traceid: - - 4cf2835792f94b5bab058d67338a38c5 + - 1c5583e2783a493284d0937b91403c25 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2890,7 +2998,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:34 GMT + - Tue, 04 Nov 2025 18:02:17 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2900,7 +3008,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=402,atl-edge;dur=399,atl-edge-internal;dur=17,atl-edge-upstream;dur=382,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="ASfVHl7h8A7GaM9GiXANv7kdDV-O08KP2s3GB_jn4p4A8cSpZiVHCA==",cdn-downstream-fbl;dur=407 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=361,atl-edge;dur=339,atl-edge-internal;dur=19,atl-edge-upstream;dur=320,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="WWmdLWach6_EiC-NpRc-2C74nLCAvT44B6eeqQVngEMx87hrJ_bEig==",cdn-downstream-fbl;dur=365 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2910,15 +3018,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 1d3e75fe2262e8a6f4a318b2bf3e6570.cloudfront.net (CloudFront) + - 1.1 057707d7f80ca305efe5fad72e15b94c.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ASfVHl7h8A7GaM9GiXANv7kdDV-O08KP2s3GB_jn4p4A8cSpZiVHCA== + - WWmdLWach6_EiC-NpRc-2C74nLCAvT44B6eeqQVngEMx87hrJ_bEig== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P3 X-Arequestid: - - 5fc80e61bbe0f7c058d67823d7f7c34d + - e0fe52aab773bd8dca6281eb92a39c6e + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -2942,17 +3054,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:35.110+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:17.647+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 76c7ea07-0390-47fd-a585-d383b1c3173f + - b0e4bd09-950b-4154-bfce-7a7a32a9b180 Atl-Traceid: - - 76c7ea07039047fda585d383b1c3173f + - b0e4bd09950b4154bfce7a7a32a9b180 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -2962,7 +3074,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:35 GMT + - Tue, 04 Nov 2025 18:02:17 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -2972,7 +3084,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=326,atl-edge;dur=324,atl-edge-internal;dur=15,atl-edge-upstream;dur=309,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="HzpdwHAqNA7_ms-Agdeqbpb1TubqGM3XTDUqlOvZlvwc3UhdLQy2Og==",cdn-downstream-fbl;dur=329 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=200,atl-edge;dur=176,atl-edge-internal;dur=15,atl-edge-upstream;dur=161,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="0teRSuD506uDmqmqcjG8litU-FyYD0nMf4Tmwo82TFEQhxcGoQJnvg==",cdn-downstream-fbl;dur=203 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -2982,15 +3094,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 053b1a4cfd9215b4abb8a58ea35b06aa.cloudfront.net (CloudFront) + - 1.1 153b67ebb1db442b5cea7f360e7f8cb6.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - HzpdwHAqNA7_ms-Agdeqbpb1TubqGM3XTDUqlOvZlvwc3UhdLQy2Og== + - 0teRSuD506uDmqmqcjG8litU-FyYD0nMf4Tmwo82TFEQhxcGoQJnvg== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - d024df9f5d8436ed832241235b603540 + - 01969eb5a814b88e679421007835b28b + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3014,32 +3130,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:32.402+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:16.604+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* Medium\n *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* Medium\n *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3049,9 +3165,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3061,12 +3177,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - d73f340a-460e-47b9-877d-97bd949dd61e + - 9287b432-8a6b-477c-8bda-04e776059298 Atl-Traceid: - - d73f340a460e47b9877d97bd949dd61e + - 9287b4328a6b477c8bda04e776059298 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3076,7 +3192,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:36 GMT + - Tue, 04 Nov 2025 18:02:18 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3086,7 +3202,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=413,atl-edge;dur=411,atl-edge-internal;dur=14,atl-edge-upstream;dur=396,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="N7d577kMY-kZmHs3RLsrOTjA8Z3AVOQTKaI7nj8qwtTff7ckQJmL6w==",cdn-downstream-fbl;dur=417 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=295,atl-edge;dur=273,atl-edge-internal;dur=17,atl-edge-upstream;dur=256,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="65GVAZ5M-WBpYboVMCLB11ztgq_zYRtFNx8-GS5QyzpQSUTzHnWoow==",cdn-downstream-fbl;dur=299 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3096,15 +3212,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 adb4605fb7528573053aec50d6f562c8.cloudfront.net (CloudFront) + - 1.1 f65dcddaf4d3d1ea834dd4e676c13038.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - N7d577kMY-kZmHs3RLsrOTjA8Z3AVOQTKaI7nj8qwtTff7ckQJmL6w== + - 65GVAZ5M-WBpYboVMCLB11ztgq_zYRtFNx8-GS5QyzpQSUTzHnWoow== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P3 X-Arequestid: - - ca98c1754bb20b5e9a7d2acd497c7900 + - 2b1c493d36a7239aa31e5f19ad106153 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3128,17 +3248,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:37.665+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:18.362+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - a6e38104-4223-48f8-a993-485c77f32d35 + - ac1ae67c-82d9-4511-8731-138bd4222dcc Atl-Traceid: - - a6e38104422348f8a993485c77f32d35 + - ac1ae67c82d945118731138bd4222dcc Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3148,7 +3268,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:37 GMT + - Tue, 04 Nov 2025 18:02:18 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3158,7 +3278,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=373,atl-edge;dur=369,atl-edge-internal;dur=15,atl-edge-upstream;dur=354,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="_Jve8zXBfmHLnliGyxhUuMlq3eXo0Xhn0iTEiJ3ej9Q-hZuN4A5XHw==",cdn-downstream-fbl;dur=376 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=218,atl-edge;dur=194,atl-edge-internal;dur=15,atl-edge-upstream;dur=180,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="rc_gvP98kUGw9hxGU9pInLW1FPSAWDWqz-ftLnBKKU-cIA5RCpeicQ==",cdn-downstream-fbl;dur=221 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3168,15 +3288,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 da84bd533f95bc21581ad9f33da5b73a.cloudfront.net (CloudFront) + - 1.1 f6327093dd59f54131617ea3ab04bd94.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - _Jve8zXBfmHLnliGyxhUuMlq3eXo0Xhn0iTEiJ3ej9Q-hZuN4A5XHw== + - rc_gvP98kUGw9hxGU9pInLW1FPSAWDWqz-ftLnBKKU-cIA5RCpeicQ== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P2 X-Arequestid: - - c5c92fc4a0e98ce1cb8ab3dd3fdc0933 + - 418bf4381df42086b99d13c11fe4f9c7 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3200,32 +3324,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:32.402+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:16.604+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/247]\n*Defect Dojo link:* http://localhost:8080/finding/247 - (247)\n*Severity:* Medium\n *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + 0.6.0)|http://localhost:8080/finding/235]\n*Defect Dojo link:* http://localhost:8080/finding/235 + (235)\n*Severity:* Medium\n *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3235,9 +3359,9 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3247,12 +3371,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 3e345e28-33ef-41dd-b4ed-715010730bbb + - ec0a253d-040d-4e9c-9c61-4ae4ce26fed0 Atl-Traceid: - - 3e345e2833ef41ddb4ed715010730bbb + - ec0a253d040d4e9c9c614ae4ce26fed0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3262,7 +3386,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:39 GMT + - Tue, 04 Nov 2025 18:02:18 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3272,7 +3396,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=426,atl-edge;dur=424,atl-edge-internal;dur=14,atl-edge-upstream;dur=410,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="PmOe3DbnldohaOsROAx-DQdXjGCtN4Kok_Nvw3-MffoNNz4R7vdNXA==",cdn-downstream-fbl;dur=429 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=303,atl-edge;dur=279,atl-edge-internal;dur=19,atl-edge-upstream;dur=261,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="sVRnGfux1qMBn7xsr9Tp5lQdVbZ0wRttlilvS7nHJC3AVV8H54eMlA==",cdn-downstream-fbl;dur=307 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3282,15 +3406,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0853add243e6eac9b8f74b5c74814a3e.cloudfront.net (CloudFront) + - 1.1 185338419e21d148fae1747402a58e8a.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - PmOe3DbnldohaOsROAx-DQdXjGCtN4Kok_Nvw3-MffoNNz4R7vdNXA== + - sVRnGfux1qMBn7xsr9Tp5lQdVbZ0wRttlilvS7nHJC3AVV8H54eMlA== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P2 X-Arequestid: - - 3b74253a001b091c756dcd5d15c9eb98 + - 570ff8977c1e34b277ab3e617c3ca059 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3314,7 +3442,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -3328,9 +3456,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 811d1bf6-d3f5-4256-bc9a-86e31901eaca + - eb57cbb0-3717-464b-9743-c8f0b21332e0 Atl-Traceid: - - 811d1bf6d3f54256bc9a86e31901eaca + - eb57cbb03717464b9743c8f0b21332e0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3340,7 +3468,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:40 GMT + - Tue, 04 Nov 2025 18:02:19 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3350,7 +3478,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=531,atl-edge;dur=526,atl-edge-internal;dur=15,atl-edge-upstream;dur=511,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="VuAizxz11RSDWEw7z1j4TZFiUjIYKfw5KU6RYAeQHwYnzmwAPUePng==",cdn-downstream-fbl;dur=535 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=429,atl-edge;dur=405,atl-edge-internal;dur=18,atl-edge-upstream;dur=388,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="ktsbO9_jiCfL6nXrqpAjiP0Gz8D_7mC5XD7hZOb5pd1MhIgm9FBKhA==",cdn-downstream-fbl;dur=432 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3360,18 +3488,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f993a09ee51fef62e3d92f6802c130d4.cloudfront.net (CloudFront) + - 1.1 3349382fe72101eee491170c132b7e3c.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - VuAizxz11RSDWEw7z1j4TZFiUjIYKfw5KU6RYAeQHwYnzmwAPUePng== + - ktsbO9_jiCfL6nXrqpAjiP0Gz8D_7mC5XD7hZOb5pd1MhIgm9FBKhA== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P2 X-Arequestid: - - 03d46ba651a39a03447eddae9e874dc0 + - ac2fdf85b64a9d9775ca926a7b5f4813 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3385,20 +3517,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified and + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. - Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3408,9 +3540,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3430,21 +3562,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3554' + - '3552' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - 561a6c1c-a903-4bea-87ea-1b3168dae999 + - 01c257d5-582f-4338-bdde-5c54168925a8 Atl-Traceid: - - 561a6c1ca9034bea87ea1b3168dae999 + - 01c257d5582f4338bdde5c54168925a8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3452,7 +3584,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:42 GMT + - Tue, 04 Nov 2025 18:02:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3462,7 +3594,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=659,atl-edge;dur=656,atl-edge-internal;dur=15,atl-edge-upstream;dur=641,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="wcqI2BhGiZDp5UbhjFvIp4ccvUcd5nJbaxwQMDa9Ht3f1rr8PBxCsg==",cdn-downstream-fbl;dur=663 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=654,atl-edge;dur=628,atl-edge-internal;dur=15,atl-edge-upstream;dur=612,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="w4B8vupClB96Siy6jxa9ucvkK3W5UdOsKDg07yVvq_zx83zgAGYEgg==",cdn-downstream-fbl;dur=659 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3470,15 +3602,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a7a7ee092ee4b4df82064022cbdb7e94.cloudfront.net (CloudFront) + - 1.1 cb4937748c19bcccb40a5a5875f01552.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - wcqI2BhGiZDp5UbhjFvIp4ccvUcd5nJbaxwQMDa9Ht3f1rr8PBxCsg== + - w4B8vupClB96Siy6jxa9ucvkK3W5UdOsKDg07yVvq_zx83zgAGYEgg== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - c05cdd5aa9dd6cd71937593633bf314f + - fa67414b72a74c12a7c4312cc58d4056 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3502,32 +3638,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:41.751+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:19.903+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/246]\n*Defect Dojo link:* http://localhost:8080/finding/246 - (246)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + 0.6.0)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3537,9 +3673,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3549,12 +3685,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 520b0b01-3d1d-4e76-bac9-a4341333bfdf + - 4eb3c00f-29db-4e73-b451-0c56228484d2 Atl-Traceid: - - 520b0b013d1d4e76bac9a4341333bfdf + - 4eb3c00f29db4e73b4510c56228484d2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3564,7 +3700,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:43 GMT + - Tue, 04 Nov 2025 18:02:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3574,7 +3710,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=417,atl-edge;dur=414,atl-edge-internal;dur=16,atl-edge-upstream;dur=399,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="hfme_rP70CvAFwiYqT120Zpm9lXaBTXBrMK-_M0qTVIeflYXH16XsA==",cdn-downstream-fbl;dur=420 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=262,atl-edge;dur=240,atl-edge-internal;dur=16,atl-edge-upstream;dur=222,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="lQgy1v4B9EumMwE8ljoo2-gymI-Ok4Jj2T81cBl4QjfvH3JqJ-SxOg==",cdn-downstream-fbl;dur=266 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3584,15 +3720,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b39f0409e845bde1b97cd11f1d544d4e.cloudfront.net (CloudFront) + - 1.1 6767782218a3548f894151ef053fe67e.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - hfme_rP70CvAFwiYqT120Zpm9lXaBTXBrMK-_M0qTVIeflYXH16XsA== + - lQgy1v4B9EumMwE8ljoo2-gymI-Ok4Jj2T81cBl4QjfvH3JqJ-SxOg== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P3 X-Arequestid: - - 1fcc61942702b781825f188c2110ac38 + - 33707d82c635970cc166e449d3358406 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3616,17 +3756,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:44.435+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:20.777+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 1579fb0e-c930-4186-9a20-2fcfa46992b4 + - 74e18565-d099-4ad6-9d6b-d28d96bf8459 Atl-Traceid: - - 1579fb0ec93041869a202fcfa46992b4 + - 74e18565d0994ad69d6bd28d96bf8459 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3636,7 +3776,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:44 GMT + - Tue, 04 Nov 2025 18:02:20 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3646,7 +3786,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=325,atl-edge;dur=322,atl-edge-internal;dur=15,atl-edge-upstream;dur=308,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="G_x4owpeotz2XEZHgWs5Uuxqfo8-L7sWLOj77GX-fULEyslo5j9mUw==",cdn-downstream-fbl;dur=328 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=192,atl-edge;dur=169,atl-edge-internal;dur=16,atl-edge-upstream;dur=153,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="0TaBKfnLKtbgnXw2Qdtr1eDydCIKD399_fj8MNHlgv68MVYnsxmo2g==",cdn-downstream-fbl;dur=196 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3656,15 +3796,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 903696f43fdfc4019d7102b6711e9fca.cloudfront.net (CloudFront) + - 1.1 78848e87583c98ba04111361257adc96.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - G_x4owpeotz2XEZHgWs5Uuxqfo8-L7sWLOj77GX-fULEyslo5j9mUw== + - 0TaBKfnLKtbgnXw2Qdtr1eDydCIKD399_fj8MNHlgv68MVYnsxmo2g== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P3 X-Arequestid: - - 2160cf15d66b64c33bee611478065b84 + - 1c2d36b4f8924bdf469af152b9f32e38 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3688,32 +3832,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:41.751+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:19.903+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/246]\n*Defect Dojo link:* http://localhost:8080/finding/246 - (246)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + 0.6.0)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3723,9 +3867,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3735,12 +3879,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 43c93ab6-0229-4c54-883d-3741b96423ea + - cc51c816-6c4d-4b18-8e3f-fd5570bb454c Atl-Traceid: - - 43c93ab602294c54883d3741b96423ea + - cc51c8166c4d4b188e3ffd5570bb454c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3750,7 +3894,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:45 GMT + - Tue, 04 Nov 2025 18:02:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3760,7 +3904,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=441,atl-edge;dur=439,atl-edge-internal;dur=13,atl-edge-upstream;dur=426,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="dpW_DMJy5zXyyt4NPw43_JNpI4HmIDQcboNeydV0l2omkjYF5DTswA==",cdn-downstream-fbl;dur=444 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=357,atl-edge;dur=265,atl-edge-internal;dur=22,atl-edge-upstream;dur=242,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="OT0tZjbdTj4Q0GhynMs_mtY29Pdgw1jVqZR7IEcz5I6qRaxLbhrV4w==",cdn-downstream-fbl;dur=362 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3770,15 +3914,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 48e2dac80dc53d66fef4721e63ea9f44.cloudfront.net (CloudFront) + - 1.1 fb583d18c6b0f24d4447146b294e4f68.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - dpW_DMJy5zXyyt4NPw43_JNpI4HmIDQcboNeydV0l2omkjYF5DTswA== + - OT0tZjbdTj4Q0GhynMs_mtY29Pdgw1jVqZR7IEcz5I6qRaxLbhrV4w== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P3 X-Arequestid: - - 10ba2168dedfdeb03a7f9aa0529f2b75 + - 5d83d2afbfce3bf3e5ae58b331faba05 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3802,17 +3950,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:46.924+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:21.464+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 21ffd869-6014-462c-b248-bd94e7c28edc + - 687b50ac-ec0e-44a3-9d58-fd99f66384fd Atl-Traceid: - - 21ffd8696014462cb248bd94e7c28edc + - 687b50acec0e44a39d58fd99f66384fd Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3822,7 +3970,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:47 GMT + - Tue, 04 Nov 2025 18:02:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3832,7 +3980,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=327,atl-edge;dur=322,atl-edge-internal;dur=13,atl-edge-upstream;dur=309,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="6VsfvgKWJhpxN4at5Turp7GDClyhwoRyEA__EpiMR-EXzYk60q8Iwg==",cdn-downstream-fbl;dur=330 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=197,atl-edge;dur=174,atl-edge-internal;dur=18,atl-edge-upstream;dur=156,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="ZQN2BfOEdAKhFoAt9OZ0N58efP6aofU9tNgPeSZvtwL-shLpVjX9HA==",cdn-downstream-fbl;dur=202 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3842,15 +3990,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 352b1001018ea123117ef28ad154f522.cloudfront.net (CloudFront) + - 1.1 2049902380178fd7b885115d80ccf966.