Skip to content

Added optional mitigation attribute to findings#1639

Merged
Ilyesbdlala merged 12 commits into
mainfrom
feature/mitigation-attribute
Mar 21, 2023
Merged

Added optional mitigation attribute to findings#1639
Ilyesbdlala merged 12 commits into
mainfrom
feature/mitigation-attribute

Conversation

@Ilyesbdlala

@Ilyesbdlala Ilyesbdlala commented Mar 13, 2023
edited
Loading

Copy link
Copy Markdown
Member

Description

Relates to #519
The attribute mitigation is added to scanners who include explicit solution in their results or where the solution is almost always the same (i.e ncrack -> use a more secure password)
Scanners that are usually informational (such as NMAP) are excluded.

Scanners affected:

  • ncrack
  • ssh-scan
  • trivy
  • typo3scan
  • Zap/Zap-Advanced
  • sslyze

Checklist

  • Test your changes as thoroughly as possible before you commit them. Preferably, automate your test by unit/integration tests.
  • Make sure that all your commits are signed-off and that you are added to the Contributors file.
  • Make sure that all CI finish successfully.
  • Optional (but appreciated): Make sure that all commits are Verified.

@Ilyesbdlala Ilyesbdlala added breaking Changes requiring a major release findings labels Mar 13, 2023
@Ilyesbdlala Ilyesbdlala added this to the v4.0.0 milestone Mar 13, 2023
@Ilyesbdlala Ilyesbdlala self-assigned this Mar 13, 2023
@secureCodeBoxBot

secureCodeBoxBot commented Mar 13, 2023

Copy link
Copy Markdown
Contributor

This pull request includes breaking changes. Please make sure that you included the breaking changes and the steps required to upgrade in UPGRADING.md.
✨ Thank you for your contribution! ✨

@github-actions

github-actions Bot commented Mar 13, 2023
edited
Loading

Copy link
Copy Markdown

MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
⚠️ JAVASCRIPT eslint 9 1 0.57s
✅ JSON eslint-plugin-jsonc 1 0 1.04s
⚠️ SPELL misspell 10 1 0.06s

See errors details in artifact MegaLinter reports on CI Job page
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

@Ilyesbdlala Ilyesbdlala mentioned this pull request Mar 15, 2023
Closed
9 tasks
@Ilyesbdlala Ilyesbdlala force-pushed the feature/mitigation-attribute branch from 2c07f0e to 855c47e Compare March 15, 2023 10:18
J12934
J12934 requested changes Mar 17, 2023
View reviewed changes

@J12934 J12934 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good, some really minor notes then it should be ready to go 🚀

Comment thread UPGRADING.md Outdated
Comment thread scanners/ssh-scan/parser/parser.js Outdated
J12934
J12934 previously approved these changes Mar 20, 2023
View reviewed changes
Ilyesbdlala and others added 12 commits March 21, 2023 13:52
@Ilyesbdlala
#519 Added mitigation attribute to findings-schema
36a8d57 
Signed-off-by: Ilyes Ben Dlala <[email protected]>
@Ilyesbdlala
#519 Added mitigation attribute to Trivy findings
5935cd1 
Signed-off-by: Ilyes Ben Dlala <[email protected]>
@Ilyesbdlala
#519 Added mitigation attribute to ncrack findings
7c8fbc5 
Signed-off-by: Ilyes Ben Dlala <[email protected]>
@Ilyesbdlala
#519 Added mitigation attribute to ssh-scan findings by renaming `hi…
94fefd7 
…nt` to `mitigation`

Signed-off-by: Ilyes Ben Dlala <[email protected]>
@Ilyesbdlala
#519 Added mitigation attribute to sslyze findings by renaming `hint…
9fc8f82 
…` to `mitigation`

Signed-off-by: Ilyes Ben Dlala <[email protected]>
@Ilyesbdlala
#519 Added mitigation attribute to zap/zap-advanced findings by re-u…
ab245b9 
…sing the zap_solution attribute

Signed-off-by: Ilyes Ben Dlala <[email protected]>
@Ilyesbdlala
#519 Added mitigation attribute to typo3scan findings
1f75dd6 
Linked to Advisory URL

Signed-off-by: Ilyes Ben Dlala <[email protected]>
@Ilyesbdlala
#519 Included the breaking change of hint attribute to `mitigation…
e2d4482 
…` in the v4 section of UPGRADING.MD

Signed-off-by: Ilyes Ben Dlala <[email protected]>
@Ilyesbdlala
#519 Small fix to the snapshot of ssh-scan
7446b7f 
Signed-off-by: Ilyes Ben Dlala <[email protected]>
@Ilyesbdlala
Fix attribute mitigation to be null when not available
ea27df7 
Co-authored-by: Jannik Hollenbach <[email protected]>

Signed-off-by: Ilyes Ben Dlala <[email protected]>
@Ilyesbdlala @J12934
Fix typo UPGRADING.md
c179b2e 
Co-authored-by: Jannik Hollenbach <[email protected]>
Signed-off-by: Ilyes Ben Dlala <[email protected]>
@Ilyesbdlala
Updated ssh-scan snapshot to fit change
1b03bca 
mitigation "" to null when empty

Signed-off-by: Ilyes Ben Dlala <[email protected]>
@Ilyesbdlala Ilyesbdlala force-pushed the feature/mitigation-attribute branch from a96a5dd to 1b03bca Compare March 21, 2023 12:52
@Ilyesbdlala Ilyesbdlala requested a review from J12934 March 21, 2023 13:35
@Ilyesbdlala Ilyesbdlala merged commit 2b43477 into main Mar 21, 2023
@Ilyesbdlala Ilyesbdlala deleted the feature/mitigation-attribute branch March 21, 2023 14:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@J12934 J12934 J12934 approved these changes

Assignees

@Ilyesbdlala Ilyesbdlala

Labels

breaking Changes requiring a major release findings

Projects

secureCodeBox
Archived in project

Milestone

v4.0.0

Development

Successfully merging this pull request may close these issues.

3 participants

@Ilyesbdlala @secureCodeBoxBot @J12934