search

DefectDojo / django-DefectDojo

DevSecOps, ASPM, Vulnerability Management. All on one platform.
https://defectdojo.com
BSD 3-Clause "New" or "Revised" License
3.49k stars 1.48k forks source link

fix(helm-celery): Drop unused variable logLevel #10468

Closed kiblik closed 13 hours ago

kiblik commented 5 days ago

In the whole helm template logLevel is used only in ConfigMap https://github.com/DefectDojo/django-DefectDojo/blob/81c123e8d92024b965ddd3c985640e2fe398007b/helm/defectdojo/templates/configmap.yaml#L24 However, mentioned logLevel is used from .Values.celery.logLevel (not from .Values.celery.worker.logLevel) so the definition of .Values.celery.worker.logLevel is obsolete.

dryrunsecurity[bot] commented 5 days ago

Hi there :wave:, @dryrunsecurity here, below is a summary of our analysis and findings.

DryRun Security Status Findings
Server-Side Request Forgery Analyzer :white_check_mark: 0 findings
Configured Codepaths Analyzer :white_check_mark: 0 findings
IDOR Analyzer :white_check_mark: 0 findings
Sensitive Files Analyzer :white_check_mark: 0 findings
SQL Injection Analyzer :white_check_mark: 0 findings
Authn/Authz Analyzer :white_check_mark: 0 findings
Secrets Analyzer :white_check_mark: 0 findings

[!Note] :green_circle: Risk threshold not exceeded.

Change Summary (click to expand) The following is a summary of changes in this pull request made by me, your security buddy :robot:. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective. **Summary:** The code change in this pull request is related to the Helm chart for the DefectDojo application, specifically the `values.yaml` file. The changes are focused on the `celery` section of the configuration, where the `logLevel` configuration for the Celery worker has been removed. From an application security perspective, this change does not appear to have any significant security implications, as the log level configuration is more related to operational and debugging concerns rather than security. However, it's important to ensure that the Celery worker, which is a critical component of the DefectDojo application, is configured correctly and securely to maintain the overall security of the application. This includes ensuring that the Celery worker is running with the least privileges necessary, verifying that it is not exposed to the internet, and reviewing the configuration for any potential vulnerabilities or misconfigurations. **Files Changed:** - `helm/defectdojo/values.yaml`: The changes in this file are focused on the `celery` section of the configuration, where the `logLevel` configuration for the Celery worker has been removed. This change does not appear to have any significant security implications, but it's important to ensure that the Celery worker is configured correctly and securely to maintain the overall security of the DefectDojo application.

Powered by DryRun Security