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 6VsfvgKWJhpxN4at5Turp7GDClyhwoRyEA__EpiMR-EXzYk60q8Iwg== + - ZQN2BfOEdAKhFoAt9OZ0N58efP6aofU9tNgPeSZvtwL-shLpVjX9HA== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN52-P3 X-Arequestid: - - f418272caccb8d2147c4d558674e736f + - 229239e5000d8dd0c8e8ba625cfd4704 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3874,32 +4026,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:41.751+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:19.903+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/246]\n*Defect Dojo link:* http://localhost:8080/finding/246 - (246)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + 0.6.0)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3909,9 +4061,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -3921,12 +4073,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 6722837c-e5b0-4f12-9444-5843ba718b6e + - 5faf540f-0924-41b3-ac00-52853f96beaf Atl-Traceid: - - 6722837ce5b04f1294445843ba718b6e + - 5faf540f092441b3ac0052853f96beaf Cache-Control: - no-cache, no-store, no-transform Connection: @@ -3936,7 +4088,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:48 GMT + - Tue, 04 Nov 2025 18:02:21 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -3946,7 +4098,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=413,atl-edge;dur=410,atl-edge-internal;dur=16,atl-edge-upstream;dur=394,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="ATzhvy2a-PIuET60o8koOVbNx986h8hTsk_fa4rrdZvH6l3XjslNyQ==",cdn-downstream-fbl;dur=416 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=266,atl-edge;dur=243,atl-edge-internal;dur=16,atl-edge-upstream;dur=225,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="rswtz3OxLDcQEuIK6ZW0R1GZW5YtX4c1Pl9HXjOlw_I9UYPPTcc9cg==",cdn-downstream-fbl;dur=269 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -3956,15 +4108,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f5bc0d54a76b57b6f435f98d3e741ea4.cloudfront.net (CloudFront) + - 1.1 a0b647da77edd97cca88fb4c4b1a9d08.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ATzhvy2a-PIuET60o8koOVbNx986h8hTsk_fa4rrdZvH6l3XjslNyQ== + - rswtz3OxLDcQEuIK6ZW0R1GZW5YtX4c1Pl9HXjOlw_I9UYPPTcc9cg== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN52-P3 X-Arequestid: - - 31ba58eebd3eacf9ffc61b64f7de43df + - ee93271a45c760e65898abf3bb73720a + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -3988,17 +4144,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:49.396+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:22.089+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - a6890f7e-ebd3-472c-b471-7a08447f6050 + - 2822b0a1-2381-4898-adfc-01f5c6446f77 Atl-Traceid: - - a6890f7eebd3472cb4717a08447f6050 + - 2822b0a123814898adfc01f5c6446f77 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4008,7 +4164,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:49 GMT + - Tue, 04 Nov 2025 18:02:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4018,7 +4174,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=319,atl-edge;dur=317,atl-edge-internal;dur=13,atl-edge-upstream;dur=304,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="tUeMqBFrnEb9pxvhpu_jLQVQCmhEf2omz7sdgnMT2BLkM0RoYD1Tlw==",cdn-downstream-fbl;dur=322 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=198,atl-edge;dur=173,atl-edge-internal;dur=15,atl-edge-upstream;dur=158,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="880lPGrOwzakRp5eLoiSlW4K6O4oM-JN4AyoHA53PKQ-8dHee9TXDA==",cdn-downstream-fbl;dur=203 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4028,15 +4184,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 903696f43fdfc4019d7102b6711e9fca.cloudfront.net (CloudFront) + - 1.1 89771419757f75b08f6c8fd411f8ef54.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - tUeMqBFrnEb9pxvhpu_jLQVQCmhEf2omz7sdgnMT2BLkM0RoYD1Tlw== + - 880lPGrOwzakRp5eLoiSlW4K6O4oM-JN4AyoHA53PKQ-8dHee9TXDA== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P1 X-Arequestid: - - 3b4835ee692f5695f1710e5d47374cea + - 40bd4fa845184618839ea8aa67c1ae16 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '347' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4060,32 +4220,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:41.751+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:19.903+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/246]\n*Defect Dojo link:* http://localhost:8080/finding/246 - (246)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + 0.6.0)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4095,9 +4255,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4107,12 +4267,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 67c1370a-bc1a-4f55-9e71-b1b4b738051b + - 63abcc9a-dffc-4ece-a76c-e2f9d667fd10 Atl-Traceid: - - 67c1370abc1a4f559e71b1b4b738051b + - 63abcc9adffc4ecea76ce2f9d667fd10 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4122,7 +4282,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:50 GMT + - Tue, 04 Nov 2025 18:02:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4132,7 +4292,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=434,atl-edge;dur=432,atl-edge-internal;dur=14,atl-edge-upstream;dur=419,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="ba8SHxFLLGg68-f76vSEtFAO7fQXb1Ov-0j6uDQVYtvLY0GugrpJpg==",cdn-downstream-fbl;dur=437 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=353,atl-edge;dur=330,atl-edge-internal;dur=17,atl-edge-upstream;dur=313,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="1pMJWHmN_3EOqCq9a4w_biaZxFl52ZvHu6VAv68O4h2BnwgMs5P2KQ==",cdn-downstream-fbl;dur=357 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4142,15 +4302,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e6e7ea42488c65b080113b45f9cdebb4.cloudfront.net (CloudFront) + - 1.1 94d9d221defc9832eeda31acd3f6f552.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ba8SHxFLLGg68-f76vSEtFAO7fQXb1Ov-0j6uDQVYtvLY0GugrpJpg== + - 1pMJWHmN_3EOqCq9a4w_biaZxFl52ZvHu6VAv68O4h2BnwgMs5P2KQ== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - 400c59e18b45e8e3fa0002b2094c21c3 + - cfccbfc79ed740076668c127d4688744 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '396' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4174,17 +4338,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:51.948+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:22.814+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - c3602a7e-0a1b-4be5-b2c2-69c3d6a43cb5 + - eca1e81f-0a94-4a03-b9bd-4a93f6a84b6d Atl-Traceid: - - c3602a7e0a1b4be5b2c269c3d6a43cb5 + - eca1e81f0a944a03b9bd4a93f6a84b6d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4194,7 +4358,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:52 GMT + - Tue, 04 Nov 2025 18:02:22 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4204,7 +4368,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=319,atl-edge;dur=317,atl-edge-internal;dur=14,atl-edge-upstream;dur=304,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="1leZgygHib8gl1z5CDyOOHJ9-3vsXNMVV2fHg41qWYi7kg377pzVSw==",cdn-downstream-fbl;dur=322 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=193,atl-edge;dur=170,atl-edge-internal;dur=15,atl-edge-upstream;dur=155,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="jXY1uKBLKaT59_SDOMTLB73M4F2RM4inplIprXEu-_qK2TVwIN-VoA==",cdn-downstream-fbl;dur=197 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4214,15 +4378,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e3f64b5e1795622ac1fd367fad798c10.cloudfront.net (CloudFront) + - 1.1 d18c8670421cff5c9fa297b260cb2814.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 1leZgygHib8gl1z5CDyOOHJ9-3vsXNMVV2fHg41qWYi7kg377pzVSw== + - jXY1uKBLKaT59_SDOMTLB73M4F2RM4inplIprXEu-_qK2TVwIN-VoA== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P2 X-Arequestid: - - 6dfbd41566df0c1f41a7ac92e2e042e5 + - 5f9fc9cf6d353db1070c2ce65d6ee085 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '346' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4246,32 +4414,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:41.751+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:19.903+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of Service - (Negotiator, <= - 0.6.0)|http://localhost:8080/finding/246]\n*Defect Dojo link:* http://localhost:8080/finding/246 - (246)\n*Severity:* High\n *Due Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + 0.6.0)|http://localhost:8080/finding/234]\n*Defect Dojo link:* http://localhost:8080/finding/234 + (234)\n*Severity:* High\n *Due Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4281,9 +4449,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4293,12 +4461,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 41b67b2c-b626-40ba-bac9-fc39a923c7d3 + - e29016e5-2b61-4ad7-a841-5c6f1ffa5b88 Atl-Traceid: - - 41b67b2cb62640babac9fc39a923c7d3 + - e29016e52b614ad7a8415c6f1ffa5b88 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4308,7 +4476,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:53 GMT + - Tue, 04 Nov 2025 18:02:23 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4318,7 +4486,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=425,atl-edge;dur=421,atl-edge-internal;dur=17,atl-edge-upstream;dur=405,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="mE9B1enCL4xDj7R0IVSyX8q5udCQXBNF6LcKss-beW4OL4H27GsliA==",cdn-downstream-fbl;dur=429 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=312,atl-edge;dur=289,atl-edge-internal;dur=16,atl-edge-upstream;dur=273,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="IpfW2dTSUI44CfpFjY1wyc7RmTVxoEJqC6LoedNzO-mwplIp053yaQ==",cdn-downstream-fbl;dur=315 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4328,15 +4496,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f10eedb52fc0d82204e85d20112deafa.cloudfront.net (CloudFront) + - 1.1 51185e40453f61916e037fc6db50766c.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - mE9B1enCL4xDj7R0IVSyX8q5udCQXBNF6LcKss-beW4OL4H27GsliA== + - IpfW2dTSUI44CfpFjY1wyc7RmTVxoEJqC6LoedNzO-mwplIp053yaQ== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P3 X-Arequestid: - - 90e17906990c9815bb48ab4bc10d85d1 + - d81f8e468ee18767472c4e7e01b201f8 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '395' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4360,7 +4532,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -4374,9 +4546,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - d83ee3b5-0e28-4302-bf88-5613d4394d37 + - 5f1f2d03-c16d-4955-a9f5-4c05b2bc082c Atl-Traceid: - - d83ee3b50e284302bf885613d4394d37 + - 5f1f2d03c16d4955a9f54c05b2bc082c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4386,7 +4558,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:54 GMT + - Tue, 04 Nov 2025 18:02:23 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4396,7 +4568,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=479,atl-edge;dur=477,atl-edge-internal;dur=13,atl-edge-upstream;dur=464,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="0zxbWx8U8wpUOxVPbZrapT0HeMgiYdixZLbFdFbbNw99yS9k0gFVBA==",cdn-downstream-fbl;dur=483 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=358,atl-edge;dur=335,atl-edge-internal;dur=22,atl-edge-upstream;dur=313,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="sM8fwxHxq_B2PqZMcjrcgbC-5sLYKRyH70Ul5GaznVzvbdt2dz9IcQ==",cdn-downstream-fbl;dur=361 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4406,18 +4578,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3d26345933183b6a437e0f8ba3c37df8.cloudfront.net (CloudFront) + - 1.1 20c46424adb033d4de178e11a807b304.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 0zxbWx8U8wpUOxVPbZrapT0HeMgiYdixZLbFdFbbNw99yS9k0gFVBA== + - sM8fwxHxq_B2PqZMcjrcgbC-5sLYKRyH70Ul5GaznVzvbdt2dz9IcQ== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P3 X-Arequestid: - - 04a7e67904697814c3760461514ade57 + - 804a816c21eaf24300509ecb38dd5507 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4431,20 +4607,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified and + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4454,9 +4630,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4476,21 +4652,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3569' + - '3567' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - ecfcbc75-5a1b-410e-a23a-18d82872f5d2 + - 5e4a76c4-2c55-4756-87d4-5a8ec9255775 Atl-Traceid: - - ecfcbc755a1b410ea23a18d82872f5d2 + - 5e4a76c42c55475687d45a8ec9255775 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4498,7 +4674,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:56 GMT + - Tue, 04 Nov 2025 18:02:24 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4508,7 +4684,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=732,atl-edge;dur=730,atl-edge-internal;dur=16,atl-edge-upstream;dur=714,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="6eZjj8HHRI2CyzlN7EW3aehpZQ8tzNLRyr4Qi7SjFqGSlVGNRC7o3A==",cdn-downstream-fbl;dur=737 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=686,atl-edge;dur=596,atl-edge-internal;dur=16,atl-edge-upstream;dur=578,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="s55Hg-FMAK2BF6raSImonxHF7Q-u10K4gbf3AIrmmqLoiP57cVpeBw==",cdn-downstream-fbl;dur=691 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4516,15 +4692,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0cd8fe15d9bdb168de9cd5f22954d220.cloudfront.net (CloudFront) + - 1.1 c3ec3fa9c5962899febb10c3fdc31872.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 6eZjj8HHRI2CyzlN7EW3aehpZQ8tzNLRyr4Qi7SjFqGSlVGNRC7o3A== + - s55Hg-FMAK2BF6raSImonxHF7Q-u10K4gbf3AIrmmqLoiP57cVpeBw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P2 X-Arequestid: - - 533fd9f775e98c2345237cd9426193ea + - 5bebbc7c18cad54fcbfa61b0fdbd2e6c + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4548,32 +4728,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:56.046+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:24.236+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4583,9 +4763,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4595,12 +4775,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 8400f199-65b4-414f-baf7-5592054c1f69 + - e8dfb429-82a2-4913-9676-ef1e7db01c69 Atl-Traceid: - - 8400f19965b4414fbaf75592054c1f69 + - e8dfb42982a249139676ef1e7db01c69 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4610,7 +4790,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:57 GMT + - Tue, 04 Nov 2025 18:02:24 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4620,7 +4800,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=432,atl-edge;dur=430,atl-edge-internal;dur=18,atl-edge-upstream;dur=412,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="_XrlV-yHHkh4t90-abrrrC91x0ByE5UYpCCNLNxWjgQpS9F1S8-0fw==",cdn-downstream-fbl;dur=436 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=270,atl-edge;dur=248,atl-edge-internal;dur=16,atl-edge-upstream;dur=232,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="VeqylHLio8CVvKGruHDMtmZCr3l4kgov2bpTNSYfujEf59PJohGSsw==",cdn-downstream-fbl;dur=274 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4630,15 +4810,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9d6e86f5b232838ca6f2f480892525b2.cloudfront.net (CloudFront) + - 1.1 91ce9b89afcd32f5bca16bfe69ee21c2.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - _XrlV-yHHkh4t90-abrrrC91x0ByE5UYpCCNLNxWjgQpS9F1S8-0fw== + - VeqylHLio8CVvKGruHDMtmZCr3l4kgov2bpTNSYfujEf59PJohGSsw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P1 X-Arequestid: - - d7afb007393d480cd76e8a7abe2f52e6 + - 76316377dd541fb74e21401d0a8d2bd3 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4662,17 +4846,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:03:58.831+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:25.203+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - edbdf0e2-3afa-4a0e-8ea0-dc5e12540981 + - 1f4b4c5f-4bcb-4864-a104-5aa50bd85c8c Atl-Traceid: - - edbdf0e23afa4a0e8ea0dc5e12540981 + - 1f4b4c5f4bcb4864a1045aa50bd85c8c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4682,7 +4866,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:03:58 GMT + - Tue, 04 Nov 2025 18:02:25 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4692,7 +4876,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=335,atl-edge;dur=332,atl-edge-internal;dur=14,atl-edge-upstream;dur=319,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="R7I2-fTcaCkqcqWE3EQ-vg-SHcF1ZsnBxxwm72QbrNkfPRDS6yX0mw==",cdn-downstream-fbl;dur=339 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=273,atl-edge;dur=183,atl-edge-internal;dur=24,atl-edge-upstream;dur=159,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="fQ4bGgNUnmCBFvheKbWLDsUu5bAKJXPxyMzSK10OAVYU3vjbriNIQg==",cdn-downstream-fbl;dur=277 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4702,15 +4886,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 bc177ce25ddc555a7d303bc4d290a6ec.cloudfront.net (CloudFront) + - 1.1 16d72e0791ff01fc4470d27fc024527a.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - R7I2-fTcaCkqcqWE3EQ-vg-SHcF1ZsnBxxwm72QbrNkfPRDS6yX0mw== + - fQ4bGgNUnmCBFvheKbWLDsUu5bAKJXPxyMzSK10OAVYU3vjbriNIQg== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P2 X-Arequestid: - - f7c14dd99f240affc87e565dd2c73000 + - 02d48cf190374fc86b16af4accf371d7 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4734,32 +4922,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:03:56.046+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:24.236+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4769,9 +4957,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4781,12 +4969,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 7ba6e8f0-3034-4de2-a3fc-4b9be3127dd7 + - 701ffec8-07e8-4cc8-beaa-e7589f2d4d84 Atl-Traceid: - - 7ba6e8f030344de2a3fc4b9be3127dd7 + - 701ffec807e84cc8beaae7589f2d4d84 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4796,7 +4984,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:00 GMT + - Tue, 04 Nov 2025 18:02:26 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4806,7 +4994,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=426,atl-edge;dur=424,atl-edge-internal;dur=15,atl-edge-upstream;dur=409,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="3ptf39W8aQ8CanFBzy2Lu86HgdWEOyIXufUrQ6v0rkaARx_8x9ibYw==",cdn-downstream-fbl;dur=430 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=756,atl-edge;dur=668,atl-edge-internal;dur=23,atl-edge-upstream;dur=645,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="mIK4SyiIdDVu6RGtG5tCHeQAmcJu0xKZFMg_GJeDO6EtdP5G5CHN4g==",cdn-downstream-fbl;dur=761 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4816,15 +5004,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0c5c9092233f69156c68308fd823bd58.cloudfront.net (CloudFront) + - 1.1 cb4937748c19bcccb40a5a5875f01552.