Check statusCategory instead of the resolution field for Jira issue status#14611
Open
derda17 wants to merge 3 commits intoDefectDojo:devfrom
Open
Check statusCategory instead of the resolution field for Jira issue status#14611derda17 wants to merge 3 commits intoDefectDojo:devfrom
derda17 wants to merge 3 commits intoDefectDojo:devfrom
Conversation
* status category is mainly used to decide if a jira issue is active or not * if the category is undefined or an unknown status, fall back to resolution checking * the resolution object was compared to a string "None", this always returned False * provide unit tests for new functionality
296576d to
4a2fa85
Compare
Author
|
Some Unit tests failed. I've returned the PR to draft state and will look into the failing tests. |
- Remove test_issue_from_jira_is_active_with_unknown_status_and_none_resolution - Remove test_issue_from_jira_is_active_without_status_category_with_none_string_resolution These tests checked for resolution field as string 'None', which violates JIRA API spec. According to JIRA API, resolution is either an object with properties (id, name, etc) or null, never a string value. Remaining 12 tests verify correct behavior per the API spec.
|
This pull request contains edits to a sensitive file (dojo/jira_link/helper.py) flagged twice by the configured-codepaths analyzer as potential sensitive changes; reviewers should verify these modifications against the project's
🔴 Configured Codepaths Edit in
|
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
🔴 Configured Codepaths Edit in dojo/jira_link/helper.py (drs_8795d2db)
| Vulnerability | Configured Codepaths Edit |
|---|---|
| Description | Sensitive edits detected for this file. Sensitive file paths and allowed authors can be configured in .dryrunsecurity.yaml. |
We've notified @mtesauro.
Comment to provide feedback on these findings.
Report false positive: @dryrunsecurity fp [FINDING ID] [FEEDBACK]
Report low-impact: @dryrunsecurity nit [FINDING ID] [FEEDBACK]
Example: @dryrunsecurity fp drs_90eda195 This code is not user-facing
All finding details can be found in the DryRun Security Dashboard.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
PR for #14347
The status category is mainly used to decide if a jira issue is active or not. If the status is undefined (this may happen for old Jira projects that have not migrated properly to status categories), the resolution is still being checked. So I kept the most of the original logic for backwards compatibility.
In the resolution check there were some attribute checks missing and the resolution object was compared to a string "None", this always returned False. I adapted this.
Test results
Added a JIRAHelperTest test suite, that test various combinations of status categories and resolutions.
Documentation
I could not find a documentation that needs adjustments. Let me know if there is one.
Checklist
This checklist is for your information.
dev.dev.bugfixbranch.