Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🪲 Parse empty machines in Defender #11844

Open
wants to merge 2 commits into
base: bugfix
Choose a base branch
from
Open

🪲 Parse empty machines in Defender #11844

wants to merge 2 commits into from

Conversation

manuel-sommer
Copy link
Contributor

@manuel-sommer manuel-sommer commented Feb 18, 2025
edited
Loading

You might not want to parse the machineinfo always due to fast changing environments, e.g. clients get new IP addresses every day. This puts a lot of uneccessary load onto DefectDojo.

@dryrunsecurity DryRunSecurity
Copy link

dryrunsecurity bot commented Feb 18, 2025
edited
Loading

DryRun Security Summary

The PR modifies Microsoft Defender parser to handle empty machine directories, updates documentation with spelling corrections, and adds unit tests, though it removes some input validation checks.

Expand for full summary

The PR updates Microsoft Defender parser documentation and code, modifying parsing logic and adding a corresponding unit test to handle empty machine directories.

Security Findings:

  1. Input Validation Reduction in dojo/tools/ms_defender/parser.py: Removing the check for "machines/" directory could potentially allow processing of zip files with incomplete or unexpected structures, slightly increasing risk of processing partial or unexpected data.

  2. Spelling Error in documentation: Typo of "skipt" instead of "skipped" in docs/content/en/connecting_your_tools/parsers/file/ms_defender.md, which could cause user confusion.

Code Analysis

We ran 9 analyzers against 3 files and 0 analyzers had findings. 9 analyzers had no findings.

View PR in the DryRun Dashboard.

@manuel-sommer manuel-sommer changed the title 🪲 Parse empty machines in zip 🪲 Parse empty machines in Defender Feb 18, 2025
@manuel-sommer
Copy link
Contributor Author

Could we get this also on the road for the next release @mtesauro ?

Maffooch
Maffooch approved these changes Feb 21, 2025
View reviewed changes
Copy link
Contributor

@Maffooch Maffooch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is a good move to keep asset management data out of the vulnerability management platforms to keep the mitigation process a little more streamlined. Great work!

@github-actions github-actions bot added the docs label Feb 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Maffooch Maffooch Maffooch approved these changes

At least 4 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
docs parser unittests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@manuel-sommer @Maffooch