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 3ptf39W8aQ8CanFBzy2Lu86HgdWEOyIXufUrQ6v0rkaARx_8x9ibYw== + - mIK4SyiIdDVu6RGtG5tCHeQAmcJu0xKZFMg_GJeDO6EtdP5G5CHN4g== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P1 X-Arequestid: - - 4753419605d52bfc27fc8ada048a982b + - 46b14ce616c15f26c99f15f0242f139c + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4848,7 +5040,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -4862,9 +5054,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 97ab9ab6-d19e-4ac7-b453-146d97f06c52 + - 91123068-c739-49f8-9735-4d8165d59ba2 Atl-Traceid: - - 97ab9ab6d19e4ac7b453146d97f06c52 + - 91123068c73949f897354d8165d59ba2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4874,7 +5066,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:01 GMT + - Tue, 04 Nov 2025 18:02:26 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4884,7 +5076,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=470,atl-edge;dur=468,atl-edge-internal;dur=15,atl-edge-upstream;dur=453,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="_Vp4IkTlUNjXH0oEbgyJNr1O1cneAfJRNFyFLEDZKHTOrvemZEiWzw==",cdn-downstream-fbl;dur=473 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=485,atl-edge;dur=396,atl-edge-internal;dur=20,atl-edge-upstream;dur=372,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="AqvsB_y8_rvzry1Pzab-nQYaNJe4pKSotehyV8aHE6qs8lQ9BvMbFw==",cdn-downstream-fbl;dur=488 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -4894,18 +5086,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 f1646a7b70ef690faac638f9c1dd2364.cloudfront.net (CloudFront) + - 1.1 64544648f8289d0bd61ef02997afb698.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - _Vp4IkTlUNjXH0oEbgyJNr1O1cneAfJRNFyFLEDZKHTOrvemZEiWzw== + - AqvsB_y8_rvzry1Pzab-nQYaNJe4pKSotehyV8aHE6qs8lQ9BvMbFw== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P3 X-Arequestid: - - f6b39322e36636c1db22f112e9b7eb5f + - 73c1cc123a70221112e623f422cf6a61 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -4919,20 +5115,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* High *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4942,9 +5138,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -4964,21 +5160,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3573' + - '3572' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - c89b407d-62f7-44e5-9f97-cd514707b0a9 + - 6c0835c8-c46a-47af-b2d1-529803d3187e Atl-Traceid: - - c89b407d62f744e59f97cd514707b0a9 + - 6c0835c8c46a47afb2d1529803d3187e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -4986,7 +5182,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:03 GMT + - Tue, 04 Nov 2025 18:02:27 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -4996,7 +5192,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="bP-G37a89SS3vjOU-NS0RT7kzB5Jh3FQ1PgcMmUfcPSQHKFgNHB5cw==",cdn-downstream-fbl;dur=748,cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=3,cdn-upstream-fbl;dur=745,atl-edge;dur=739,atl-edge-internal;dur=15,atl-edge-upstream;dur=724,atl-edge-pop;desc="aws-ap-southeast-2" + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=655,atl-edge;dur=631,atl-edge-internal;dur=15,atl-edge-upstream;dur=616,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="M8BsbPNg6JPvGWu1PlT0Pyv6lVgFrE9URhwnN215kPDxeDUhmL4KDA==",cdn-downstream-fbl;dur=659 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5004,15 +5200,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 d3f1182213e75f053a9e7404f079d540.cloudfront.net (CloudFront) + - 1.1 db94b8e3e5f45aab1e90db086a8debc0.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - bP-G37a89SS3vjOU-NS0RT7kzB5Jh3FQ1PgcMmUfcPSQHKFgNHB5cw== + - M8BsbPNg6JPvGWu1PlT0Pyv6lVgFrE9URhwnN215kPDxeDUhmL4KDA== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - 3a4456a163ee6352652f931468a4b203 + - f90b26e068979b5ae9420c34a55ad1d0 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5036,32 +5236,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:03:00.767+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:05.858+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:02.884+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:27.082+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* High *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5071,9 +5271,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5083,12 +5283,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 81400ede-dfb8-4fff-bf59-8375f44b68f1 + - 4eae537c-d355-44a8-8f77-be67905c5cf4 Atl-Traceid: - - 81400ededfb84fffbf598375f44b68f1 + - 4eae537cd35544a88f77be67905c5cf4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5098,7 +5298,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:04 GMT + - Tue, 04 Nov 2025 18:02:27 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5108,7 +5308,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=418,atl-edge;dur=415,atl-edge-internal;dur=16,atl-edge-upstream;dur=400,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="7vGXiscnEnA9waYEk87A_4bEN7CAGHgDHCurc6g7SeM_ivZYLEGnjQ==",cdn-downstream-fbl;dur=421 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=340,atl-edge;dur=317,atl-edge-internal;dur=16,atl-edge-upstream;dur=301,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="NPfl8EGZ9a4ePeNO1bYPwYn4tU5OA3NXHpVl7w9WDJvJaHGH_OnJKQ==",cdn-downstream-fbl;dur=344 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5118,15 +5318,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 8ccca629f0b1ca48e2e69a056f61f9a6.cloudfront.net (CloudFront) + - 1.1 f0a2a95cb4d25b2414a9c1a7a754943e.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 7vGXiscnEnA9waYEk87A_4bEN7CAGHgDHCurc6g7SeM_ivZYLEGnjQ== + - NPfl8EGZ9a4ePeNO1bYPwYn4tU5OA3NXHpVl7w9WDJvJaHGH_OnJKQ== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P2 X-Arequestid: - - a33acb96444771ae4835f221cb178a85 + - 4b013436975334dac71b5a4a95663298 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5152,17 +5356,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/transitions + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/transitions response: body: string: '' headers: Atl-Request-Id: - - bf37831a-8101-4755-8586-7a191ff86cf9 + - e318c0b2-404d-418a-ad27-51c03002fc80 Atl-Traceid: - - bf37831a8101475585867a191ff86cf9 + - e318c0b2404d418aad2751c03002fc80 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5170,7 +5374,7 @@ interactions: Content-Type: - text/html;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:06 GMT + - Tue, 04 Nov 2025 18:02:28 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5180,7 +5384,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=632,atl-edge;dur=630,atl-edge-internal;dur=15,atl-edge-upstream;dur=614,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="0r0FbsOpbohvxvYT9LOyS-t5EaeynQyAKYw5Pef7IukRNR85RiMKdA==",cdn-downstream-fbl;dur=637 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=699,atl-edge;dur=675,atl-edge-internal;dur=18,atl-edge-upstream;dur=658,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="IR71YWtovfyr_it1N_h3rU9HL4Zc7X63-R6GTE6z5da29SvZGcvxNw==",cdn-downstream-fbl;dur=702 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5188,15 +5392,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 59304f445e251c540e46633ed3dd4f64.cloudfront.net (CloudFront) + - 1.1 b5a2e617d7392a245dec0250ae9c6002.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 0r0FbsOpbohvxvYT9LOyS-t5EaeynQyAKYw5Pef7IukRNR85RiMKdA== + - IR71YWtovfyr_it1N_h3rU9HL4Zc7X63-R6GTE6z5da29SvZGcvxNw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P3 X-Arequestid: - - d27ea474430cd26e2752a742e9053729 + - c29c3ac0da5eb8b4309793ef9f63c36f + X-Beta-Ratelimit-Limit: + - '200' + X-Beta-Ratelimit-Remaining: + - '199' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5220,17 +5428,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:07.184+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:28.855+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 30cd79c4-8c53-4bd8-a25a-4758b1592ab6 + - 76b4e1d5-a31b-464c-94ae-60353561bde4 Atl-Traceid: - - 30cd79c48c534bd8a25a4758b1592ab6 + - 76b4e1d5a31b464c94ae60353561bde4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5240,7 +5448,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:07 GMT + - Tue, 04 Nov 2025 18:02:28 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5250,7 +5458,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=326,atl-edge;dur=325,atl-edge-internal;dur=14,atl-edge-upstream;dur=311,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="ieqvJFIAds223mz3kxdijPb-wv2KRDH2F3ivEWFXa5IvOq9_rxEx6w==",cdn-downstream-fbl;dur=330 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=266,atl-edge;dur=176,atl-edge-internal;dur=23,atl-edge-upstream;dur=153,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="0cHjzpUYaf1RmN2UfXsV1qVWcpC3AqAQKLWo1i4UwGXp8DzStFIOaA==",cdn-downstream-fbl;dur=269 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5260,15 +5468,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3437ef72cec711eb0ebed9222a22cf66.cloudfront.net (CloudFront) + - 1.1 99f4e9fd554682341f34ffd484d44998.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ieqvJFIAds223mz3kxdijPb-wv2KRDH2F3ivEWFXa5IvOq9_rxEx6w== + - 0cHjzpUYaf1RmN2UfXsV1qVWcpC3AqAQKLWo1i4UwGXp8DzStFIOaA== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P1 X-Arequestid: - - cb0ac526daf0af7c5259caa3be993c0e + - 69984953ed411b7b0aa2ea595befc83f + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5292,31 +5504,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:05.748+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:28.160+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* High *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5326,9 +5538,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5338,12 +5550,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - e2325969-ac02-47b1-bd45-4198f3584c22 + - 85062ccd-d61a-4d7a-8136-14e7e49c427c Atl-Traceid: - - e2325969ac0247b1bd454198f3584c22 + - 85062ccdd61a4d7a813614e7e49c427c Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5353,7 +5565,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:08 GMT + - Tue, 04 Nov 2025 18:02:29 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5363,7 +5575,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=437,atl-edge;dur=434,atl-edge-internal;dur=16,atl-edge-upstream;dur=419,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="WWJvCeTLXDWUpENBi8zaLSq0DDqktQ5yiqcuh1r4z_yoFLPa7uVLpA==",cdn-downstream-fbl;dur=441 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=430,atl-edge;dur=339,atl-edge-internal;dur=20,atl-edge-upstream;dur=317,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="P_u679crHqEzpRwu3Z6uz8bDrSJgqFr9HjFTKAHrYfeIP9wFw74aIA==",cdn-downstream-fbl;dur=433 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5373,15 +5585,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 00f0469d54a973389150a36c64065326.cloudfront.net (CloudFront) + - 1.1 f0ef5666a43050928ff9758d51713e72.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - WWJvCeTLXDWUpENBi8zaLSq0DDqktQ5yiqcuh1r4z_yoFLPa7uVLpA== + - P_u679crHqEzpRwu3Z6uz8bDrSJgqFr9HjFTKAHrYfeIP9wFw74aIA== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P1 X-Arequestid: - - 32f78d7b37ce2fde2a6f0741cc0bd59f + - ddfeb3714c3598a803d35afe890aa0f2 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5405,17 +5621,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:09.687+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:29.670+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - cc256628-176c-4aa2-ab1d-971adbcf397e + - 0ea5aafc-2b64-46e2-a588-b4d7d70bd5a5 Atl-Traceid: - - cc256628176c4aa2ab1d971adbcf397e + - 0ea5aafc2b6446e2a588b4d7d70bd5a5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5425,7 +5641,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:09 GMT + - Tue, 04 Nov 2025 18:02:29 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5435,7 +5651,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=328,atl-edge;dur=322,atl-edge-internal;dur=14,atl-edge-upstream;dur=308,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="ce3ctW-5-8CBNlZdjWfGm5XLeyvcFndBRZo0dYLQlQuS9f9vahsrmw==",cdn-downstream-fbl;dur=332 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=198,atl-edge;dur=175,atl-edge-internal;dur=14,atl-edge-upstream;dur=160,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="hm1eeI7e3RynwJYjjKvAf5FCmMsa5OWana5C6u_NXxV_jp2OpjPekA==",cdn-downstream-fbl;dur=201 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5445,15 +5661,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 82008a7e089b84e7f0a6d8d139a4e3de.cloudfront.net (CloudFront) + - 1.1 da745b01c27611dac38d175371cb7b54.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ce3ctW-5-8CBNlZdjWfGm5XLeyvcFndBRZo0dYLQlQuS9f9vahsrmw== + - hm1eeI7e3RynwJYjjKvAf5FCmMsa5OWana5C6u_NXxV_jp2OpjPekA== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P2 X-Arequestid: - - eb80aa691e1c7ea8db1479c96fe6257c + - 3ed200499a43fc519641aa2dd72fbaf2 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5477,31 +5697,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:05.748+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:28.160+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* High *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5511,9 +5731,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5523,12 +5743,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 61ccfa73-717f-4072-9472-163f7a80f192 + - 2ed7b440-b994-467f-9323-aa4bcad1e65e Atl-Traceid: - - 61ccfa73717f40729472163f7a80f192 + - 2ed7b440b994467f9323aa4bcad1e65e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5538,7 +5758,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:11 GMT + - Tue, 04 Nov 2025 18:02:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5548,7 +5768,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=407,atl-edge;dur=405,atl-edge-internal;dur=17,atl-edge-upstream;dur=386,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="oF1l-2irq1VoYqMdL13w4yEX7wmDRiG8_xwopPO9oXZm5POuBNz84Q==",cdn-downstream-fbl;dur=411 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=308,atl-edge;dur=283,atl-edge-internal;dur=17,atl-edge-upstream;dur=267,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="Qy8aJ2Wbzi0R46MhwPjsDT0vqRGdejoHowouTYwUanEJ7Fi4NoPpkQ==",cdn-downstream-fbl;dur=312 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5558,15 +5778,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3e4f9c0400441c93ce3468dd26ef9ee4.cloudfront.net (CloudFront) + - 1.1 1a5bcf25cf6144683736a6579a7fb98e.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - oF1l-2irq1VoYqMdL13w4yEX7wmDRiG8_xwopPO9oXZm5POuBNz84Q== + - Qy8aJ2Wbzi0R46MhwPjsDT0vqRGdejoHowouTYwUanEJ7Fi4NoPpkQ== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P2 X-Arequestid: - - c1772ea9b8f14e4c17e8b1299c80f57f + - bcdd2be845605b1af6e83a93d85706d1 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5590,17 +5814,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:12.223+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:30.412+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - ab5e7821-b9e9-4f0d-85da-976006f76182 + - dc8a785e-7f1a-4ed3-8f3b-a44e6cc0d9f0 Atl-Traceid: - - ab5e7821b9e94f0d85da976006f76182 + - dc8a785e7f1a4ed38f3ba44e6cc0d9f0 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5610,7 +5834,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:12 GMT + - Tue, 04 Nov 2025 18:02:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5620,7 +5844,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=328,atl-edge;dur=326,atl-edge-internal;dur=13,atl-edge-upstream;dur=313,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="wlxgtAjN1p2_Y5y5rRiy1xViSFIl0MicFhmFAIqo6eLMTHwxaaIcPw==",cdn-downstream-fbl;dur=333 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=189,atl-edge;dur=167,atl-edge-internal;dur=14,atl-edge-upstream;dur=153,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="hXD5-bcewdUjjXxgpMsngfnZa31qeEQo8u7qeeI4cawgXXo5_kGFCA==",cdn-downstream-fbl;dur=193 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5630,15 +5854,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e6e7ea42488c65b080113b45f9cdebb4.cloudfront.net (CloudFront) + - 1.1 9379390e7d447e1d911f7741c8ae2f24.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - wlxgtAjN1p2_Y5y5rRiy1xViSFIl0MicFhmFAIqo6eLMTHwxaaIcPw== + - hXD5-bcewdUjjXxgpMsngfnZa31qeEQo8u7qeeI4cawgXXo5_kGFCA== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P1 X-Arequestid: - - f3ccb2ed019adea7ce5dda70d811082c + - 4c87fd04b308864ca1f62aab6b4ca418 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '347' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5662,31 +5890,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:05.748+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:28.160+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* High *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Inactive, Verified, Mitigated|\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5696,9 +5924,9 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5708,12 +5936,12 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - d76f68f8-1644-400e-9b45-c19447794008 + - ef4afb82-570f-4e40-907f-d3e3f4ac01f8 Atl-Traceid: - - d76f68f81644400e9b45c19447794008 + - ef4afb82570f4e40907fd3e3f4ac01f8 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5723,7 +5951,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:13 GMT + - Tue, 04 Nov 2025 18:02:30 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5733,7 +5961,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=450,atl-edge;dur=448,atl-edge-internal;dur=20,atl-edge-upstream;dur=426,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="hpFST4gTmPiWY_ZuXU776uqtfLcJ5_PvH7fGjyP-4VHi00twq0S-fQ==",cdn-downstream-fbl;dur=453 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=298,atl-edge;dur=275,atl-edge-internal;dur=16,atl-edge-upstream;dur=259,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="Eey6fhnPCtbAksd0SHoiuMOPIrIJZ3QvuTZf_kaCxf81JCuIu6bDRg==",cdn-downstream-fbl;dur=301 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5743,15 +5971,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 cc5461804f39ae1b3956b0f75ed048ce.cloudfront.net (CloudFront) + - 1.1 db28001b9bfb563d1bfcaccd38c4436a.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - hpFST4gTmPiWY_ZuXU776uqtfLcJ5_PvH7fGjyP-4VHi00twq0S-fQ== + - Eey6fhnPCtbAksd0SHoiuMOPIrIJZ3QvuTZf_kaCxf81JCuIu6bDRg== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - b4b5f2a52eec893e2ccf8eff75a9a9a9 + - 4a65143fd32e1fb94325d3d02b65f1b3 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5775,7 +6007,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -5789,9 +6021,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - f44659d7-4b03-4f92-9aa1-49d40a6bb2c3 + - 26d68e00-fc97-4615-8c36-35fc6eb20bd4 Atl-Traceid: - - f44659d74b034f929aa149d40a6bb2c3 + - 26d68e00fc9746158c3635fc6eb20bd4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5801,7 +6033,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:15 GMT + - Tue, 04 Nov 2025 18:02:31 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5811,7 +6043,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=495,atl-edge;dur=488,atl-edge-internal;dur=14,atl-edge-upstream;dur=474,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="kf1934QhBnHiCA0VJlgxA-tUUp9ypGZ1Z0wkPRWa4JRciHRl5uRn0A==",cdn-downstream-fbl;dur=499 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=367,atl-edge;dur=342,atl-edge-internal;dur=19,atl-edge-upstream;dur=324,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="qqGsJCw07be3XxAxHmleKdXeyaaYfHzftA96yWBHzgeefUuQlTO9EQ==",cdn-downstream-fbl;dur=371 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5821,18 +6053,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b96ad58427ffff8b9d3959350f8c9f16.cloudfront.net (CloudFront) + - 1.1 272eaf2883bb602816447bd7132021d2.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - kf1934QhBnHiCA0VJlgxA-tUUp9ypGZ1Z0wkPRWa4JRciHRl5uRn0A== + - qqGsJCw07be3XxAxHmleKdXeyaaYfHzftA96yWBHzgeefUuQlTO9EQ== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P1 X-Arequestid: - - bee7d2e295024835e7a21e2acfbb1dce + - b59f40b78e4805b78dc498f71f2d354a + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5846,20 +6082,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5869,8 +6105,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n *CWE:* + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5894,17 +6130,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - f02be48b-5d7f-465c-b9f5-8a5ff38c5ae7 + - 13a948f5-f71b-4862-9552-c33a25c0439a Atl-Traceid: - - f02be48b5d7f465cb9f58a5ff38c5ae7 + - 13a948f5f71b48629552c33a25c0439a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -5912,7 +6148,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:16 GMT + - Tue, 04 Nov 2025 18:02:32 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -5922,7 +6158,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=700,atl-edge;dur=697,atl-edge-internal;dur=15,atl-edge-upstream;dur=681,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="ov56-66LB7eHtH8tKi3qAJrliv2cjrVG5cfJGPa1NG5G3Vmnuwz03A==",cdn-downstream-fbl;dur=704 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=560,atl-edge;dur=536,atl-edge-internal;dur=17,atl-edge-upstream;dur=520,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="G_nlrRB-sJiE1FRGZKzb9-SDjnLhxEHBZGxZThGVXO5FwA9YXoy_Ow==",cdn-downstream-fbl;dur=565 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -5930,15 +6166,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4682ab309f4f72758d209c996a38d094.cloudfront.net (CloudFront) + - 1.1 9062d4391fad2aec3a7d6f3edcebc662.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - ov56-66LB7eHtH8tKi3qAJrliv2cjrVG5cfJGPa1NG5G3Vmnuwz03A== + - G_nlrRB-sJiE1FRGZKzb9-SDjnLhxEHBZGxZThGVXO5FwA9YXoy_Ow== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN53-P2 X-Arequestid: - - 8bca410ec14b4d5960f61f22f4e21125 + - f3a36fc91e1f81cbe921f0cbd84eaf37 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -5962,31 +6202,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:16.303+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:31.787+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -5996,8 +6236,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -6008,12 +6248,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - f2bb83a7-fcad-408b-992c-8965df074531 + - 0c38a635-3b3e-4910-9c5d-2f6a1c4cc2a3 Atl-Traceid: - - f2bb83a7fcad408b992c8965df074531 + - 0c38a6353b3e49109c5d2f6a1c4cc2a3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6023,7 +6263,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:17 GMT + - Tue, 04 Nov 2025 18:02:32 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6033,7 +6273,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=415,atl-edge;dur=413,atl-edge-internal;dur=16,atl-edge-upstream;dur=397,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="cuBJur0jYF5Sz6orVCcBpV7XgdNGnYrF17hRd9gQ0f_JLJPUfFKZYg==",cdn-downstream-fbl;dur=420 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=259,atl-edge;dur=236,atl-edge-internal;dur=16,atl-edge-upstream;dur=220,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="Xiw3f1mCwgx6460JhWRmS5qzMM_ICjpNWNWUnO1U3a52_vIGhNlNLQ==",cdn-downstream-fbl;dur=263 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6043,15 +6283,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4ab519b4cd27a1b8a4b258d7f39bbc7e.cloudfront.net (CloudFront) + - 1.1 98d9402866aa771c6e6bbecb98c200aa.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - cuBJur0jYF5Sz6orVCcBpV7XgdNGnYrF17hRd9gQ0f_JLJPUfFKZYg== + - Xiw3f1mCwgx6460JhWRmS5qzMM_ICjpNWNWUnO1U3a52_vIGhNlNLQ== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P1 X-Arequestid: - - a27a5e0f41ae92f4fda04e384837f4b9 + - a3a53d0a7e425f419a7174ea00993c37 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6075,17 +6319,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:18.996+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:32.594+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 93436a4d-e21f-46c2-9504-7bd393ed51bd + - f896cac3-c253-4eff-a552-e3465f3b8464 Atl-Traceid: - - 93436a4de21f46c295047bd393ed51bd + - f896cac3c2534effa552e3465f3b8464 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6095,7 +6339,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:19 GMT + - Tue, 04 Nov 2025 18:02:32 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6105,7 +6349,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=311,atl-edge;dur=310,atl-edge-internal;dur=12,atl-edge-upstream;dur=297,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="Bdg8X8QplHvORUIRCFwu3B46RW87UxYNAD6dUq3PLsXuliiqdAoanA==",cdn-downstream-fbl;dur=315 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=202,atl-edge;dur=177,atl-edge-internal;dur=19,atl-edge-upstream;dur=160,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="W5cGxk-h4odaQxyMDqhKlF9wwqCPm0MV9su9qQjvj4zbL5imSb7j0w==",cdn-downstream-fbl;dur=205 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6115,15 +6359,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 ddbdc753f03fb9542b090928fc2d074a.cloudfront.net (CloudFront) + - 1.1 d18c8670421cff5c9fa297b260cb2814.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - Bdg8X8QplHvORUIRCFwu3B46RW87UxYNAD6dUq3PLsXuliiqdAoanA== + - W5cGxk-h4odaQxyMDqhKlF9wwqCPm0MV9su9qQjvj4zbL5imSb7j0w== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P2 X-Arequestid: - - cedf3130752c69bb6bfec1b1de700232 + - 6863671811f04aede958d531f927fc9b + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6147,31 +6395,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:16.303+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:31.787+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6181,8 +6429,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -6193,12 +6441,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - cb991777-76b6-4375-b9e7-8652e1e90ee9 + - 1568bced-3eeb-443f-abf4-67c78967c96f Atl-Traceid: - - cb99177776b64375b9e78652e1e90ee9 + - 1568bced3eeb443fabf467c78967c96f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6208,7 +6456,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:20 GMT + - Tue, 04 Nov 2025 18:02:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6218,7 +6466,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=428,atl-edge;dur=427,atl-edge-internal;dur=17,atl-edge-upstream;dur=409,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="zMQy3jJ641KThoVTrpgFW-Dt67aR7PN3k1hRvcqnjQK019Z9Jl6RzQ==",cdn-downstream-fbl;dur=433 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=308,atl-edge;dur=285,atl-edge-internal;dur=18,atl-edge-upstream;dur=267,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="Zmh-PTuHoi8Wz9yaxe3JQqsS1gucXJ0zR_BNggfl_y04kQ737GiKwg==",cdn-downstream-fbl;dur=312 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6228,15 +6476,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3d26345933183b6a437e0f8ba3c37df8.cloudfront.net (CloudFront) + - 1.1 86b6aab4b36e97123c5f76cc2e3ac8ec.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - zMQy3jJ641KThoVTrpgFW-Dt67aR7PN3k1hRvcqnjQK019Z9Jl6RzQ== + - Zmh-PTuHoi8Wz9yaxe3JQqsS1gucXJ0zR_BNggfl_y04kQ737GiKwg== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - 8bb6d96117d6cc9b4f67f0ec8e126b04 + - 1574c10e7f6fb37c538e545415c4bdd8 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6260,17 +6512,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:21.535+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:33.308+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 48c68e59-ff64-4946-9a56-f9f5d8fd1966 + - 295e2098-a67e-4e03-844a-fc073a9000a4 Atl-Traceid: - - 48c68e59ff6449469a56f9f5d8fd1966 + - 295e2098a67e4e03844afc073a9000a4 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6280,7 +6532,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:21 GMT + - Tue, 04 Nov 2025 18:02:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6290,7 +6542,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=344,atl-edge;dur=342,atl-edge-internal;dur=14,atl-edge-upstream;dur=329,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="IeVebs2HQlaZdB5sqM0Nsy4LdmKP-OpQWmsvw9NCY7AjHThmNbsUqw==",cdn-downstream-fbl;dur=348 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=268,atl-edge;dur=180,atl-edge-internal;dur=18,atl-edge-upstream;dur=159,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="5w4SsVzYCnEby_tzpIqXDOGfyOAiKRC2lRTWddWsv6lduT-A9No-PA==",cdn-downstream-fbl;dur=272 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6300,15 +6552,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 e3d6764a647541ed814ff5842b8b1476.cloudfront.net (CloudFront) + - 1.1 9d0c0f607ed2753212b70ce75683881e.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - IeVebs2HQlaZdB5sqM0Nsy4LdmKP-OpQWmsvw9NCY7AjHThmNbsUqw== + - 5w4SsVzYCnEby_tzpIqXDOGfyOAiKRC2lRTWddWsv6lduT-A9No-PA== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P3 X-Arequestid: - - 302209279622f2e9ea01e1106667e9e1 + - 9f8a86f14c9aab40078ee3ccc6b383bc + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6332,31 +6588,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:16.303+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:31.787+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6366,8 +6622,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -6378,12 +6634,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - bb6fe927-bb9f-4bd1-a81a-4090ec8dc0ff + - 32e21ec6-d322-48c1-9104-6a4b55975dc7 Atl-Traceid: - - bb6fe927bb9f4bd1a81a4090ec8dc0ff + - 32e21ec6d32248c191046a4b55975dc7 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6393,7 +6649,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:22 GMT + - Tue, 04 Nov 2025 18:02:33 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6403,7 +6659,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=414,atl-edge;dur=411,atl-edge-internal;dur=15,atl-edge-upstream;dur=396,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="595hAZhQqjmcQBHd1Egqkm6ZHYTolXHMzywNsdhTNZHdz6WnFtTQ-A==",cdn-downstream-fbl;dur=419 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=310,atl-edge;dur=287,atl-edge-internal;dur=17,atl-edge-upstream;dur=270,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="S8JDi7gASAqQRgM9mClF2vcbWBlgDmU43jXkmvp6E3qqrfF9OUWEqg==",cdn-downstream-fbl;dur=314 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6413,15 +6669,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 7bda591fa44b42ef6384ae955fdd5d7c.cloudfront.net (CloudFront) + - 1.1 057707d7f80ca305efe5fad72e15b94c.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 595hAZhQqjmcQBHd1Egqkm6ZHYTolXHMzywNsdhTNZHdz6WnFtTQ-A== + - S8JDi7gASAqQRgM9mClF2vcbWBlgDmU43jXkmvp6E3qqrfF9OUWEqg== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P3 X-Arequestid: - - 91f326b1510687313bb3f3efa259ad63 + - c7eacd26c03d831698066a736bce84b1 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6445,17 +6705,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:24.066+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:34.077+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 1e14899d-fec7-4213-b71f-1b8fe90aa415 + - 06dbdc39-0311-47f8-b906-d9fd82535f8d Atl-Traceid: - - 1e14899dfec74213b71f1b8fe90aa415 + - 06dbdc39031147f8b906d9fd82535f8d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6465,7 +6725,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:24 GMT + - Tue, 04 Nov 2025 18:02:34 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6475,7 +6735,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=333,atl-edge;dur=329,atl-edge-internal;dur=14,atl-edge-upstream;dur=315,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="nVFu2RBdrP-ld85Vbk3Fw2EMtu0hCjboSsqYDDXjKQ7J1PiXwE-l6g==",cdn-downstream-fbl;dur=336 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=202,atl-edge;dur=179,atl-edge-internal;dur=16,atl-edge-upstream;dur=164,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="GOYaMNJjoXVZli20mbVW0g3t8lc73E_GRlEF9aQQBl__IfezzmDZ0A==",cdn-downstream-fbl;dur=207 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6485,15 +6745,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 a97b28e298ec5907aa1d86d22bc232a0.cloudfront.net (CloudFront) + - 1.1 b1a94c3ca6429736112e2213a359c78a.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - nVFu2RBdrP-ld85Vbk3Fw2EMtu0hCjboSsqYDDXjKQ7J1PiXwE-l6g== + - GOYaMNJjoXVZli20mbVW0g3t8lc73E_GRlEF9aQQBl__IfezzmDZ0A== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P3 X-Arequestid: - - 3790b3e665db34ced97b98233f3121ee + - 166986c9991bdf435aff80675b7f872b + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '347' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6517,31 +6781,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:16.303+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:31.787+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* Medium *Due Date:* None \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Inactive, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Inactive, Verified, Mitigated|\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6551,8 +6815,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -6563,12 +6827,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 7cb7785a-9135-4343-a23f-d17b9347d600 + - 28b2cda1-0c97-4c69-80ca-3a86d6495f8b Atl-Traceid: - - 7cb7785a91354343a23fd17b9347d600 + - 28b2cda10c974c6980ca3a86d6495f8b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6578,7 +6842,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:25 GMT + - Tue, 04 Nov 2025 18:02:34 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6588,7 +6852,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=411,atl-edge;dur=407,atl-edge-internal;dur=15,atl-edge-upstream;dur=392,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="9YWH1fQ6-XnCRHGsSa90zsK2QCp2Ewyx-MKEdiPL8uXKKcNArbxVhQ==",cdn-downstream-fbl;dur=415 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=281,atl-edge;dur=258,atl-edge-internal;dur=16,atl-edge-upstream;dur=242,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="30aCFrMyTvzA6QXBfYx1ZW4LjaiDACISKsHmdH3EGQRcsP7SHVqevg==",cdn-downstream-fbl;dur=285 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6598,15 +6862,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9f543b41d91998db89601c7fae0f18c2.cloudfront.net (CloudFront) + - 1.1 b1a94c3ca6429736112e2213a359c78a.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 9YWH1fQ6-XnCRHGsSa90zsK2QCp2Ewyx-MKEdiPL8uXKKcNArbxVhQ== + - 30aCFrMyTvzA6QXBfYx1ZW4LjaiDACISKsHmdH3EGQRcsP7SHVqevg== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P3 X-Arequestid: - - 55c1f48c7fddfc0efb6ce1119c473814 + - 8d37bcebb95e3160bd9dae0333c3900b + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '396' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6630,7 +6898,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -6644,9 +6912,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 860e22e3-b6f7-4539-b2af-9f9444789bd1 + - 5cb85511-2e94-43ba-bc7e-cb4c1c56d866 Atl-Traceid: - - 860e22e3b6f74539b2af9f9444789bd1 + - 5cb855112e9443babc7ecb4c1c56d866 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6656,7 +6924,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:26 GMT + - Tue, 04 Nov 2025 18:02:34 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6666,7 +6934,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=504,atl-edge;dur=502,atl-edge-internal;dur=14,atl-edge-upstream;dur=487,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P2",cdn-rid;desc="d8uY-VdXj-N6zj97EaHn-2slpA9E70yQ21SmgsNyGrj6W2EBoqAYxQ==",cdn-downstream-fbl;dur=507 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=323,atl-edge;dur=300,atl-edge-internal;dur=16,atl-edge-upstream;dur=283,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="UTnXXrNGyq-Ixf3YtPiPvKLHb172wh3ukKpTHeJ5P0ctQRjI4F7gPg==",cdn-downstream-fbl;dur=326 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6676,18 +6944,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 9478009849c2f6b9551c4c5c23842910.cloudfront.net (CloudFront) + - 1.1 66b4cf5fe1131d403a242f2f9f334158.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - d8uY-VdXj-N6zj97EaHn-2slpA9E70yQ21SmgsNyGrj6W2EBoqAYxQ== + - UTnXXrNGyq-Ixf3YtPiPvKLHb172wh3ukKpTHeJ5P0ctQRjI4F7gPg== X-Amz-Cf-Pop: - - SYD3-P2 + - DEN52-P3 X-Arequestid: - - a3600f900a676b3a32dc23ec383b70d8 + - a069f61a8ac5604f7792c5ba426a342f + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6701,20 +6973,20 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6724,8 +6996,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n *CWE:* + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6745,21 +7017,21 @@ interactions: Connection: - keep-alive Content-Length: - - '3531' + - '3530' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - ec26d2f8-f396-4d20-812c-cd4f8ba07231 + - ac6e0b47-49a9-46db-a88c-1c9b8c8714b2 Atl-Traceid: - - ec26d2f8f3964d20812ccd4f8ba07231 + - ac6e0b4749a946dba88c1c9b8c8714b2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6767,7 +7039,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:28 GMT + - Tue, 04 Nov 2025 18:02:35 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6777,7 +7049,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=710,atl-edge;dur=707,atl-edge-internal;dur=15,atl-edge-upstream;dur=692,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="Z_0Onz-4EAW-0Pm8K9BgFcF-V_POpqKjP5jAZuVZo_Mbi65kGMN1-w==",cdn-downstream-fbl;dur=713 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=779,atl-edge;dur=755,atl-edge-internal;dur=18,atl-edge-upstream;dur=737,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="irL834izS-OYI0_8uL515V7w_BLDXG2LymmClVTiSFH2U5AC3jZx1w==",cdn-downstream-fbl;dur=784 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6785,15 +7057,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2e2023905a055fb3a137d4ecfec97d0e.cloudfront.net (CloudFront) + - 1.1 a7c0ba01db75946f7df3f7eaf69984b6.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - Z_0Onz-4EAW-0Pm8K9BgFcF-V_POpqKjP5jAZuVZo_Mbi65kGMN1-w== + - irL834izS-OYI0_8uL515V7w_BLDXG2LymmClVTiSFH2U5AC3jZx1w== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P2 X-Arequestid: - - 16beae5fd4d5a4a2694940d03f18fcf9 + - 0b99efe7925c20669d0dde45dd27eef4 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6817,31 +7093,31 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:05.749+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work - has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-07-25T21:04:05.726+0200","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_65305_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:28.106+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:28.161+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"},"resolution":{"self":"https://defectdojo.atlassian.net/rest/api/2/resolution/10000","id":"10000","description":"Work + has been completed on this issue.","name":"Done"},"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10002","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Done","id":"10002","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/3","id":3,"key":"done","colorName":"green","name":"Done"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":"2025-11-04T19:02:28.127+0100","workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":"10000_*:*_1_*:*_22594_*|*_10002_*:*_1_*:*_0","customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:35.656+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -6851,8 +7127,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -6863,12 +7139,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - f192d8c3-df4e-4b67-8248-f41d77c1c341 + - c4cee2ba-8ec5-4981-82db-dbff0edc2657 Atl-Traceid: - - f192d8c3df4e4b678248f41d77c1c341 + - c4cee2ba8ec5498182dbdbff0edc2657 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6878,7 +7154,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:29 GMT + - Tue, 04 Nov 2025 18:02:36 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6888,7 +7164,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=425,atl-edge;dur=423,atl-edge-internal;dur=16,atl-edge-upstream;dur=407,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="jEEwB4sLvUL_pRnhb5CM-ttXTqIbtsFJ1Sgql2nE4aovDNDkkKDxCA==",cdn-downstream-fbl;dur=428 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=272,atl-edge;dur=249,atl-edge-internal;dur=17,atl-edge-upstream;dur=232,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="IEFnfQxZL_y0ZHrTyPdPAyUstPTMb7PdW8rqvbT45w0xgF-EB11lPQ==",cdn-downstream-fbl;dur=276 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6898,15 +7174,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 59067266959db6ef629f60366c4dee48.cloudfront.net (CloudFront) + - 1.1 befcfd7ee847a3c890471f27612dbcde.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - jEEwB4sLvUL_pRnhb5CM-ttXTqIbtsFJ1Sgql2nE4aovDNDkkKDxCA== + - IEFnfQxZL_y0ZHrTyPdPAyUstPTMb7PdW8rqvbT45w0xgF-EB11lPQ== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P2 X-Arequestid: - - 71ce21f341826f1ccc9af2da7e9a1a65 + - ee30362c6c652b26dbe77bbd8a8e1226 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -6932,17 +7212,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: POST - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/transitions + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/transitions response: body: string: '' headers: Atl-Request-Id: - - 3eb1cbc5-968c-4de6-9e70-1afc25968bb4 + - 88795a8f-0446-4486-8b01-94aa6086d89d Atl-Traceid: - - 3eb1cbc5968c4de69e701afc25968bb4 + - 88795a8f044644868b0194aa6086d89d Cache-Control: - no-cache, no-store, no-transform Connection: @@ -6950,7 +7230,7 @@ interactions: Content-Type: - text/html;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:31 GMT + - Tue, 04 Nov 2025 18:02:36 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -6960,7 +7240,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=614,atl-edge;dur=609,atl-edge-internal;dur=15,atl-edge-upstream;dur=594,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="CsZOpBptDzkIbsZobAq4r0rYv-F_qUU8UUxqn65VQYTwh1Tz0_opug==",cdn-downstream-fbl;dur=617 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=594,atl-edge;dur=501,atl-edge-internal;dur=21,atl-edge-upstream;dur=481,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="hinoF4kJkunQNqxVpGq9aYFk_kOPIredaUFg1TdQ0U1lA8Ha5PuFzA==",cdn-downstream-fbl;dur=598 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -6968,15 +7248,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2a6cd2383f2f70d74f5acfbb719135b8.cloudfront.net (CloudFront) + - 1.1 d7b3fa0ef559ab3ac226fc78e47d311a.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - CsZOpBptDzkIbsZobAq4r0rYv-F_qUU8UUxqn65VQYTwh1Tz0_opug== + - hinoF4kJkunQNqxVpGq9aYFk_kOPIredaUFg1TdQ0U1lA8Ha5PuFzA== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P1 X-Arequestid: - - 60a6b34fa410f27f9f9e05ac695f6ecf + - c88049880f993932b4f9398331d24f97 + X-Beta-Ratelimit-Limit: + - '200' + X-Beta-Ratelimit-Remaining: + - '199' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7000,17 +7284,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:32.364+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:37.119+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 618a7a64-03be-48b8-8d9d-739ac89ec899 + - 2771b662-4b46-499a-aaf3-2ffb6229ca81 Atl-Traceid: - - 618a7a6403be48b88d9d739ac89ec899 + - 2771b6624b46499aaaf32ffb6229ca81 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7020,7 +7304,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:32 GMT + - Tue, 04 Nov 2025 18:02:37 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7030,7 +7314,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=358,atl-edge;dur=353,atl-edge-internal;dur=15,atl-edge-upstream;dur=337,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="2f-Z0Vn7BaLIkqBenmNJ1qJ0I6_JEIrj7W3oHJcX1lqhkHESqbrsow==",cdn-downstream-fbl;dur=362 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=201,atl-edge;dur=177,atl-edge-internal;dur=17,atl-edge-upstream;dur=161,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="zWEDoTZAzfgL-0o_rHae_HfM387v5AsBKgmiDF8S6izbyT9IlNQ6TA==",cdn-downstream-fbl;dur=204 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7040,15 +7324,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 b39f0409e845bde1b97cd11f1d544d4e.cloudfront.net (CloudFront) + - 1.1 3fddcbe99f78632bf14e5e80e6c14058.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 2f-Z0Vn7BaLIkqBenmNJ1qJ0I6_JEIrj7W3oHJcX1lqhkHESqbrsow== + - zWEDoTZAzfgL-0o_rHae_HfM387v5AsBKgmiDF8S6izbyT9IlNQ6TA== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P2 X-Arequestid: - - b54d49fdcf7fd373faf25050d4cdd82a + - 6d3bb40d7f6dc856eb5acf3c920edb4f + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7072,32 +7360,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:30.923+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:36.581+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:30.922+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:36.580+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -7107,8 +7395,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -7119,12 +7407,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 142d47d4-68b7-4bd2-95a7-43f40cd1052d + - 1c5abdf4-3914-4f5d-a876-4c4e68f8a09f Atl-Traceid: - - 142d47d468b74bd295a743f40cd1052d + - 1c5abdf439144f5da8764c4e68f8a09f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7134,7 +7422,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:33 GMT + - Tue, 04 Nov 2025 18:02:37 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7144,7 +7432,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=418,atl-edge;dur=416,atl-edge-internal;dur=14,atl-edge-upstream;dur=402,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="yMO1Lh51rWInQUC6hxUdPDPgvOsr6ktYwykw7kP_BbhkDxNc9qPoHQ==",cdn-downstream-fbl;dur=421 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=379,atl-edge;dur=287,atl-edge-internal;dur=20,atl-edge-upstream;dur=265,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="9cxUthhe0oOIKEM0V1U6EJk_8fcGOFqyjzLWHgRzC0VocNRmJHN9KQ==",cdn-downstream-fbl;dur=383 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7154,15 +7442,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3e61a2014e7d26249915c64513c0b4f2.cloudfront.net (CloudFront) + - 1.1 81c07f42f70c1aec766dc553e24f3864.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - yMO1Lh51rWInQUC6hxUdPDPgvOsr6ktYwykw7kP_BbhkDxNc9qPoHQ== + - 9cxUthhe0oOIKEM0V1U6EJk_8fcGOFqyjzLWHgRzC0VocNRmJHN9KQ== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - 0c328a5f428f4803e5bc6162e4cfc0e9 + - 835607e3053047c761aa5c91f7e0a434 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7186,17 +7478,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:34.833+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:37.910+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - df1d9a92-3007-4a77-8e14-7e049e41d575 + - 5b91aeac-74eb-4042-9faf-7ee67acafa0e Atl-Traceid: - - df1d9a9230074a778e147e049e41d575 + - 5b91aeac74eb40429faf7ee67acafa0e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7206,7 +7498,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:34 GMT + - Tue, 04 Nov 2025 18:02:37 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7216,7 +7508,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=323,atl-edge;dur=321,atl-edge-internal;dur=16,atl-edge-upstream;dur=306,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="_aa8seReyjY4Q9xnBWQK3idrX8nMwlxI9fX7yC4sVEyrMYZWkd1oew==",cdn-downstream-fbl;dur=327 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=262,atl-edge;dur=173,atl-edge-internal;dur=18,atl-edge-upstream;dur=154,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P2",cdn-rid;desc="w9HcJnW4ya4xOv-WC42GmXRHifLJNmmMsa7EIx-8zZhn5GO2sJETAw==",cdn-downstream-fbl;dur=265 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7226,15 +7518,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 c44c600db483eb2098670fa47c16d840.cloudfront.net (CloudFront) + - 1.1 0ec4ee481d2d7e134f4c87a9b9fc4e06.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - _aa8seReyjY4Q9xnBWQK3idrX8nMwlxI9fX7yC4sVEyrMYZWkd1oew== + - w9HcJnW4ya4xOv-WC42GmXRHifLJNmmMsa7EIx-8zZhn5GO2sJETAw== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P2 X-Arequestid: - - e29d883ef0e105ca443d1f81780112ec + - 1f0f20862036e67e517c2ea31fb6bf8b + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '348' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7258,32 +7554,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:30.923+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:36.581+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:30.922+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:36.580+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -7293,8 +7589,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -7305,12 +7601,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 90e6857e-afb4-46c5-98aa-c6b22411c647 + - 3102e328-9341-48c0-87f1-fac846f0479f Atl-Traceid: - - 90e6857eafb446c598aac6b22411c647 + - 3102e328934148c087f1fac846f0479f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7320,7 +7616,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:36 GMT + - Tue, 04 Nov 2025 18:02:38 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7330,7 +7626,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=430,atl-edge;dur=428,atl-edge-internal;dur=14,atl-edge-upstream;dur=413,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="TrH92-xsGIhpkPxjnshiaI50r82dUkzOZzXH__n0fF7FIb3z97HiiQ==",cdn-downstream-fbl;dur=434 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=272,atl-edge;dur=249,atl-edge-internal;dur=17,atl-edge-upstream;dur=233,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="Q1yTY_KYiQGdw1sg51d9MDHhbpncBiQ5GIhnYq8sNAZSvT35nIWIHA==",cdn-downstream-fbl;dur=275 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7340,15 +7636,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 6eb4925a459e5104745cfd7f77596766.cloudfront.net (CloudFront) + - 1.1 be287e7673276d1e72db92a6f145d6f0.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - TrH92-xsGIhpkPxjnshiaI50r82dUkzOZzXH__n0fF7FIb3z97HiiQ== + - Q1yTY_KYiQGdw1sg51d9MDHhbpncBiQ5GIhnYq8sNAZSvT35nIWIHA== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P1 X-Arequestid: - - caa2dcecdf3d639f1145c994770919c0 + - 87efe3c9a1d9479690e8f6a2afc128de + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7372,17 +7672,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:37.493+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:38.634+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - a92d6525-f637-4578-a429-0bc3aacab9ac + - f09f13bb-6bff-4e89-b9b2-27496af5197e Atl-Traceid: - - a92d6525f6374578a4290bc3aacab9ac + - f09f13bb6bff4e89b9b227496af5197e Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7392,7 +7692,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:37 GMT + - Tue, 04 Nov 2025 18:02:38 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7402,7 +7702,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=325,atl-edge;dur=323,atl-edge-internal;dur=14,atl-edge-upstream;dur=309,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="S9VD-wsJipitOgc74rj5qQigBcwEgjhVLk3wo0G9do61rDst6J6NsQ==",cdn-downstream-fbl;dur=328 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=194,atl-edge;dur=171,atl-edge-internal;dur=14,atl-edge-upstream;dur=157,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="yxQ51jK65LA7XZPIWd5HhQ-XmUXZS62bxZr7SnScQq_IXmUlcR-R-Q==",cdn-downstream-fbl;dur=199 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7412,15 +7712,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 2db2695e7e4ed9660f2422e6ea5c01e4.cloudfront.net (CloudFront) + - 1.1 d1f45df4933065053cea3fd574dc6f20.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - S9VD-wsJipitOgc74rj5qQigBcwEgjhVLk3wo0G9do61rDst6J6NsQ== + - yxQ51jK65LA7XZPIWd5HhQ-XmUXZS62bxZr7SnScQq_IXmUlcR-R-Q== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P1 X-Arequestid: - - 27cdec19431783f2459745f27f8840a0 + - 7a28763ee8b48feccc860cc348673990 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '347' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7444,7 +7748,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -7458,9 +7762,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 558cb70a-406b-4b35-b284-2748c7e33752 + - 9f121170-5613-49b2-9458-36faa4027b83 Atl-Traceid: - - 558cb70a406b4b35b2842748c7e33752 + - 9f121170561349b2945836faa4027b83 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7470,7 +7774,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:39 GMT + - Tue, 04 Nov 2025 18:02:39 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7480,7 +7784,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=508,atl-edge;dur=507,atl-edge-internal;dur=19,atl-edge-upstream;dur=488,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="InwEorUHv5Mq8QQG8hUpNCE4Fg0lsF8_YS2pVQK5LgeHXUsahWqn5Q==",cdn-downstream-fbl;dur=512 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=377,atl-edge;dur=353,atl-edge-internal;dur=23,atl-edge-upstream;dur=325,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="rjavgbg41Lw3jUfrFCPvDVqm_0Kd6HGOUfIiAMaZRKUcB5-F7hWpsw==",cdn-downstream-fbl;dur=380 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7490,18 +7794,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 00f0469d54a973389150a36c64065326.cloudfront.net (CloudFront) + - 1.1 88bce767af5e31f726ade38ea5253bd4.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - InwEorUHv5Mq8QQG8hUpNCE4Fg0lsF8_YS2pVQK5LgeHXUsahWqn5Q== + - rjavgbg41Lw3jUfrFCPvDVqm_0Kd6HGOUfIiAMaZRKUcB5-F7hWpsw== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P2 X-Arequestid: - - 0ed9cb8e7dc240b0707dd60d4bb5d3f4 + - 5d7b16c4113abcc24cb4933892410004 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7514,11 +7822,11 @@ interactions: - request: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Jira Api Test 2", "description": "\n\n\n\n\n\n\n*Title*: [Jira Api - Test 2|http://localhost:8080/finding/252]\n\n*Defect Dojo link:* http://localhost:8080/finding/252 - (252)\n\n*Severity:* Medium\n\n\n*Due Date:* Oct. 23, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + Test 2|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* http://localhost:8080/finding/240 + (240)\n\n*Severity:* Medium\n\n\n*Due Date:* Feb. 2, 2026\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + / [NPM Audit Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` header @@ -7537,21 +7845,21 @@ interactions: Connection: - keep-alive Content-Length: - - '1445' + - '1444' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"21269","key":"NTEST-3090","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21269"}' + string: '{"id":"23616","key":"NTEST-3175","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616"}' headers: Atl-Request-Id: - - 3ff63dc5-ebcd-4ac4-a2c8-d5f24927ba42 + - 6b2750a9-1062-4dc5-b3ec-61f0097a0872 Atl-Traceid: - - 3ff63dc5ebcd4ac4a2c8d5f24927ba42 + - 6b2750a910624dc5b3ec61f0097a0872 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7559,7 +7867,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:40 GMT + - Tue, 04 Nov 2025 18:02:40 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7569,7 +7877,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=860,atl-edge;dur=858,atl-edge-internal;dur=13,atl-edge-upstream;dur=845,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="RtrZz_FglFXJZkS5BAOBPwdXJU23BXlvAFFM0NZhZrMA-4c03Vatdg==",cdn-downstream-fbl;dur=864 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=726,atl-edge;dur=703,atl-edge-internal;dur=14,atl-edge-upstream;dur=688,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="tnaIJlYR3CEPOa40bygU6PTgmnQMkfQNisxxl2V6s5tH_crOqMjSnA==",cdn-downstream-fbl;dur=729 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7579,15 +7887,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 74ae22067fef6f6228fb9f864f22f58a.cloudfront.net (CloudFront) + - 1.1 21d788b44c2b3d335a275c07a54548b6.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - RtrZz_FglFXJZkS5BAOBPwdXJU23BXlvAFFM0NZhZrMA-4c03Vatdg== + - tnaIJlYR3CEPOa40bygU6PTgmnQMkfQNisxxl2V6s5tH_crOqMjSnA== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - c92f0bdd5bb87393e5f7f4bdf2aa9fbb + - a2f8f1918bc73d63154c68803bf11a34 + X-Beta-Ratelimit-Limit: + - '200' + X-Beta-Ratelimit-Remaining: + - '199' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7611,23 +7923,23 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3090 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21269","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21269","key":"NTEST-3090","fields":{"statuscategorychangedate":"2025-07-25T21:04:40.572+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23616","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616","key":"NTEST-3175","fields":{"statuscategorychangedate":"2025-11-04T19:02:39.969+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3090/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3090/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:04:40.315+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i0129b:","updated":"2025-07-25T21:04:40.391+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n*Title*: - [Jira Api Test 2|http://localhost:8080/finding/252]\n\n*Defect Dojo link:* - http://localhost:8080/finding/252 (252)\n\n*Severity:* Medium\n\n\n*Due Date:* - Oct. 23, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:39.717+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sv:","updated":"2025-11-04T19:02:39.806+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n*Title*: + [Jira Api Test 2|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* + http://localhost:8080/finding/240 (240)\n\n*Severity:* Medium\n\n\n*Due Date:* + Feb. 2, 2026\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + / [NPM Audit Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` @@ -7636,12 +7948,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Jira - Api Test 2","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21269/comment","maxResults":0,"total":0,"startAt":0}}}' + Api Test 2","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 1e437d4a-13ba-4797-8c2c-01cc924355be + - 6ccf0ef9-fd9b-4432-bf8a-2e8f11fba7c9 Atl-Traceid: - - 1e437d4a13ba47978c2c01cc924355be + - 6ccf0ef9fd9b4432bf8a2e8f11fba7c9 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7651,7 +7963,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:42 GMT + - Tue, 04 Nov 2025 18:02:40 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7661,7 +7973,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=419,atl-edge;dur=415,atl-edge-internal;dur=15,atl-edge-upstream;dur=401,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="8S9VyLGINImlpiJ4j3ubGhUv1o-g2BZTO1ciTKeoKIhk-spvxidtsg==",cdn-downstream-fbl;dur=422 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=266,atl-edge;dur=242,atl-edge-internal;dur=18,atl-edge-upstream;dur=224,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="e02RKJIW0cRX3HMIMmt_45NvZh27FVNFbnXcy8k50hy-CEBTgRcZcA==",cdn-downstream-fbl;dur=269 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7671,15 +7983,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 55d9a4fa548a24d777eff07223b71680.cloudfront.net (CloudFront) + - 1.1 88bce767af5e31f726ade38ea5253bd4.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 8S9VyLGINImlpiJ4j3ubGhUv1o-g2BZTO1ciTKeoKIhk-spvxidtsg== + - e02RKJIW0cRX3HMIMmt_45NvZh27FVNFbnXcy8k50hy-CEBTgRcZcA== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P2 X-Arequestid: - - f5a71836d563244e63980c37fb2f6ca9 + - 709529d7d52f54071c194da2384bf701 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7703,23 +8019,23 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21269 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23616 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21269","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21269","key":"NTEST-3090","fields":{"statuscategorychangedate":"2025-07-25T21:04:40.572+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23616","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616","key":"NTEST-3175","fields":{"statuscategorychangedate":"2025-11-04T19:02:39.969+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3090/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3090/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:04:40.315+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i0129b:","updated":"2025-07-25T21:04:40.391+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n*Title*: - [Jira Api Test 2|http://localhost:8080/finding/252]\n\n*Defect Dojo link:* - http://localhost:8080/finding/252 (252)\n\n*Severity:* Medium\n\n\n*Due Date:* - Oct. 23, 2025\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:39.717+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sv:","updated":"2025-11-04T19:02:39.806+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n*Title*: + [Jira Api Test 2|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* + http://localhost:8080/finding/240 (240)\n\n*Severity:* Medium\n\n\n*Due Date:* + Feb. 2, 2026\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + / [NPM Audit Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service attacks, which trigger upon parsing a specially crafted `Accept-Language` @@ -7728,12 +8044,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Jira - Api Test 2","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21269/comment","maxResults":0,"total":0,"startAt":0}}}' + Api Test 2","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - fb8865a9-de6a-4547-a248-930797f23e07 + - 6d8fec0e-0266-4452-b189-fde910fcf29f Atl-Traceid: - - fb8865a9de6a4547a248930797f23e07 + - 6d8fec0e02664452b189fde910fcf29f Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7743,7 +8059,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:43 GMT + - Tue, 04 Nov 2025 18:02:40 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7753,7 +8069,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=469,atl-edge;dur=463,atl-edge-internal;dur=14,atl-edge-upstream;dur=449,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="a3rdhYDpzMwSNC6jvjUr4M2CXOtIOOh0QohccCR7cp9FjONsyPwEog==",cdn-downstream-fbl;dur=472 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=296,atl-edge;dur=273,atl-edge-internal;dur=15,atl-edge-upstream;dur=258,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="asmmql3a2Z0pcoxmf8Cmcy0y3dp_rm8faaNSwJktAl0ZSrkNcIt3ew==",cdn-downstream-fbl;dur=300 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7763,15 +8079,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 928b9a46c60991369db0a5ad58525eca.cloudfront.net (CloudFront) + - 1.1 be287e7673276d1e72db92a6f145d6f0.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - a3rdhYDpzMwSNC6jvjUr4M2CXOtIOOh0QohccCR7cp9FjONsyPwEog== + - asmmql3a2Z0pcoxmf8Cmcy0y3dp_rm8faaNSwJktAl0ZSrkNcIt3ew== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P1 X-Arequestid: - - 445f55695c3f1a6427629d1277c30b3e + - 1b1113d26dbfc8e11c2df4be6693a6a0 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7795,17 +8115,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:44.560+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:41.075+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - 334df33b-9edc-4b6a-9044-404dc9ff5c7e + - 016d8ff3-a43f-4d81-bf8e-f691137c58f5 Atl-Traceid: - - 334df33b9edc4b6a9044404dc9ff5c7e + - 016d8ff3a43f4d81bf8ef691137c58f5 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7815,7 +8135,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:44 GMT + - Tue, 04 Nov 2025 18:02:41 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7825,7 +8145,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=322,atl-edge;dur=320,atl-edge-internal;dur=13,atl-edge-upstream;dur=307,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="debpY1WfxssrkEHM0QHsfwcH89vPuIJJhE7HDcaNpP0oY3kdbF_Y7w==",cdn-downstream-fbl;dur=326 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=192,atl-edge;dur=170,atl-edge-internal;dur=17,atl-edge-upstream;dur=153,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="lTP-q8vlhlkRdbHTgDAY4oyfp4jlIQNqeJ9ibJAq6z0rCuWXZpTYiQ==",cdn-downstream-fbl;dur=196 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7835,15 +8155,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 4ab519b4cd27a1b8a4b258d7f39bbc7e.cloudfront.net (CloudFront) + - 1.1 56a79b3a2ac1e2942686c2337f96fb72.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - debpY1WfxssrkEHM0QHsfwcH89vPuIJJhE7HDcaNpP0oY3kdbF_Y7w== + - lTP-q8vlhlkRdbHTgDAY4oyfp4jlIQNqeJ9ibJAq6z0rCuWXZpTYiQ== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - 475713f08235ad2ff4d6d2ba6bfc5db0 + - 5d06f50f5ef93cbde9fa1e577883230d + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7867,32 +8191,32 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:30.923+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:36.581+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:30.922+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:36.580+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -7902,8 +8226,8 @@ interactions: CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -7914,12 +8238,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - d7727416-2f0f-4158-9dca-a570b84d955c + - 8a0885a3-64ab-454b-b777-8ae81e3e2249 Atl-Traceid: - - d77274162f0f41589dcaa570b84d955c + - 8a0885a364ab454bb7778ae81e3e2249 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -7929,7 +8253,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:45 GMT + - Tue, 04 Nov 2025 18:02:41 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -7939,7 +8263,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=421,atl-edge;dur=419,atl-edge-internal;dur=16,atl-edge-upstream;dur=403,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="P2fw0vAE_ByCJA06lVzvMWZ2e7Zm3SfuVLW0fRrF_YRmCeQtdXebgA==",cdn-downstream-fbl;dur=425 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=264,atl-edge;dur=240,atl-edge-internal;dur=17,atl-edge-upstream;dur=224,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="Tz9Kl-gyfx0SS0anc4lJCHIJ93_ulSiq_VI82qKtKWxmLRU8m3F81A==",cdn-downstream-fbl;dur=270 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -7949,15 +8273,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 35202ecfee8e63e178de36be1b541f0e.cloudfront.net (CloudFront) + - 1.1 d4fb3448d1a8d3229dcf0a89f4bbe7e8.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - P2fw0vAE_ByCJA06lVzvMWZ2e7Zm3SfuVLW0fRrF_YRmCeQtdXebgA== + - Tz9Kl-gyfx0SS0anc4lJCHIJ93_ulSiq_VI82qKtKWxmLRU8m3F81A== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P2 X-Arequestid: - - 6087ab535e090eb6b59f4cfe7e9473e6 + - 644349756098d57ed8a5f63c0c3e9cb0 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '397' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -7981,7 +8309,7 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -7995,9 +8323,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - 3da42546-ba13-4dda-866c-d20a84e16d01 + - cb94304c-b90d-475a-9408-02305effd22b Atl-Traceid: - - 3da42546ba134dda866cd20a84e16d01 + - cb94304cb90d475a940802305effd22b Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8007,7 +8335,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:47 GMT + - Tue, 04 Nov 2025 18:02:41 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8017,7 +8345,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=488,atl-edge;dur=486,atl-edge-internal;dur=18,atl-edge-upstream;dur=467,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="g3VtxXsBVYKSCmncnfkuvom0dsXco6WhYb5fb3ofDgmaFMQmM4U-0w==",cdn-downstream-fbl;dur=491 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=346,atl-edge;dur=323,atl-edge-internal;dur=23,atl-edge-upstream;dur=299,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="UnzuSKU2SzUmQRueawdpvO8eJVqoi7YWFHW1iQD1TkfFj4rl0M_GUQ==",cdn-downstream-fbl;dur=350 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8027,18 +8355,22 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 28cc33f6d1fa8bfd0cce12161c7d5e90.cloudfront.net (CloudFront) + - 1.1 2a3bfb7cadc3003297b11ce744cb58fa.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - g3VtxXsBVYKSCmncnfkuvom0dsXco6WhYb5fb3ofDgmaFMQmM4U-0w== + - UnzuSKU2SzUmQRueawdpvO8eJVqoi7YWFHW1iQD1TkfFj4rl0M_GUQ== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN53-P1 X-Arequestid: - - 65aafeda3bb6c77593484ef88e4ef9ad + - 7d2d0cd26a0660da11dba68d43e4bc1c + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8052,22 +8384,22 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: negotiator:0.5.3", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Jira - Api Test 2|http://localhost:8080/finding/252]|Active, Verified|\n\nFindings + Api Test 2|http://localhost:8080/finding/240]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8076,9 +8408,9 @@ interactions: Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 2|http://localhost:8080/finding/252]\n*Defect - Dojo link:* http://localhost:8080/finding/252 (252)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 2|http://localhost:8080/finding/240]\n*Defect + Dojo link:* http://localhost:8080/finding/240 (240)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8088,8 +8420,8 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial of - Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n *CWE:* + Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8109,21 +8441,21 @@ interactions: Connection: - keep-alive Content-Length: - - '4766' + - '4764' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: PUT - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: string: '' headers: Atl-Request-Id: - - 79c255db-c503-4e0e-9b50-98a72ea9f541 + - ce61edb7-6706-4805-9ac1-1c30234c320a Atl-Traceid: - - 79c255dbc5034e0e9b5098a72ea9f541 + - ce61edb7670648059ac11c30234c320a Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8131,7 +8463,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:49 GMT + - Tue, 04 Nov 2025 18:02:42 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8141,7 +8473,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=733,atl-edge;dur=731,atl-edge-internal;dur=15,atl-edge-upstream;dur=715,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="hjfjevc-vaM4TywsXCu7UyrLHHu2t_9ShByAN4AX0QNqjlsvWJKHDw==",cdn-downstream-fbl;dur=736 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=562,atl-edge;dur=538,atl-edge-internal;dur=17,atl-edge-upstream;dur=520,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="cxl1rRHLiXOEFKy_eyIofdI3UZVoTxL4SWjH6xhTVVV7Kkzxk-aEow==",cdn-downstream-fbl;dur=568 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8149,15 +8481,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 14d2e33ccccdcd865bebd3f59cd47112.cloudfront.net (CloudFront) + - 1.1 a827400055d7bbab6e387896737d4e50.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - hjfjevc-vaM4TywsXCu7UyrLHHu2t_9ShByAN4AX0QNqjlsvWJKHDw== + - cxl1rRHLiXOEFKy_eyIofdI3UZVoTxL4SWjH6xhTVVV7Kkzxk-aEow== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN52-P1 X-Arequestid: - - 8fa01f3c9597147842ac2981d47587b1 + - f7ad31b3894d785b676afb78dc128180 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8181,34 +8517,34 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21268 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23615 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21268","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268","key":"NTEST-3089","fields":{"statuscategorychangedate":"2025-07-25T21:04:30.923+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23615","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615","key":"NTEST-3174","fields":{"statuscategorychangedate":"2025-11-04T19:02:36.581+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3089/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:03:00.443+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i01293:","updated":"2025-07-25T21:04:48.633+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3174/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:05.566+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sn:","updated":"2025-11-04T19:02:42.347+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/1] + Group\n*Group*: [Findings in: negotiator:0.5.3|http://localhost:8080/finding_group/37] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - Medium *Due Date:* Oct. 23, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + Medium *Due Date:* Feb. 2, 2026 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Medium|[CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]|[300|https://cwe.mitre.org/data/definitions/300.html]|negotiator|0.5.3|[2222Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Jira - Api Test 2|http://localhost:8080/finding/252]|Active, Verified|\n\nFindings + Api Test 2|http://localhost:8080/finding/240]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|Info|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|negotiator|0.5.3|[Regular - Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]|Active, + Expression Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]|Active, Verified|\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [2222Regular Expression - Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/247]\n*Defect - Dojo link:* http://localhost:8080/finding/247 (247)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] + Denial of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/235]\n*Defect + Dojo link:* http://localhost:8080/finding/235 (235)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-300|https://cwe.mitre.org/data/definitions/300.html] \n*CVE:* [CVE-2019-10321|https://nvd.nist.gov/vuln/detail/CVE-2019-10321]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/107\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8217,9 +8553,9 @@ interactions: 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n CWE: CWE-300\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/107\n\n\n\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 2|http://localhost:8080/finding/252]\n*Defect - Dojo link:* http://localhost:8080/finding/252 (252)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 2|http://localhost:8080/finding/240]\n*Defect + Dojo link:* http://localhost:8080/finding/240 (240)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8229,8 +8565,8 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Regular Expression Denial - of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/246]\n*Defect - Dojo link:* http://localhost:8080/finding/246 (246)\n*Severity:* Info\n\n + of Service - (Negotiator, <= 0.6.0)|http://localhost:8080/finding/234]\n*Defect + Dojo link:* http://localhost:8080/finding/234 (234)\n*Severity:* Info\n\n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected @@ -8241,12 +8577,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21268/comment","maxResults":0,"total":0,"startAt":0}}}' + in: negotiator:0.5.3","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23615/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 41f75419-75ea-4e95-9274-d6054ccfcee2 + - fadaa2e1-100d-4bbc-bdf3-5bf631e08237 Atl-Traceid: - - 41f7541975ea4e959274d6054ccfcee2 + - fadaa2e1100d4bbcbdf35bf631e08237 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8256,7 +8592,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:50 GMT + - Tue, 04 Nov 2025 18:02:42 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8266,7 +8602,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=393,atl-edge;dur=391,atl-edge-internal;dur=14,atl-edge-upstream;dur=377,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="o6eZVwPv2scLYyoRlTM6K9mZLCyQPV96x58jXdUjdbeIPV3JqDmUCA==",cdn-downstream-fbl;dur=396 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=301,atl-edge;dur=279,atl-edge-internal;dur=20,atl-edge-upstream;dur=253,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P3",cdn-rid;desc="RUbk1CdNKX7HoVgONK_ddfuDd6jvvT9KnT7lZdVli7qKkzR8gqxZCg==",cdn-downstream-fbl;dur=306 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8276,15 +8612,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 3468af8a053b0ff241626aed87444af8.cloudfront.net (CloudFront) + - 1.1 acb55e8d2b8ad7df45561a8bccaaa688.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - o6eZVwPv2scLYyoRlTM6K9mZLCyQPV96x58jXdUjdbeIPV3JqDmUCA== + - RUbk1CdNKX7HoVgONK_ddfuDd6jvvT9KnT7lZdVli7qKkzR8gqxZCg== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN52-P3 X-Arequestid: - - 6e0ecef9f44c0d517568cd6ac2158cf7 + - af1bc4a4037d335a6067d2270f53a0af + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8308,17 +8648,17 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo response: body: - string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100287,"buildDate":"2025-07-24T13:05:26.000+0200","serverTime":"2025-07-25T21:04:51.489+0200","scmInfo":"0139ea21e0f8b5dafbd2e1eb33923e0c468b7f69","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:43.167+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' headers: Atl-Request-Id: - - e2085fbb-1341-4f29-bf85-c446fb3fcd02 + - 15ee5d90-3231-41f0-b2c3-892b9bb8b695 Atl-Traceid: - - e2085fbb13414f29bf85c446fb3fcd02 + - 15ee5d90323141f0b2c3892b9bb8b695 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8328,7 +8668,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:51 GMT + - Tue, 04 Nov 2025 18:02:43 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8338,7 +8678,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=325,atl-edge;dur=322,atl-edge-internal;dur=14,atl-edge-upstream;dur=309,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="gIr-iFP9i0541dGmMb_zIdQDC-Uw48LIoTvzsxURrG-4K3LgxT430Q==",cdn-downstream-fbl;dur=329 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=195,atl-edge;dur=171,atl-edge-internal;dur=17,atl-edge-upstream;dur=154,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="nExqnuGvnhpuFvjIy1W6iJ9uj_BtDk-SYXS4-1rwhyo3o8yRTibDDw==",cdn-downstream-fbl;dur=198 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8348,15 +8688,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 505047c0efc37a1900f1288c6f749f90.cloudfront.net (CloudFront) + - 1.1 6d3c3e0af3263a7b3c6878f2fa9bbff6.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - gIr-iFP9i0541dGmMb_zIdQDC-Uw48LIoTvzsxURrG-4K3LgxT430Q== + - nExqnuGvnhpuFvjIy1W6iJ9uj_BtDk-SYXS4-1rwhyo3o8yRTibDDw== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN53-P1 X-Arequestid: - - b2186f1b9bb669695fe7afc1b3c96f73 + - 7f1d87d441b373a938bc920152a2ec43 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8380,7 +8724,103 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23616 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23616","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616","key":"NTEST-3175","fields":{"statuscategorychangedate":"2025-11-04T19:02:39.969+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:39.717+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sv:","updated":"2025-11-04T19:02:39.806+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n*Title*: + [Jira Api Test 2|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* + http://localhost:8080/finding/240 (240)\n\n*Severity:* Medium\n\n\n*Due Date:* + Feb. 2, 2026\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Jira + Api Test 2","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616/comment","maxResults":0,"total":0,"startAt":0}}}' + headers: + Atl-Request-Id: + - 4805d705-c762-4bef-9534-74f236add184 + Atl-Traceid: + - 4805d705c7624bef953474f236add184 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Tue, 04 Nov 2025 18:02:43 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=289,atl-edge;dur=265,atl-edge-internal;dur=18,atl-edge-upstream;dur=247,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="Zi4DV03f3prUN_qAqPJO9_YD7e3Fvw04xjDtLQBDnybyYknn8nf3aA==",cdn-downstream-fbl;dur=292 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 81677ea21ca4917e071a8c310dd9130c.cloudfront.net (CloudFront) + X-Aaccountid: + - 5d3878b170e3c90c952f91f6 + X-Amz-Cf-Id: + - Zi4DV03f3prUN_qAqPJO9_YD7e3Fvw04xjDtLQBDnybyYknn8nf3aA== + X-Amz-Cf-Pop: + - DEN53-P3 + X-Arequestid: + - 1a2e9b1564b19619e2747681e843e1a1 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.5 method: GET uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields response: @@ -8394,9 +8834,9 @@ interactions: Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' headers: Atl-Request-Id: - - c7f7eef2-a4a8-4401-9b32-a3fb7852c212 + - c9481dbb-3484-4690-bf94-d3f810005d81 Atl-Traceid: - - c7f7eef2a4a844019b32a3fb7852c212 + - c9481dbb34844690bf94d3f810005d81 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8406,7 +8846,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:53 GMT + - Tue, 04 Nov 2025 18:02:43 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8416,7 +8856,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=1,cdn-upstream-fbl;dur=498,atl-edge;dur=491,atl-edge-internal;dur=15,atl-edge-upstream;dur=476,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P1",cdn-rid;desc="c3jrIl76pD3jkJ10SQGq4HzUs6BJg8nRLkJBjdFKSpvAQR-aEh-DOg==",cdn-downstream-fbl;dur=501 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=327,atl-edge;dur=305,atl-edge-internal;dur=20,atl-edge-upstream;dur=285,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P2",cdn-rid;desc="DDNJSELk2umNkLUpRl83Ri-Wqk7IZ_UfCdDwOHouvM4q9vJl-nhcFQ==",cdn-downstream-fbl;dur=331 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8426,18 +8866,367 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 eb3589b1230a45883fc0813bdb92ed5e.cloudfront.net (CloudFront) + - 1.1 a42ce842e0f60814700ead82353e9f08.cloudfront.net (CloudFront) Warning: - 'The issue create meta endpoint has been deprecated. (Deprecation start date: June 03, 2024)' X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - c3jrIl76pD3jkJ10SQGq4HzUs6BJg8nRLkJBjdFKSpvAQR-aEh-DOg== + - DDNJSELk2umNkLUpRl83Ri-Wqk7IZ_UfCdDwOHouvM4q9vJl-nhcFQ== X-Amz-Cf-Pop: - - SYD62-P1 + - DEN52-P2 X-Arequestid: - - 1b38381ffa2da6a261d14fa8a5862dcd + - 17931357cbd8d5561f50d4a6c5d51d92 + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, + "summary": "Jira Api Test 2", "description": "\n\n\n\n\n\n\n*Title*: [Jira Api + Test 2|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* http://localhost:8080/finding/240 + (240)\n\n*Severity:* Medium\n\n\n*Due Date:* Feb. 2, 2026\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` header + value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= 0.6.0\n + Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or + later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* + [(admin) ()|mailto:]\n"}, "update": {}}' + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Length: + - '1426' + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.5 + method: PUT + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23616 + response: + body: + string: '' + headers: + Atl-Request-Id: + - 42bbf820-b6e4-44be-82b7-c8fc9f825dc6 + Atl-Traceid: + - 42bbf820b6e444be82b7c8fc9f825dc6 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Type: + - application/json;charset=UTF-8 + Date: + - Tue, 04 Nov 2025 18:02:44 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=446,atl-edge;dur=354,atl-edge-internal;dur=20,atl-edge-upstream;dur=331,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="1zwYeyeyM5h3EcErX6VDA1L8AtPCV6shNb2x90yUvQ3qj5NIVdvUEg==",cdn-downstream-fbl;dur=449 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Vary: + - Accept-Encoding + Via: + - 1.1 979fd411be7856884369a8fd4e9bff60.cloudfront.net (CloudFront) + X-Aaccountid: + - 5d3878b170e3c90c952f91f6 + X-Amz-Cf-Id: + - 1zwYeyeyM5h3EcErX6VDA1L8AtPCV6shNb2x90yUvQ3qj5NIVdvUEg== + X-Amz-Cf-Pop: + - DEN53-P1 + X-Arequestid: + - 250615aeabcfbe557737065a62c1a215 + X-Beta-Ratelimit-Limit: + - '300' + X-Beta-Ratelimit-Remaining: + - '299' + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 204 + message: No Content +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.5 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23616 + response: + body: + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23616","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616","key":"NTEST-3175","fields":{"statuscategorychangedate":"2025-11-04T19:02:39.969+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3175/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:39.717+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013sv:","updated":"2025-11-04T19:02:39.806+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n*Title*: + [Jira Api Test 2|http://localhost:8080/finding/240]\n\n*Defect Dojo link:* + http://localhost:8080/finding/240 (240)\n\n*Severity:* Medium\n\n\n*Due Date:* + Feb. 2, 2026\n\n\n\n*CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html]\n\n\n\n*CVE:* + [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n*Product/Engagement/Test:* + [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/92]\n\n\n\n\n\n\n\n\n\n\n\n*Vulnerable + Component*: negotiator - 0.5.3\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected + versions of `negotiator` are vulnerable to regular expression denial of service + attacks, which trigger upon parsing a specially crafted `Accept-Language` + header value.\n\n\n Vulnerable Module: negotiator\n Vulnerable Versions: <= + 0.6.0\n Patched Version: >= 0.6.1\n Vulnerable Paths: \n - 0.5.3:express>accepts>negotiator\n + CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 + or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* + [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Jira + Api Test 2","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23616/comment","maxResults":0,"total":0,"startAt":0}}}' + headers: + Atl-Request-Id: + - ba8d4084-be1d-41a8-b845-11eeaae5fbf8 + Atl-Traceid: + - ba8d4084be1d41a8b84511eeaae5fbf8 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Tue, 04 Nov 2025 18:02:44 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=285,atl-edge;dur=261,atl-edge-internal;dur=20,atl-edge-upstream;dur=241,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="p0w-2Wu461GEaaUAAuGKKMTPDFg3gy68nanm9VTBubulSlIWx76EjA==",cdn-downstream-fbl;dur=289 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 96b078df4a5d96ad3cc52cfe9d984774.cloudfront.net (CloudFront) + X-Aaccountid: + - 5d3878b170e3c90c952f91f6 + X-Amz-Cf-Id: + - p0w-2Wu461GEaaUAAuGKKMTPDFg3gy68nanm9VTBubulSlIWx76EjA== + X-Amz-Cf-Pop: + - DEN52-P1 + X-Arequestid: + - 303423a52da482af79f56c2902e4ae4d + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.5 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/serverInfo + response: + body: + string: '{"baseUrl":"https://defectdojo.atlassian.net","displayUrl":"https://defectdojo.atlassian.net","displayUrlServicedeskHelpCenter":"https://defectdojo.atlassian.net","displayUrlCSMHelpSeeker":"https://defectdojo.atlassian.net","displayUrlConfluence":"https://defectdojo.atlassian.net","version":"1001.0.0-SNAPSHOT","versionNumbers":[1001,0,0],"deploymentType":"Cloud","buildNumber":100290,"buildDate":"2025-11-03T11:21:33.000+0100","serverTime":"2025-11-04T19:02:45.170+0100","scmInfo":"c7faf2d76294a838eccb8baf436ee325c9a178b7","serverTitle":"Jira","defaultLocale":{"locale":"en_US"},"serverTimeZone":"Etc/UTC"}' + headers: + Atl-Request-Id: + - 578f99f1-7db0-4a70-900a-d2fe9ab5dc21 + Atl-Traceid: + - 578f99f17db04a70900ad2fe9ab5dc21 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Tue, 04 Nov 2025 18:02:45 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=209,atl-edge;dur=186,atl-edge-internal;dur=19,atl-edge-upstream;dur=167,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="tHbo3eG0ebfklHCicGGPg8lN1TzwCNFvJ8-oxnY5mfHt19cZzJDaog==",cdn-downstream-fbl;dur=214 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 2bdc0b4100727fdf0a312e81266d0496.cloudfront.net (CloudFront) + X-Aaccountid: + - 5d3878b170e3c90c952f91f6 + X-Amz-Cf-Id: + - tHbo3eG0ebfklHCicGGPg8lN1TzwCNFvJ8-oxnY5mfHt19cZzJDaog== + X-Amz-Cf-Pop: + - DEN53-P3 + X-Arequestid: + - a29488c93f08409502186ecb3eacf80e + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' + X-Cache: + - Miss from cloudfront + X-Content-Type-Options: + - nosniff + X-Xss-Protection: + - 1; mode=block + status: + code: 200 + message: OK +- request: + body: null + headers: + Accept: + - application/json,*/*;q=0.9 + Accept-Encoding: + - gzip, deflate + Cache-Control: + - no-cache + Connection: + - keep-alive + Content-Type: + - application/json + User-Agent: + - python-requests/2.32.5 + method: GET + uri: https://defectdojo.atlassian.net/rest/api/2/issue/createmeta?projectKeys=NTEST&issuetypeNames=Task&expand=projects.issuetypes.fields + response: + body: + string: '{"expand":"projects","projects":[{"expand":"issuetypes","self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"},"issuetypes":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","untranslatedName":"Task","subtask":false,"hierarchyLevel":0,"expand":"fields","fields":{"summary":{"required":true,"schema":{"type":"string","system":"summary"},"name":"Summary","key":"summary","hasDefaultValue":false,"operations":["set"]},"issuetype":{"required":true,"schema":{"type":"issuetype","system":"issuetype"},"name":"Issue + Type","key":"issuetype","hasDefaultValue":false,"operations":[],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0}]},"parent":{"required":false,"schema":{"type":"issuelink","system":"parent"},"name":"Parent","key":"parent","hasDefaultValue":false,"operations":["set"]},"components":{"required":false,"schema":{"type":"array","items":"component","system":"components"},"name":"Components","key":"components","hasDefaultValue":false,"operations":["add","set","remove"],"allowedValues":[]},"description":{"required":false,"schema":{"type":"string","system":"description"},"name":"Description","key":"description","hasDefaultValue":false,"operations":["set"]},"project":{"required":true,"schema":{"type":"project","system":"project"},"name":"Project","key":"project","hasDefaultValue":false,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}}]},"fixVersions":{"required":false,"schema":{"type":"array","items":"version","system":"fixVersions"},"name":"Fix + versions","key":"fixVersions","hasDefaultValue":false,"operations":["set","add","remove"],"allowedValues":[]},"priority":{"required":false,"schema":{"type":"priority","system":"priority"},"name":"Priority","key":"priority","hasDefaultValue":true,"operations":["set"],"allowedValues":[{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/1","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/highest_new.svg","name":"Highest","id":"1"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/4","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/low_new.svg","name":"Low","id":"4"},{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/5","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/lowest_new.svg","name":"Lowest","id":"5"}],"defaultValue":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/3","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/medium_new.svg","name":"Medium","id":"3"}},"customfield_10014":{"required":false,"schema":{"type":"any","custom":"com.pyxis.greenhopper.jira:gh-epic-link","customId":10014},"name":"Epic + Link","key":"customfield_10014","hasDefaultValue":false,"operations":["set"]},"labels":{"required":false,"schema":{"type":"array","items":"string","system":"labels"},"name":"Labels","key":"labels","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/1.0/labels/suggest?query=","hasDefaultValue":false,"operations":["add","set","remove"]},"attachment":{"required":false,"schema":{"type":"array","items":"attachment","system":"attachment"},"name":"Attachment","key":"attachment","hasDefaultValue":false,"operations":["set","copy"]},"issuelinks":{"required":false,"schema":{"type":"array","items":"issuelinks","system":"issuelinks"},"name":"Linked + Issues","key":"issuelinks","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/issue/picker?currentProjectId=&showSubTaskParent=true&showSubTasks=true¤tIssueKey=null&query=","hasDefaultValue":false,"operations":["add","copy"]},"assignee":{"required":false,"schema":{"type":"user","system":"assignee"},"name":"Assignee","key":"assignee","autoCompleteUrl":"https://defectdojo.atlassian.net/rest/api/2/user/assignable/search?project=NTEST&query=","hasDefaultValue":false,"operations":["set"]}}}]}]}' + headers: + Atl-Request-Id: + - ff32b5a4-2422-46ac-8447-e342cc6e2062 + Atl-Traceid: + - ff32b5a4242246ac8447e342cc6e2062 + Cache-Control: + - no-cache, no-store, no-transform + Connection: + - keep-alive + Content-Encoding: + - gzip + Content-Type: + - application/json;charset=UTF-8 + Date: + - Tue, 04 Nov 2025 18:02:45 GMT + Nel: + - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": + "endpoint-1"}' + Report-To: + - '{"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": + "endpoint-1", "include_subdomains": true, "max_age": 600}' + Server: + - AtlassianEdge + Server-Timing: + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=420,atl-edge;dur=330,atl-edge-internal;dur=16,atl-edge-upstream;dur=315,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="74gmyUqMquXx1vgaHYr1TdpQ-I-b8beTkc_fRt92BNZoTz4GtA5mlw==",cdn-downstream-fbl;dur=424 + Strict-Transport-Security: + - max-age=63072000; includeSubDomains; preload + Timing-Allow-Origin: + - '*' + Transfer-Encoding: + - chunked + Vary: + - Accept-Encoding + Via: + - 1.1 81677ea21ca4917e071a8c310dd9130c.cloudfront.net (CloudFront) + Warning: + - 'The issue create meta endpoint has been deprecated. (Deprecation start date: + June 03, 2024)' + X-Aaccountid: + - 5d3878b170e3c90c952f91f6 + X-Amz-Cf-Id: + - 74gmyUqMquXx1vgaHYr1TdpQ-I-b8beTkc_fRt92BNZoTz4GtA5mlw== + X-Amz-Cf-Pop: + - DEN53-P3 + X-Arequestid: + - 1da609fd3ace7576038c6d755d42a2ef + X-Beta-Ratelimit-Limit: + - '350' + X-Beta-Ratelimit-Remaining: + - '349' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8451,30 +9240,31 @@ interactions: body: '{"fields": {"project": {"key": "NTEST"}, "issuetype": {"name": "Task"}, "summary": "Findings in: pg:5.1.0", "description": "\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. Group\n*Group*: - [Findings in: pg:5.1.0|http://localhost:8080/finding_group/2] in [Security How-to|http://localhost:8080/product/2] - / [1st Quarter Engagement|http://localhost:8080/engagement/1] / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. - Summary\n*Severity:* High *Due Date:* Aug. 24, 2025 \n\nFindings matching the - Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component - || Version || Title || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote + [Findings in: pg:5.1.0|http://localhost:8080/finding_group/38] in [Security + How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and + Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title + || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]|Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]|Active, Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]|Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/238]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|pg|0.5.3|[Jira - Api Test 3|http://localhost:8080/finding/253]|Active, Verified|\n\nFindings + Api Test 3|http://localhost:8080/finding/241]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]\n*Defect - Dojo link:* http://localhost:8080/finding/248 (248)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect + Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when @@ -8504,8 +9294,8 @@ interactions: (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < 7.0.2 >= - 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]\n*Defect Dojo link:* http://localhost:8080/finding/250 - (250)\n*Severity:* Medium\n *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + 7.1.0 < 7.1.2)|http://localhost:8080/finding/238]\n*Defect Dojo link:* http://localhost:8080/finding/238 + (238)\n*Severity:* Medium\n *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs when @@ -8531,9 +9321,9 @@ interactions: 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/253]\n*Defect - Dojo link:* http://localhost:8080/finding/253 (253)\n*Severity:* Medium\n *Due - Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/241]\n*Defect + Dojo link:* http://localhost:8080/finding/241 (241)\n*Severity:* Medium\n *Due + Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8553,21 +9343,21 @@ interactions: Connection: - keep-alive Content-Length: - - '8237' + - '8234' Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: POST uri: https://defectdojo.atlassian.net/rest/api/2/issue response: body: - string: '{"id":"21270","key":"NTEST-3091","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21270"}' + string: '{"id":"23617","key":"NTEST-3176","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23617"}' headers: Atl-Request-Id: - - 4deb6aba-750f-411c-b4c8-ab3a57b7f7ab + - f0decc8b-9d30-43ca-8962-15389f495261 Atl-Traceid: - - 4deb6aba750f411cb4c8ab3a57b7f7ab + - f0decc8b9d3043ca896215389f495261 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8575,7 +9365,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:54 GMT + - Tue, 04 Nov 2025 18:02:46 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8585,7 +9375,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=899,atl-edge;dur=897,atl-edge-internal;dur=15,atl-edge-upstream;dur=882,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P2",cdn-rid;desc="inYiqz7IWVRDefMFh9jiWnxh0KKvGDlWknPxOmQ21KoFtifLpXvNrA==",cdn-downstream-fbl;dur=903 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=818,atl-edge;dur=794,atl-edge-internal;dur=16,atl-edge-upstream;dur=777,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P1",cdn-rid;desc="bPrIcS5nR418--vXoG2RPlt8NsKTXTznFVHgCGJ6L5-zUjo7mCxgpw==",cdn-downstream-fbl;dur=823 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8595,15 +9385,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 5e473a5e64c6a2f7bc916721cc188252.cloudfront.net (CloudFront) + - 1.1 bd570b43eaed44365882fda303fb189c.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - inYiqz7IWVRDefMFh9jiWnxh0KKvGDlWknPxOmQ21KoFtifLpXvNrA== + - bPrIcS5nR418--vXoG2RPlt8NsKTXTznFVHgCGJ6L5-zUjo7mCxgpw== X-Amz-Cf-Pop: - - SYD62-P2 + - DEN53-P1 X-Arequestid: - - 0e7268f8ea6f5c09cf9357e84e5ab505 + - 295b36c1b9b4044f25dda9a9ae8b4a0e + X-Beta-Ratelimit-Limit: + - '200' + X-Beta-Ratelimit-Remaining: + - '199' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8627,43 +9421,43 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3091 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3176 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21270","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21270","key":"NTEST-3091","fields":{"statuscategorychangedate":"2025-07-25T21:04:54.773+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23617","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23617","key":"NTEST-3176","fields":{"statuscategorychangedate":"2025-11-04T19:02:46.464+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3091/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3091/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:04:54.523+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i0129j:","updated":"2025-07-25T21:04:54.626+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3176/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3176/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:46.206+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013t3:","updated":"2025-11-04T19:02:46.305+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/2] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/38] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]|Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]|Active, Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]|Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/238]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|pg|0.5.3|[Jira - Api Test 3|http://localhost:8080/finding/253]|Active, Verified|\n\nFindings + Api Test 3|http://localhost:8080/finding/241]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]\n*Defect - Dojo link:* http://localhost:8080/finding/248 (248)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect + Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs @@ -8693,9 +9487,9 @@ interactions: - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < - 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]\n*Defect - Dojo link:* http://localhost:8080/finding/250 (250)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/238]\n*Defect + Dojo link:* http://localhost:8080/finding/238 (238)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs @@ -8721,9 +9515,9 @@ interactions: to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/253]\n*Defect - Dojo link:* http://localhost:8080/finding/253 (253)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/241]\n*Defect + Dojo link:* http://localhost:8080/finding/241 (241)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8733,12 +9527,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: pg:5.1.0","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21270/comment","maxResults":0,"total":0,"startAt":0}}}' + in: pg:5.1.0","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23617/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - fd2b32a2-9948-41cd-88bf-6cbd1df98189 + - ae16c5fa-4eb5-45c7-9768-a228c2608bc2 Atl-Traceid: - - fd2b32a2994841cd88bf6cbd1df98189 + - ae16c5fa4eb545c79768a228c2608bc2 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8748,7 +9542,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:56 GMT + - Tue, 04 Nov 2025 18:02:47 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8758,7 +9552,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=408,atl-edge;dur=406,atl-edge-internal;dur=14,atl-edge-upstream;dur=392,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD62-P3",cdn-rid;desc="4XEfX4dJ5YBwAI6f_SnCh62tKrKvq7y21EwpkduMm4pqSHftmVvGiA==",cdn-downstream-fbl;dur=412 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=289,atl-edge;dur=265,atl-edge-internal;dur=35,atl-edge-upstream;dur=226,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN52-P1",cdn-rid;desc="9_rx9QRyZITZN524ptMviKyTCUzgQbP0Qurx0P9_PJG6MqQp5OUIew==",cdn-downstream-fbl;dur=293 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8768,15 +9562,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 0462a83c1b4a9fa5a2554db6feb3a19c.cloudfront.net (CloudFront) + - 1.1 4c98f000f0c28d2e527e3c684f54be1e.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - 4XEfX4dJ5YBwAI6f_SnCh62tKrKvq7y21EwpkduMm4pqSHftmVvGiA== + - 9_rx9QRyZITZN524ptMviKyTCUzgQbP0Qurx0P9_PJG6MqQp5OUIew== X-Amz-Cf-Pop: - - SYD62-P3 + - DEN52-P1 X-Arequestid: - - 3a9d3e56327d95940564f0fcc0b23d6b + - 36f82e86b37e2bb4c9eb2e77bb770132 + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '399' X-Cache: - Miss from cloudfront X-Content-Type-Options: @@ -8800,43 +9598,43 @@ interactions: Content-Type: - application/json User-Agent: - - python-requests/2.32.4 + - python-requests/2.32.5 method: GET - uri: https://defectdojo.atlassian.net/rest/api/2/issue/21270 + uri: https://defectdojo.atlassian.net/rest/api/2/issue/23617 response: body: - string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"21270","self":"https://defectdojo.atlassian.net/rest/api/2/issue/21270","key":"NTEST-3091","fields":{"statuscategorychangedate":"2025-07-25T21:04:54.773+0200","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To + string: '{"expand":"renderedFields,names,schema,operations,editmeta,changelog,versionedRepresentations,customfield_10010.requestTypePractice","id":"23617","self":"https://defectdojo.atlassian.net/rest/api/2/issue/23617","key":"NTEST-3176","fields":{"statuscategorychangedate":"2025-11-04T19:02:46.464+0100","fixVersions":[],"statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To Do"},"resolution":null,"lastViewed":null,"customfield_10060":null,"customfield_10061":null,"customfield_10062":null,"customfield_10063":null,"customfield_10064":null,"customfield_10065":null,"customfield_10066":null,"priority":{"self":"https://defectdojo.atlassian.net/rest/api/2/priority/2","iconUrl":"https://defectdojo.atlassian.net/images/icons/priorities/high_new.svg","name":"High","id":"2"},"labels":[],"timeestimate":null,"aggregatetimeoriginalestimate":null,"versions":[],"issuelinks":[],"assignee":null,"status":{"self":"https://defectdojo.atlassian.net/rest/api/2/status/10000","description":"","iconUrl":"https://defectdojo.atlassian.net/","name":"Backlog","id":"10000","statusCategory":{"self":"https://defectdojo.atlassian.net/rest/api/2/statuscategory/2","id":2,"key":"new","colorName":"blue-gray","name":"To - Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5","accountId":"712020:292a8b4c-ebd5-44be-bb94-d07c56a14dc5","emailAddress":"valentijn@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","24x24":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","16x16":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png","32x32":"https://secure.gravatar.com/avatar/d05de848fe8cc7816c52a5e34e327bad?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FVS-3.png"},"displayName":"Valentijn - Scholten","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3091/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A - small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3091/watchers","watchCount":1,"isWatching":true},"created":"2025-07-25T21:04:54.523+0200","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i0129j:","updated":"2025-07-25T21:04:54.626+0200","timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA + Do"}},"components":[],"customfield_10050":null,"customfield_10051":null,"customfield_10053":null,"customfield_10055":null,"customfield_10056":null,"customfield_10057":null,"customfield_10058":null,"customfield_10059":null,"customfield_10049":null,"aggregatetimeestimate":null,"creator":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"subtasks":[],"customfield_10040":null,"customfield_10041":null,"customfield_10042":null,"reporter":{"self":"https://defectdojo.atlassian.net/rest/api/2/user?accountId=5d3878b170e3c90c952f91f6","accountId":"5d3878b170e3c90c952f91f6","emailAddress":"cody@defectdojo.com","avatarUrls":{"48x48":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","24x24":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","16x16":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png","32x32":"https://secure.gravatar.com/avatar/4e018ad14467c87539bcb7052ffaef8c?d=https%3A%2F%2Favatar-management--avatars.us-west-2.prod.public.atl-paas.net%2Finitials%2FCM-0.png"},"displayName":"Cody + Maffucci","active":true,"timeZone":"Europe/Zurich","accountType":"atlassian"},"customfield_10043":null,"aggregateprogress":{"progress":0,"total":0},"customfield_10044":null,"customfield_10045":null,"customfield_10046":null,"customfield_10047":null,"customfield_10048":null,"customfield_10038":null,"customfield_10039":null,"progress":{"progress":0,"total":0},"votes":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3176/votes","votes":0,"hasVoted":false},"worklog":{"startAt":0,"maxResults":20,"total":0,"worklogs":[]},"issuetype":{"self":"https://defectdojo.atlassian.net/rest/api/2/issuetype/10002","id":"10002","description":"A + small, distinct piece of work.","iconUrl":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium","name":"Task","subtask":false,"avatarId":10318,"hierarchyLevel":0},"timespent":null,"customfield_10030":null,"project":{"self":"https://defectdojo.atlassian.net/rest/api/2/project/10000","id":"10000","key":"NTEST","name":"Unittests","projectTypeKey":"software","simplified":false,"avatarUrls":{"48x48":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407","24x24":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=small","16x16":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=xsmall","32x32":"https://defectdojo.atlassian.net/rest/api/2/universal_avatar/view/type/project/avatar/10407?size=medium"}},"customfield_10031":null,"customfield_10032":null,"customfield_10033":null,"aggregatetimespent":null,"customfield_10035":null,"customfield_10036":null,"customfield_10037":null,"customfield_10027":null,"customfield_10028":null,"customfield_10029":null,"resolutiondate":null,"workratio":-1,"watches":{"self":"https://defectdojo.atlassian.net/rest/api/2/issue/NTEST-3176/watchers","watchCount":1,"isWatching":true},"created":"2025-11-04T19:02:46.206+0100","customfield_10020":null,"customfield_10021":null,"customfield_10022":null,"customfield_10023":null,"customfield_10016":null,"customfield_10017":null,"customfield_10019":"0|i013t3:","updated":"2025-11-04T19:02:46.305+0100","customfield_10090":null,"timeoriginalestimate":null,"description":"\n\n\n\n\n\n\n\nA group of Findings has been pushed to JIRA to be investigated and fixed:\n\nh2. - Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/2] + Group\n*Group*: [Findings in: pg:5.1.0|http://localhost:8080/finding_group/38] in [Security How-to|http://localhost:8080/product/2] / [1st Quarter Engagement|http://localhost:8080/engagement/1] - / [NPM Audit Scan|http://localhost:8080/test/95]\n\nh2. Summary\n*Severity:* - High *Due Date:* Aug. 24, 2025 \n\nFindings matching the Active, Verified + / [NPM Audit Scan|http://localhost:8080/test/92]\n\nh2. Summary\n*Severity:* + High *Due Date:* Dec. 4, 2025 \n\nFindings matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n|High|[CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]|Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]|Active, Verified|\n|Medium|[CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]|[94|https://cwe.mitre.org/data/definitions/94.html]|pg|5.1.0|[2222Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 - < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]|Active, + < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/238]|Active, Verified|\n|Medium|[CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]|[400|https://cwe.mitre.org/data/definitions/400.html]|pg|0.5.3|[Jira - Api Test 3|http://localhost:8080/finding/253]|Active, Verified|\n\nFindings + Api Test 3|http://localhost:8080/finding/241]|Active, Verified|\n\nFindings *not* matching the Active, Verified and Severity criteria:\n|| Severity || CVE || CWE || Component || Version || Title || Status ||\n\n\n\n\n\n\n\n\n\n\nh1. Findings\n\nh3. [Remote Code Execution - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 - < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/248]\n*Defect - Dojo link:* http://localhost:8080/finding/248 (248)\n*Severity:* High\n *Due - Date:* Aug. 24, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + < 6.4.2 >= 7.0.0 < 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/236]\n*Defect + Dojo link:* http://localhost:8080/finding/236 (236)\n*Severity:* High\n *Due + Date:* Dec. 4, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2017-16082|https://nvd.nist.gov/vuln/detail/CVE-2017-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/521\nAffected versions of `pg` contain a remote code execution vulnerability that occurs @@ -8866,9 +9664,9 @@ interactions: - (Pg, < 2.11.2 >= 3.0.0 < 3.6.4 >= 4.0.0 < 4.5.7 >= 5.0.0 < 5.2.1 >= 6.0.0 < 6.0.5 >= 6.1.0 < 6.1.6 >= 6.2.0 < 6.2.5 >= 6.3.0 < 6.3.3 >= 6.4.0 < 6.4.2 >= 7.0.0 < - 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/250]\n*Defect - Dojo link:* http://localhost:8080/finding/250 (250)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] + 7.0.2 >= 7.1.0 < 7.1.2)|http://localhost:8080/finding/238]\n*Defect + Dojo link:* http://localhost:8080/finding/238 (238)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-94|https://cwe.mitre.org/data/definitions/94.html] \n*CVE:* [CVE-2019-16082|https://nvd.nist.gov/vuln/detail/CVE-2019-16082]\n\n\n\n\n\n\n*Source File*: pg-promise>pg\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/522\nAffected versions of `pg` contain a remote code execution vulnerability that occurs @@ -8894,9 +9692,9 @@ interactions: to version 6.4.2 or later. ( Note that versions 6.1.6, 6.2.5, and 6.3.3 are also patched. )\n* Version 7.x.x: Update to version 7.1.2 or later. ( Note that version 7.0.2 is also patched. )\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/522\n\n\n\n\n\n*Reporter:* - [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/253]\n*Defect - Dojo link:* http://localhost:8080/finding/253 (253)\n*Severity:* Medium\n - *Due Date:* Oct. 23, 2025 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] + [(admin) ()|mailto:]\n\n\n\nh1. Findings\n\nh3. [Jira Api Test 3|http://localhost:8080/finding/241]\n*Defect + Dojo link:* http://localhost:8080/finding/241 (241)\n*Severity:* Medium\n + *Due Date:* Feb. 2, 2026 \n *CWE:* [CWE-400|https://cwe.mitre.org/data/definitions/400.html] \n*CVE:* [CVE-2016-10539|https://nvd.nist.gov/vuln/detail/CVE-2016-10539]\n\n\n\n\n\n\n*Source File*: express>accepts>negotiator\n\n\n\n\n*Description*:\nhttps://nodesecurity.io/advisories/106\nAffected versions of `negotiator` are vulnerable to regular expression denial of service @@ -8906,12 +9704,12 @@ interactions: CWE: CWE-400\n Access: public\n\n\n*Mitigation*:\nUpdate to version 0.6.1 or later.\n\n\n\n*Impact*:\nNo impact provided\n\n\n\n\n\n*References*:\nhttps://nodesecurity.io/advisories/106\n\n\n\n\n\n*Reporter:* [(admin) ()|mailto:]\n","customfield_10010":null,"customfield_10014":null,"timetracking":{},"customfield_10015":null,"customfield_10005":null,"customfield_10006":null,"customfield_10007":null,"security":null,"customfield_10008":null,"attachment":[],"customfield_10009":null,"summary":"Findings - in: pg:5.1.0","customfield_10001":null,"customfield_10002":[],"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/21270/comment","maxResults":0,"total":0,"startAt":0}}}' + in: pg:5.1.0","customfield_10001":null,"customfield_10002":[],"customfield_10123":null,"customfield_10003":null,"customfield_10004":null,"environment":null,"duedate":null,"comment":{"comments":[],"self":"https://defectdojo.atlassian.net/rest/api/2/issue/23617/comment","maxResults":0,"total":0,"startAt":0}}}' headers: Atl-Request-Id: - - 1cb429ad-102a-4cbe-bdd8-bd79665f5db7 + - 4ea7d719-18a3-40c3-b698-4abff25d6fb3 Atl-Traceid: - - 1cb429ad102a4cbebdd8bd79665f5db7 + - 4ea7d71918a340c3b6984abff25d6fb3 Cache-Control: - no-cache, no-store, no-transform Connection: @@ -8921,7 +9719,7 @@ interactions: Content-Type: - application/json;charset=UTF-8 Date: - - Fri, 25 Jul 2025 19:04:57 GMT + - Tue, 04 Nov 2025 18:02:47 GMT Nel: - '{"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}' @@ -8931,7 +9729,7 @@ interactions: Server: - AtlassianEdge Server-Timing: - - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=440,atl-edge;dur=439,atl-edge-internal;dur=14,atl-edge-upstream;dur=424,atl-edge-pop;desc="aws-ap-southeast-2",cdn-cache-miss,cdn-pop;desc="SYD3-P1",cdn-rid;desc="mlCHpIoisIq-pHtHMNUGGlGlxjoX5_JVoaW_yC84De6Y7z71xz5uWw==",cdn-downstream-fbl;dur=444 + - cdn-upstream-layer;desc="EDGE",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=275,atl-edge;dur=251,atl-edge-internal;dur=20,atl-edge-upstream;dur=231,atl-edge-pop;desc="aws-us-west-2",cdn-cache-miss,cdn-pop;desc="DEN53-P3",cdn-rid;desc="1OLwfyJy1uXCc91W2rGv1pQEnhKb-7nX5SWZFbgm25TbkrgQfBXTOA==",cdn-downstream-fbl;dur=280 Strict-Transport-Security: - max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: @@ -8941,15 +9739,19 @@ interactions: Vary: - Accept-Encoding Via: - - 1.1 eeaafdd5e22d1448912c6cf3e1e5bd58.cloudfront.net (CloudFront) + - 1.1 99c24ff7a4f9141fb603a870f066e056.cloudfront.net (CloudFront) X-Aaccountid: - - 712020%3A292a8b4c-ebd5-44be-bb94-d07c56a14dc5 + - 5d3878b170e3c90c952f91f6 X-Amz-Cf-Id: - - mlCHpIoisIq-pHtHMNUGGlGlxjoX5_JVoaW_yC84De6Y7z71xz5uWw== + - 1OLwfyJy1uXCc91W2rGv1pQEnhKb-7nX5SWZFbgm25TbkrgQfBXTOA== X-Amz-Cf-Pop: - - SYD3-P1 + - DEN53-P3 X-Arequestid: - - ee7285228e40f42310c9e8eccc76538d + - dab854a944dc31573ad115bb07e6660f + X-Beta-Ratelimit-Limit: + - '400' + X-Beta-Ratelimit-Remaining: + - '398' X-Cache: - Miss from cloudfront X-Content-Type-Options: